Jump to content

innerview

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. innerview
    Hello and thank you. my issue started after I ran Malwarebytes and quarantined the recommended items. Since doing that I cannot open my computer using my usual sign in (administartor) account. The computer boots but there is only a grey screen with the mouse arrow. Nothing else appears. I attempted to restore the quarantined items but I get a message saying "cannot restore items set for deletion". I've rebooted several times and even tried to restore the system to an earlier restore point and that has failed as well. can anyone help me, please!!!??? original post here... https://forums.malwarebytes.org/index.php?/topic/171283-unable-to-restore-items-in-history/ thanks, Mark FABAR RECOVERY SCAN Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01 Ran by Mark 2 (ATTENTION: The logged in user is not administrator) on MARK-PC (03-08-2015 18:19:02) Running from C:\Users\Mark 2\Downloads Loaded Profiles: Mark & Mark 2 (Available Profiles: Mark & Mark 2) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> winlogon.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> svchost.exe Failed to access process -> nvvsvc.exe Failed to access process -> svchost.exe Failed to access process -> MsMpEng.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> stacsv64.exe Failed to access process -> svchost.exe Failed to access process -> nvxdsync.exe Failed to access process -> nvvsvc.exe Failed to access process -> svchost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> armsvc.exe Failed to access process -> AESTSr64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Failed to access process -> nvstreamsvc.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Failed to access process -> ReflectService.exe Failed to access process -> RichVideo64.exe Failed to access process -> rpcnet.exe Failed to access process -> svchost.exe Failed to access process -> WDDriveService.exe Failed to access process -> WDBackupEngine.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Failed to access process -> nvstreamsvc.exe Failed to access process -> alg.exe Failed to access process -> conhost.exe Failed to access process -> nvstreamsvc.exe Failed to access process -> NisSrv.exe Failed to access process -> conhost.exe Failed to access process -> UI0Detect.exe Failed to access process -> SearchIndexer.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe Failed to access process -> MpCmdRun.exe Failed to access process -> MpCmdRun.exe Failed to access process -> conhost.exe Failed to access process -> wmpnetwk.exe (BitTorrent Inc.) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe Failed to access process -> SearchProtocolHost.exe (VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Failed to access process -> svchost.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> taskeng.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [524800 1999-12-31] (IDT, Inc.) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2015-03-17] (Microsoft Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation) HKU\S-1-5-21-42931640-1002724403-1968875480-1004\...\Run: [uTorrent] => C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe [1996896 2015-08-03] (BitTorrent Inc.) Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk [2015-06-02] ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) URLSearchHook: [s-1-5-21-42931640-1002724403-1968875480-1001] ATTENTION ==> Default URLSearchHook is missing BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation) BHO-x32: No Name -> {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} -> No File BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 12.127.16.67 12.127.17.71 Tcpip\..\Interfaces\{4983B62F-0691-49DE-98DF-495F3C782D8A}: [DhcpNameServer] 12.127.16.67 12.127.17.71 FireFox: ======== FF ProfilePath: C:\Users\Mark 2\AppData\Roaming\Mozilla\Firefox\Profiles\hkwwwff3.default FF DefaultSearchEngine.US: Google FF Homepage: https://www.