Jump to content

Recommended Posts

Hello Jlsimons1959 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.



Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Ok so went to chrome to use it and somehow I came across this... I dont know a lot about this stuff but it didnt look right to me... Is this fine to use?

<!doctype html>
  <html id="uber" class="loading" i18n-values="dir:textdirection;lang:language">
  <head>
  <meta charset="utf-8">
  <title i18n-content="pageTitle"></title>
  <link id="favicon" rel="icon" type="image/png" sizes="16x16">
  <link id="favicon2x" rel="icon" type="image/png" sizes="32x32">
   
  <link rel="stylesheet" href="chrome://resources/css/chrome_shared.css">
  <style>/* Copyright (c) 2012 The Chromium Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file. */
   
  body {
  /* http://crbug.com/129406 --- horizontal scrollbars flicker when changing
  * sections. */
  overflow-x: hidden;
  }
   
  #navigation {
  height: 100%;
  left: 0;
  /* This is a hack to prevent the navigation bar from occluding pointer events
  * from the bottom scroll bar (which shows when one needs to horizontally
  * scroll). Corresponding padding-top to offset this is in uber_frame.css */
  margin-top: -20px;
  position: absolute;
  /* This value is different from the left value to compensate for the scroll
  * bar (which is always on and to the right) in RTL. */
  right: 15px;
  width: 155px;
  z-index: 3;
  }
   
  #navigation.background {
  z-index: 1;
  }
   
  #navigation.changing-content {
  -webkit-transition: -webkit-transform 100ms, width 100ms;
  }
   
  .iframe-container {
  -webkit-margin-start: -20px;
  -webkit-transition: margin 100ms, opacity 100ms;
  bottom: 0;
  left: 0;
  opacity: 0;
  position: absolute;
  right: 0;
  top: 0;
  z-index: 1;
  }
   
  .iframe-container.selected {
  -webkit-margin-start: 0;
  -webkit-transition: margin 200ms, opacity 200ms;
  -webkit-transition-delay: 100ms;
  opacity: 1;
  z-index: 2;
  }
   
  .iframe-container.expanded {
  left: 0;
  }
   
  iframe {
  border: none;
  display: block;
  height: 100%;
  width: 100%;
  }
  </style>
   
  <script src="chrome://resources/js/cr.js"></script>
  <script src="chrome://resources/js/cr/ui/focus_manager.js"></script>
  <script src="chrome://resources/js/load_time_data.js"></script>
  <script src="chrome://resources/js/util.js"></script>
   
  <script src="chrome://chrome/uber.js"></script>
  <script src="chrome://chrome/uber_utils.js"></script>
  </head>
   
  <body>
   
  <div id="navigation"><iframe src="chrome://uber-frame/" name="chrome" role="presentation"></iframe></div>
   
  <div class="iframe-container"
  i18n-values="id:historyHost; data-url:historyFrameURL;"
  data-favicon="IDR_HISTORY_FAVICON"></div>
  <div class="iframe-container"
  i18n-values="id:extensionsHost; data-url:extensionsFrameURL;"
  data-favicon="IDR_EXTENSIONS_FAVICON"></div>
  <div class="iframe-container"
  i18n-values="id:settingsHost; data-url:settingsFrameURL;"
  data-favicon="IDR_SETTINGS_FAVICON"></div>
  <div class="iframe-container"
  i18n-values="id:helpHost; data-url:helpFrameURL;"
  data-favicon="IDR_PRODUCT_LOGO_16"></div>
   
  <script src="chrome://chrome/strings.js"></script>
  <script src="chrome://resources/js/i18n_template.js"></script>
   