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] () FF Plugin-x32: @bankid.com/BankID Security Application,version=5.0.2.10 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2013-11-14] (Finansiell ID-Teknik BID AB) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems) FF Extension: Gmail™ Notifier Plus - C:\Users\Mark 2\AppData\Roaming\Mozilla\Firefox\Profiles\hkwwwff3.default\Extensions\jid1-sqmEAwSoa3FZPc@jetpack.xpi [2015-06-03] FF Extension: Adblock Plus - C:\Users\Mark 2\AppData\Roaming\Mozilla\Firefox\Profiles\hkwwwff3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-03] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-23] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-12-21] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-09-01] (Glarysoft Ltd) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-06-09] (Glarysoft Ltd) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-03] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-03 18:19 - 2015-08-03 18:19 - 00015191 _____ C:\Users\Mark 2\Downloads\FRST.txt 2015-08-03 18:18 - 2015-08-03 18:19 - 00000000 ____D C:\FRST 2015-08-03 18:15 - 2015-08-03 18:16 - 02169856 _____ (Farbar) C:\Users\Mark 2\Downloads\FRST64.exe 2015-08-03 16:53 - 2015-08-03 16:53 - 00000000 ____D C:\Users\Mark 2\AppData\Roaming\NCH Software 2015-08-03 16:23 - 2015-08-03 16:23 - 00002690 _____ C:\Users\Mark 2\Desktop\µTorrent.lnk 2015-08-03 16:23 - 2015-08-03 16:23 - 00002690 _____ C:\Users\Mark 2\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-08-03 16:21 - 2015-08-03 16:22 - 01996896 _____ (BitTorrent Inc.) C:\Users\Mark 2\Downloads\uTorrent.exe 2015-08-03 12:16 - 2015-08-03 12:16 - 00000816 _____ C:\Windows\PFRO.log 2015-08-02 19:49 - 2015-08-03 15:44 - 00000000 ____D C:\Users\Mark 2\AppData\Roaming\vlc 2015-08-02 18:44 - 2015-08-02 18:49 - 00000000 ____D C:\AdwCleaner 2015-07-30 04:47 - 2015-08-03 13:03 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-30 04:47 - 2015-07-30 04:47 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-30 04:47 - 2015-07-30 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-30 04:46 - 2015-08-03 17:58 - 00046886 _____ C:\Windows\WindowsUpdate.log 2015-07-30 04:46 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-30 04:46 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-07-30 04:46 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-07-30 04:36 - 2015-07-30 04:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.1.8.1057.exe 2015-07-30 04:16 - 2015-08-03 15:52 - 00001344 _____ C:\Windows\setupact.log 2015-07-30 04:16 - 2015-07-30 04:16 - 00000000 _____ C:\Windows\setuperr.log 2015-07-29 22:02 - 2015-07-29 22:02 - 00000348 _____ C:\Windows\Tasks\GlaryInitialize 5.job 2015-07-29 21:57 - 2015-07-29 21:59 - 15236032 _____ C:\Users\Mark\Downloads\Glary_Utilities_v5.30.0.50.exe 2015-07-29 21:07 - 2015-07-29 21:23 - 00000000 _____ C:\Windows\SysWOW64\MyDefrag.dat 2015-07-29 20:40 - 2015-07-29 21:22 - 00000592 _____ C:\Windows\SysWOW64\MyDefrag.debuglog 2015-07-29 20:24 - 2015-08-02 20:09 - 00000292 _____ C:\Windows\Tasks\SlimCleaner Run.job 2015-07-27 17:03 - 2015-07-27 17:03 - 00000000 ____D C:\ProgramData\Soda PDF 7 2015-07-27 16:58 - 2015-07-27 16:58 - 00000000 ____D C:\ProgramData\regid.2008-09.org.wixtoolset 2015-07-27 16:37 - 2015-07-29 19:23 - 00000000 ____D C:\ProgramData\Package Cache 2015-07-27 15:03 - 2015-07-27 15:03 - 00000000 ____D C:\Program Files (x86)\MSECache ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-03 18:18 - 2015-06-03 10:37 - 00000000 ____D C:\Users\Mark 2\AppData\Roaming\uTorrent 2015-08-03 18:01 - 2014-05-14 02:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-03 17:58 - 2014-10-12 01:26 - 00017408 _____ C:\Windows\system32\rpcnetp.exe 2015-08-03 16:53 - 2013-05-09 05:42 - 00000000 ____D C:\ProgramData\NCH Software 2015-08-03 16:51 - 2012-12-21 12:44 - 00000000 ____D C:\Users\Mark 2015-08-03 16:24 - 2012-12-21 13:04 - 00000000 ____D C:\Users\Mark\AppData\Roaming\uTorrent 2015-08-03 16:20 - 2015-06-03 10:41 - 00000950 _____ C:\Users\Public\Desktop\µTorrent.lnk 2015-08-03 16:20 - 2012-12-26 13:12 - 00000956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-08-03 16:17 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-03 16:17 - 2009-07-14 00:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-03 16:09 - 2015-06-02 16:52 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2015-08-03 16:08 - 2015-05-28 17:36 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-08-03 15:52 - 2014-10-12 15:45 - 00078032 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2015-08-03 15:52 - 2014-10-12 01:27 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.dll 2015-08-03 15:51 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-03 15:45 - 2014-10-12 01:26 - 00017408 _____ C:\Windows\SysWOW64\rpcnetp.exe 2015-08-03 15:44 - 2015-06-03 09:51 - 00000000 ____D C:\Users\Mark 2\AppData\Local\NVIDIA 2015-08-03 15:44 - 2015-06-03 09:48 - 00000000 ____D C:\Users\Mark 2 2015-08-03 15:44 - 2015-02-05 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy Eraser 2015-08-03 15:44 - 2015-02-05 09:35 - 00000000 ____D C:\Program Files\Cybertron 2015-08-03 15:44 - 2015-01-02 10:23 - 00000000 ____D C:\Users\Mark\AppData\Local\NVIDIA 2015-08-03 15:44 - 2015-01-02 09:14 - 00000000 ____D C:\Users\Mark\AppData\Local\Innovative Solutions 2015-08-03 15:44 - 2013-07-03 07:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2 2015-08-03 15:44 - 2013-07-03 07:34 - 00000000 ____D C:\Program Files (x86)\Cyberlink 2015-08-03 15:44 - 2013-05-09 05:42 - 00000000 ____D C:\Program Files (x86)\NCH Software 2015-08-03 15:44 - 2013-03-09 02:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-08-03 15:44 - 2012-12-21 12:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2015-08-03 15:44 - 2012-12-21 12:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-08-03 15:44 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-08-03 15:43 - 2015-01-02 09:29 - 00000000 ____D C:\Users\Mark\AppData\Local\SlimWare Utilities Inc 2015-08-03 15:43 - 2012-12-21 13:16 - 00000000 ____D C:\Users\Mark\AppData\Roaming\vlc 2015-08-03 15:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2015-08-03 12:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Globalization 2015-08-02 20:00 - 2013-03-06 12:04 - 00000000 ____D C:\Users\Mark\AppData\Roaming\IrfanView 2015-08-02 19:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-08-02 19:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat 2015-08-02 19:42 - 2012-12-21 12:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-08-02 19:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv 2015-08-02 19:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\inetsrv 2015-07-30 04:47 - 2015-05-21 05:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-30 04:40 - 2012-12-22 14:58 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-29 20:27 - 2013-07-01 00:01 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps 2015-07-29 19:24 - 2013-07-03 07:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11 2015-07-29 19:24 - 2013-07-03 07:30 - 00000000 ____D C:\Program Files\CyberLink 2015-07-29 19:23 - 2012-12-22 02:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Skype 2015-07-29 19:21 - 2013-04-10 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers 2015-07-16 06:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2015-07-14 17:01 - 2013-03-29 02:52 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-14 17:01 - 2013-03-29 02:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-14 15:42 - 2012-12-22 14:38 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Adobe 2015-07-09 14:43 - 2014-03-31 14:27 - 00048496 _____ (Absolute Software Corporation) C:\Windows\SysWOW64\identprv.dll 2015-07-07 13:33 - 2015-07-03 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-05 14:32 - 2014-05-14 02:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Some files in TEMP: ==================== C:\Users\Mark\AppData\Local\Temp\iv_uninstall.exe C:\Users\Mark\AppData\Local\Temp\xReflect.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information. ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01 Ran by Mark 2 (2015-08-03 18:20:09) Running from C:\Users\Mark 2\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-42931640-1002724403-1968875480-500 - Administrator - Disabled) Guest (S-1-5-21-42931640-1002724403-1968875480-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-42931640-1002724403-1968875480-1002 - Limited - Enabled) Mark (S-1-5-21-42931640-1002724403-1968875480-1001 - Administrator - Enabled) => C:\Users\Mark Mark 2 (S-1-5-21-42931640-1002724403-1968875480-1004 - Limited - Enabled) => C:\Users\Mark 2 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-42931640-1002724403-1968875480-1004\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) BankID Security Application (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.0.2.10 - Finansiell ID-Teknik BID AB) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2418 - CyberLink Corp.) CyberLink PowerDirector 11 (Version: 11.0.0.2418 - CyberLink Corp.) Hidden CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.) DriverIdentifier 4.2.8 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier) Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6314.0 - IDT) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - ) K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - ) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 6.0.685 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MiniTool Partition Wizard Professional Edition 7.5 (HKLM-x32\...