  </body>
  </html>
Link to post
Share on other sites

ok. here you go. Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Jamie (administrator) on JAMIE-PC (21-03-2017 14:24:23)
Running from C:\Windows\SysWOW64\config\systemprofile\Downloads
Loaded Profiles: False (Available Profiles: Jamie) <==== ATTENTION (Temporary Profile?)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ====================
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{48A05786-389E-4AC0-955A-B80CD50A50F6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-e79925d1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-e79925d1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM -> {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-e79925d1&q={searchTerms}
SearchScopes: HKLM -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKLM-x32 -> {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKLM-x32 -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\.DEFAULT -> DefaultScope {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
SearchScopes: HKU\.DEFAULT -> {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2009-09-24] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll [2009-10-03] (Google Inc.)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15] (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-02-21] (RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10] (Sun Microsystems, Inc.)
BHO-x32: BrowserHelper Class -> {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} -> C:\Program Files (x86)\SGPSA\SearchAssistant.dll [2009-10-15] (Make The Web Better, LLC)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-19] (AVG)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-24] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-03] (Google Inc.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-24] (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-29] (Microsoft Corp.)
BHO-x32: Search Assistant -> {F0626A63-410B-45E2-99A1-3F2475B2D695} -> C:\Program Files (x86)\SGPSA\BHO.dll => No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2009-09-24] (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-29] (Microsoft Corp.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-24] (Google Inc.)
Toolbar: HKLM-x32 - Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.21.01.0/iewwload.cab
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2009-07-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-08-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-02-21] [not signed]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.688 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2010-02-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.688 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2010-02-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.688 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2010-02-21] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-14] (Google Inc.)

==================== Services (Whitelisted) ====================

===================== Drivers (Whitelisted) ======================

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Files in the root of some directories =======

2006-11-02 11:42 - 2017-03-21 12:35 - 0001460 _____ () C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps64.dat
2009-08-27 18:15 - 2016-04-19 21:29 - 0376877 _____ () C:\ProgramData\HPWALog.txt
2009-08-28 17:22 - 2012-11-29 17:20 - 0007712 _____ () C:\ProgramData\hpzinstall.log
2009-07-20 06:51 - 2009-07-20 06:51 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-01-13 12:52 - 2009-01-13 12:53 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-07-20 06:50 - 2009-07-20 06:50 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-01-13 12:44 - 2009-01-13 12:46 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-07-20 06:48 - 2009-07-20 06:48 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-07-20 06:50 - 2009-07-20 06:50 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-01-13 12:43 - 2009-01-13 12:44 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-01-13 12:46 - 2009-01-13 12:52 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-07-20 06:51 - 2009-07-20 06:51 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2017-03-21 10:15