\{160479AF-4A05-4EE5-B3E7-1625227567EB}_is1) (Version: - MiniTool Solution Ltd.) Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com) Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd) Privacy Eraser (HKLM\...\{CB5AC03C-B8AD-980F-998E-51969A6DFC9F}_is1) (Version: 3.5.0.1127 - Cybertron Software Co., Ltd.) QuickTime (HKLM-x32\...\QuickTime) (Version: - ) RICOH Media Driver ver.2.07.01.01 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.01 - RICOH) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: - NCH Software) WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2013-04-23 08:04 - 00001955 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => Task: C:\Windows\Tasks\GlaryInitialize 5.job => Task: C:\Windows\Tasks\SlimCleaner Run.job => ==================== Loaded Modules (Whitelisted) ============== 2013-09-04 19:17 - 2013-09-04 19:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 09:23 - 2010-10-20 09:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-42931640-1002724403-1968875480-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark 2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 12.127.16.67 - 12.127.17.71 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{A51A80C8-34C9-40F0-BD13-858077B503DE}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [uDP Query User{61F79F4B-172F-4D36-A533-60D102B35F80}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [{7C98586F-E952-495F-A717-A9A5E101D740}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{04C603D6-1ADE-4A99-9349-05DFE2998F8B}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [uDP Query User{915686D0-ED14-4222-9161-28FB65CFF60D}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [{9A3F596D-B7CE-4267-B06B-22F0F142DBC5}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{40FB63AA-187D-4302-9B4F-A0BDEDC3B496}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{9291E510-7B63-40FD-913C-3D9355601724}C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [uDP Query User{A6D13E61-CF69-459E-9771-5EFD4FA60578}C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{70206B21-7A42-4F36-8668-755B5CCBBFF8}] => (Allow) C:\Windows\SysWOW64\dlbucoms.exe FirewallRules: [{50B0DC7B-3B7F-4CDF-86D6-12F399E71B74}] => (Allow) C:\Windows\SysWOW64\dlbucoms.exe FirewallRules: [{AC6F1796-B15C-46E6-ACCA-03D9A9E2E4C3}] => (Allow) C:\Windows\System32\dlbucoms.exe FirewallRules: [{DE5BF795-CAFD-405B-B084-383B4E45CD31}] => (Allow) C:\Windows\System32\dlbucoms.exe FirewallRules: [TCP Query User{214EE53B-FBFE-4672-A8BD-52C648C25049}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [uDP Query User{F37C5488-AA72-4D47-8920-52DC4A052A1D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [TCP Query User{6BD7F1AA-03E7-4EF7-95D4-DA5A3194BC8D}C:\users\mark\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe] => (Allow) C:\users\mark\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe FirewallRules: [uDP Query User{E455630D-D7BE-4631-B063-5A139312D6E1}C:\users\mark\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe] => (Allow) C:\users\mark\appdata\local\amazon\kindle previewer\lib\touchlibs\webreader.exe FirewallRules: [TCP Query User{ABA36E70-2A8F-488F-A5F9-BE827F3733D5}C:\users\mark\desktop\kindle previewer\lib\touchlibs\webreader.exe] => (Allow) C:\users\mark\desktop\kindle previewer\lib\touchlibs\webreader.exe FirewallRules: [uDP Query User{6B1459BD-C452-48D7-BF2C-52EC9052F269}C:\users\mark\desktop\kindle previewer\lib\touchlibs\webreader.exe] => (Allow) C:\users\mark\desktop\kindle previewer\lib\touchlibs\webreader.exe FirewallRules: [{32574D26-470A-4C20-B435-8C6E8ABD180E}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE FirewallRules: [TCP Query User{C5F5B5E0-EB29-43BF-8002-7B3666A2BAEB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [uDP Query User{0E5F85CE-700E-4DCD-9715-F2565C933BDB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{15DDC2BA-D5AC-4181-94B2-14C1275F9AB0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{BFAE11A6-3268-4FF5-B247-3BA97561A773}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{8159142D-3044-447D-A34F-F5D347670D45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{F4C14BA5-A00E-4EE8-B076-34136FD3C9C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{D66CCE0B-C72E-4480-8D87-A85A1CC0DF0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{B13D28DF-0CE7-477A-9C3F-6E0B1C7A89E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{868F6C28-B34A-469D-B697-3A89B9E2D033}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2F537038-CCDF-46DC-A4A1-6A12BB33EEA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2F7D0B05-9073-4C7D-9538-DE066E39BDE2}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsl42D9.tmp\CnetInstaller-10477455.exe FirewallRules: [{99AE4324-FC83-4D12-A2C8-462D0CF70A68}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsl42D9.tmp\CnetInstaller-10477455.exe FirewallRules: [{5EAE2FA0-11DC-49B3-B765-31E31D9725FB}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsc23DC.tmp\CnetInstaller-76275671.exe FirewallRules: [{7FAC4E91-11B9-4113-A53B-C6D0413AB03A}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsc23DC.tmp\CnetInstaller-76275671.exe FirewallRules: [TCP Query User{3E6E194C-F56D-4BD7-84BC-685CA6111AE5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{88DF3644-A2EF-4470-84B3-3EC848088F6B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{3B178D0E-3306-475A-A344-DF58A5AD4A07}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsnAA8F.tmp\CnetInstaller-10028673.exe FirewallRules: [{15B68D91-C8A2-4EA7-8B45-6EA2791903D8}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsnAA8F.tmp\CnetInstaller-10028673.exe FirewallRules: [{BDBE766B-EDDA-4924-A13D-72C048863664}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsa5C22.tmp\CnetInstaller-10853744.exe FirewallRules: [{B7E1B39F-5CDB-4A24-A1B8-C8362CD27FB1}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsa5C22.tmp\CnetInstaller-10853744.exe FirewallRules: [{31167132-7AA2-4BB4-AFCF-B67CE5D20A25}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsn2B0F.tmp\CnetInstaller-75573091.exe FirewallRules: [{EDDDDF8B-1964-40BB-B424-5A1FA8F523D4}] => (Allow) C:\Users\Mark\AppData\Local\Temp\nsn2B0F.tmp\CnetInstaller-75573091.exe FirewallRules: [{7B54E981-C61C-4F35-B1A6-FEB90B2BE175}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{06828E3D-3D13-4361-BEC8-AE6CBF63A1B5}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7FB25EB0-6EFF-4C1C-8F0E-543122FD4324}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{061ED0D0-A2ED-42F5-9DC7-757D646E3BEA}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A5471C20-9D1E-42F5-8D7B-B3AD4632123F}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3B9BBFF0-51E0-42FD-A879-9FD8CB0151E3}] => (Allow) C:\Users\Mark 2\AppData\Roaming\uTorrent\uTorrent.exe ==================== Faulty Device Manager Devices ============= Name: NVIDIA nForce System Management Controller Description: NVIDIA nForce System Management Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: nvsmu Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/03/2015 06:19:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 172c Start Time: 01d0ce2e93caa870 Termination Time: 35 Application Path: C:\Windows\explorer.exe Report Id: ace53531-3a2d-11e5-af69-850c993f63ae Error: (08/03/2015 04:54:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 804 Start Time: 01d0ce2e616faab0 Termination Time: 24 Application Path: C:\Windows\explorer.exe Report Id: cf661631-3a21-11e5-af69-850c993f63ae Error: (08/03/2015 04:52:29 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5868. Message ID: [0x2509]. Error: (08/03/2015 04:50:26 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3080. Message ID: [0x2509]. Error: (08/03/2015 04:48:33 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4688. Message ID: [0x2509]. Error: (08/03/2015 04:08:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4656. Message ID: [0x2509]. Error: (08/03/2015 03:52:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NvNetworkService.exe, version: 1.0.8.24, time stamp: 0x53d0a628 Faulting module name: NvNetworkService.exe, version: 1.0.8.24, time stamp: 0x53d0a628 Exception code: 0xc0000005 Fault offset: 0x000bf856 Faulting process id: 0x918 Faulting application start time: 0xNvNetworkService.exe0 Faulting application path: NvNetworkService.exe1 Faulting module path: NvNetworkService.exe2 Report Id: NvNetworkService.exe3 Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] System errors: ============= Error: (08/03/2015 06:19:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1070 