==================== End of FRST.txt ============================

Link to post
Share on other sites

And here is addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Jamie (21-03-2017 14:25:56)
Running from C:\Windows\SysWOW64\config\systemprofile\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) (2009-07-20 09:40:42)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2248164473-1449927881-3797984310-500 - Administrator - Disabled)
Guest (S-1-5-21-2248164473-1449927881-3797984310-501 - Limited - Disabled)
Jamie (S-1-5-21-2248164473-1449927881-3797984310-1000 - Administrator - Enabled) => C:\Users\Jamie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! antivirus (Enabled - Out of date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AV: AVG AntiVirus Free Edition (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: avast! antivirus (Enabled - Out of date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WebReg Officejet 6000 E609n Series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{96FB22F8-8906-4865-82A0-8CB2007005DA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{A800693B-338C-4EFD-8602-DBB8A5C06AB4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{CEAB3071-7B85-4A6C-954F-08E1DDF39974}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{BC4399CF-ACE3-46FD-8CF2-A2E25AC0F9C7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{FC74021F-F427-4CC6-867B-B6F15AA50F60}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{6FFB4AA0-E244-4871-8FDC-039C680B958B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{7616ABB5-DFDB-46B9-96CC-DA5F9DBE0CCC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{EA74ACBF-D0BD-4074-BB79-4AEF9E11F8C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{20B0361D-26C7-4168-88AC-99B018B12D78}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{224D757D-D704-4CA0-BC7A-E05F1C6CE127}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{18EFC38C-3AED-49E0-A955-1D93BF221310}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{C1C36BBA-1335-43CB-9157-DCD2EE3618EE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{3D89B29F-5337-47FE-BB96-E9FE76584115}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe
FirewallRules: [{F2026212-0F8F-4607-A37C-DCF227271597}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe
FirewallRules: [{ACA85671-8C0B-42A8-9386-F925764ED8D2}] => (Allow) E:\setup\hpznui40.exe
FirewallRules: [{75C9E5AB-8D72-44C4-AAB4-E9E2BB44935A}] => (Allow) C:\Program Files (x86)\HP\digital imaging\bin\hpqtra08.exe
FirewallRules: [{EB4341CB-7642-48D0-87FC-BE77CC2224F2}] => (Allow) C:\Program Files (x86)\HP\digital imaging\bin\hpqste08.exe
FirewallRules: [{C94DEDF6-C723-4A0C-9748-7D0F94F08397}] => (Allow) C:\Program Files (x86)\HP\digital imaging\bin\hposid01.exe
FirewallRules: [{88728EE3-B2BC-4C6D-8AC2-CFDB8BDA0BFF}] => (Allow) LPort=80
FirewallRules: [{6088D6CC-89D7-488C-AF80-23CAA67FACFD}] => (Allow) LPort=80
FirewallRules: [{3030EDAC-FD8E-4D2B-8D5C-8783C5EAA75D}] => (Allow) LPort=80
FirewallRules: [TCP Query User{BAF30A32-A8B1-44B6-8891-BAC15B9F12C4}C:\program files (x86)\frostwire\frostwire.exe] => (Block) C:\program files (x86)\frostwire\frostwire.exe
FirewallRules: [UDP Query User{E5BF4A04-5D2B-4949-8165-CC1055F53CBF}C:\program files (x86)\frostwire\frostwire.exe] => (Block) C:\program files (x86)\frostwire\frostwire.exe
FirewallRules: [{F7DB6D3D-2AAF-462A-9898-FE1D970D7478}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60157315-5AFF-4601-AD75-A13D11325CDE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6904320-E917-475E-833A-23EAEA323A35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{16DE3A6B-DEBC-4988-843F-5CFC1C262606}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{28FB47F2-8172-428C-A242-5126B6E8FA82}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C1D4C099-DF2D-414E-88FD-BD862A63016C}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [TCP Query User{E7DCBB42-2991-4089-B3BA-869410AF0D91}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{76052E1D-9E02-438D-AA02-5BA8487955B4}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [{01F20632-6DAD-4DCE-BF17-F42FBA6D7240}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{D4168456-5362-4D3A-BC93-01E3A2E07991}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{3CD50257-1D7B-4E67-B4D2-A878585B55C7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{69CDB935-80BC-425D-904F-6926706FB671}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5E486874-E13E-4EFB-8A3B-31B6F7BC775B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D8660402-CEF1-46C9-AB85-2A79797B1112}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{23259483-D9F3-49ED-9B14-1137CCCAF57A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BE147C6D-728C-49C6-BB44-B565AB38E224}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{411D2A9C-4B46-476F-B91D-264067EA01DC}] => (Allow) C:\Users\Jamie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8F1AC2F8-ADB1-4817-BC77-BA317DAE0247}] => (Allow) C:\Users\Jamie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C535B1F5-B5AE-49B3-ACFF-4AE8D08F1FF9}] => (Allow) C:\Users\Jamie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7669E7D7-B696-40E4-800B-EEF3E8ABCFE5}] => (Allow) C:\Users\Jamie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{340FF8FA-CBC4-45EF-9913-0E295813E4BC}] => (Allow) C:\Users\Jamie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BF70E6F3-211F-4868-B17D-6B6DF15CB7A3}] => (Allow) C:\Users\Jamie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAF6F987-3D31-4B88-967D-EF93A42473A2}] => (Allow) C:\Users\Jamie\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{359A7E1A-C569-42B7-B9E0-8C109CE57F31}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{BC624A04-FA7D-429C-B15A-C662471A34A7}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{EBC8E49D-33FF-465E-8DE0-28A20E66C215}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{D6CF1A63-D440-407E-89F4-5FB3FF5857C6}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{1A35529C-6285-4143-94A5-E33793CC11CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D4EDB1EE-306E-4E6D-BDED-E8C0EDCF3905}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{430C146B-EFDE-4FBF-8295-53AA10CEA9F7}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{312188D3-3821-43EB-BB82-DEFFA63FBE8F}] => (Allow) C:\Users\Jamie\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{DC040BA1-E98F-462F-B609-E13A22F12A63}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{9F5E3848-F25C-40C9-B5C6-9A2A6C7D7AA5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{5C84E064-08B0-4550-8C62-7656E63DF5A3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{103A6ABB-DF88-4BEF-BD5D-F58F92746C2F}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{C4B3CE67-343D-46D0-AB1C-62FA82B6326C}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{56087B6B-6BE4-4732-B97B-E85671D28349}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BEE7230B-FF31-4298-AF95-A20A9BEB5F55}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{AE3090D2-1C10-489B-BA88-28A7E1DC6061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{1B9C5CFB-5A89-4DB1-AA69-6938433D0FBB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{B120BA8A-C853-432B-8911-02D78C4124F2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{F963E274-EA20-49F3-953D-75B915700CB3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{32AB4287-3ACA-446D-9861-E9A7BCCCF908}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{B8D860A6-1FA9-44B8-A299-792E31DAB1B5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{4C3C0F04-48D0-4ADD-AAB7-9B84EFB77B99}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{94586663-30F6-4189-BF69-A57928D3E7E0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{0260AC85-E189-4A68-9BF3-905592366AFE}] => (Allow) C:\Program Files (x86)\HP\digital imaging\bin\hposid01.exe
FirewallRules: [{E214A4E2-BA57-4E97-9ABA-80E90122041F}] => (Allow) C:\Program Files (x86)\HP\digital imaging\bin\hpqste08.exe
FirewallRules: [{6F54A5AD-06BF-4C49-9D8B-60FDAF2DDBFF}] => (Allow) C:\Program Files (x86)\HP\digital imaging\bin\hpqtra08.exe
FirewallRules: [{C3DF1410-B08C-48D4-892A-170E84357F87}] => (Allow) E:\setup\hpznui40.exe
FirewallRules: [{F8529F26-2C2E-45AA-B0AE-F5D87CCD4B85}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9051B346-3A34-4F58-B84F-FD50C8B407EE}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{7B70B129-1AA9-44FF-8A65-C1D70FC05174}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{67E2CA82-D101-4B1F-95F2-961CCC50D3A1}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{BB6CD099-CDE6-4F5C-9F9F-18C46BE5DA23}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe
FirewallRules: [{E12FBE43-3B56-41B7-A246-882A4FC037C1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe
FirewallRules: [{131FAAEC-2AE0-4FAF-982E-B646D583AF70}] => (Allow) C:\Users\Jamie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{46B5D5CA-84F8-468D-95BD-C9DC2D8B8F05}] => (Allow) C:\Users\Jamie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{489A83AE-1436-4059-8C17-C19B20619666}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{FD7E21BB-DB8C-4EEA-B376-61394B509877}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe

==================== Restore Points =========================

31-12-2014 17:35:51 Windows Update
10-01-2015 19:26:01 Windows Update
28-04-2015 19:42:15 ARO 2011- Before One Click
28-04-2015 19:57:02 Windows Update
29-04-2015 03:00:37 Windows Update
11-01-2016 17:29:14 Windows Update
11-01-2016 20:18:56 Installed AVG 2016
11-01-2016 20:20:48 Installed AVG
11-01-2016 23:27:14 Configured LabelPrint
10-03-2017 20:27:11 Windows Update
10-03-2017 20:49:16 Windows Update
10-03-2017 23:16:53 Windows Update
14-03-2017 14:00:02 Windows Update

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Description: Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8169
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6000 E609n
Description: Officejet 6000 E609n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6000 E609n
Description: Officejet 6000 E609n
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2017 02:15:14 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (03/21/2017 02:14:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2017 12:02:55 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (03/21/2017 10:02:52 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (03/21/2017 10:01:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2017 09:54:51 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (03/21/2017 09:54:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/20/2017 02:14:32 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (03/20/2017 12:53:22 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/20/2017 12:47:14 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (09/24/2010 09:19:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:14:55 PM on 9/24/2010 was unexpected.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 33%
Total physical RAM: 3998.25 MB
Available physical RAM: 2675.65 MB
Total Virtual: 8173.76 MB
Available Virtual: 7036.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.05 GB) (Free:171.6 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.04 GB) (Free:2.03 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Why was FRST run with the system in safe mode...? Can you run again in Normal mode.

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

Link to post
Share on other sites

I see you are also running from Temporary Profile. In that profile open Malwarebytes,  turn off "enable self protection" in settings and reboot.

Can you boot normally now...?

 

Link to post
Share on other sites
I want you to run FRST from the Recovery Environment via USB flasdrive (memory stick..) Plug that into your PC..

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you should get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thank you,

Kevin...

Link to post
Share on other sites

A flashdrive (memory stick) is the only way to run FRST from the Recovery Environment... Continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Reboot and run FRST again as follows:

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

 

 

fixlist.txt

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.