Error: (08/03/2015 06:19:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Server service hung on starting. Error: (08/03/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1070 Error: (08/03/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Server service hung on starting. Error: (08/03/2015 06:15:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1070 Error: (08/03/2015 06:15:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Server service hung on starting. Error: (08/03/2015 06:13:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1070 Error: (08/03/2015 06:13:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Server service hung on starting. Error: (08/03/2015 06:12:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1070 Error: (08/03/2015 06:12:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Server service hung on starting. Microsoft Office: ========================= Error: (08/03/2015 06:19:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.1.7601.17567172c01d0ce2e93caa87035C:\Windows\explorer.exeace53531-3a2d-11e5-af69-850c993f63ae Error: (08/03/2015 04:54:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.1.7601.1756780401d0ce2e616faab024C:\Windows\explorer.execf661631-3a21-11e5-af69-850c993f63ae Error: (08/03/2015 04:52:29 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5868. Message ID: [0x2509]. Error: (08/03/2015 04:50:26 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3080. Message ID: [0x2509]. Error: (08/03/2015 04:48:33 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4688. Message ID: [0x2509]. Error: (08/03/2015 04:08:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 4656. Message ID: [0x2509]. Error: (08/03/2015 03:52:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: NvNetworkService.exe1.0.8.2453d0a628NvNetworkService.exe1.0.8.2453d0a628c0000005000bf85691801d0ce25dc498570C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeC:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe28966330-3a19-11e5-af69-850c993f63ae Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (08/03/2015 03:52:17 PM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] CodeIntegrity: =================================== Date: 2015-01-01 18:16:15.807 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-01 18:14:29.802 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-31 18:08:02.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-31 17:56:11.700 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-26 20:08:35.981 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-26 18:25:03.310 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-26 18:11:31.539 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-26 18:11:28.615 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-25 10:44:50.420 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-24 17:47:57.088 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz Percentage of memory in use: 61% Total physical RAM: 3838.36 MB Available physical RAM: 1478.65 MB Total Virtual: 7336.55 MB Available Virtual: 4546.22 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:217.98 GB) (Free:44.47 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: () (Fixed) (Total:80.06 GB) (Free:45.37 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of log ============================
  2. innerview
    Hi. Thank you for your reply. just to let you know, I am using the same computer, only on a different account. no problem using this account. It's just not my primary account. When opening in my primary account, as mentioned above, just a grey screen with the mouse pointer arrow. Also, just a reminder, this happened after removing files with malwarebytes, not before. Computer was working prior to that. should I still continue with your recommendation? peace, Mark
  3. innerview
    Hoping someone can help me... I ran Malwarebytes and quarantined the recommended items. Since doing that I cannot open my computer using my usual sign in account. The computer boots but there is only a grey screen with the mouse arrow. Nothing else appears. I attempted to restore the quarantined items but I get a message saying "cannot restore items set for deletion". I've rebooted several times and even tried to restore the system to an earlier restore point and that has failed as well. can anyone help me, please!!!??? thanks, Mark
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.