johndd,
Please do not run the following fixlist:
Post #10: Win 7 unable to use or create restore point after fbi virus
This matter requires further research by VistaKing.
The above stems from the following entry showing in your FRST report:
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
There are Rootkit infections that turn off the driver integrity check by adding an entry to the Boot Configuration Data (BCD).
Please check on the following:
At the bottom right of the Desktop, does it say something like: "Test Mode, Windows 7, Build XXXX" ?
(X=number)
Edit:
As confirmed by VistaKing, there is no Rootkit driver present.
No "Test Mode, Windows 7, Build 7601" notice is present on the screen.
The entry: "testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!" appears to be a leftover from an infection, and needs removed from the BCD.
Proceed with the previous fixlist (Post #10) only after removing all illegal software and/or tools from the computer.
Let's hope the few unsigned drivers are not essential for booting...
Last edited by cottonball; 20 Jul 2013 at 12:21.
Here is the adw cleaner file. TDSSKiller reported no issues. Tried creating restore point got-Access Denied: (0x80070005).
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: 0x0 Windows Product Key: *****-*****-TMVMJ-BBMRX-3MBMV Windows Product Key Hash: 55n8g6xdzhe4AOWhmTzdzQoLfa4= Windows Product ID: 00426-292-0000007-85614 Windows Product ID Type: 5 Windows License Type: Retail Windows OS version: 6.1.7601.2.00010100.1.0.001 ID: {C3464DE8-0B31-4A58-A2B1-76D58C38084E}(1) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Ultimate Architecture: 0x00000000 Build lab: 7601.win7sp1_gdr.130505-1534 TTS Error: T:20111207202007485- Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100 File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100 Other data--> Office Details: <GenuineResults><MachineData><UGUID>{C3464DE8-0B31-4A58-A2B1-76D58C38084E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3MBMV</PKey><PID>00426-292-0000007-85614</PID><PIDType>5</PIDType><SID>S-1-5-21-2326662721-1753859907-3392161002</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>GA-78LMT-S2P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>FB</Version><SMBIOSVersion major="2" minor="4"/><Date>20111017000000.000000+000</Date></BIOS><HWID>6CFB3D07018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B10K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: U1BMRwEAAAAAAQAABAAAAEsQAAAAAAAAYWECAEj9FbNc9I+FR7XMAROJf9ybj7SsIEe8hMh9DOFKXc0xX1zar0ij2yw5TuEWOxCEM7UuNpzkgJsgBYnlgWOpCrmWo1Nepzt5+XJuKTMzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAx4dZsxs/sxaQSZh6DCEuBH/7uI1FTTozdREdrmsoB/1FYOzmhKxZJ+6Fp571HxQiozkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM Licensing Data--> Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs". Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: 0x00000000 HealthStatus: 0x0000000000000000 Event Time Stamp: 1:4:2012 05:36 ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Not Registered - 0x80070005 HealthStatus Bitmask Output: HWID Data--> HWID Hash Current: MgAAAAEABAABAAIAAAABAAAAAQABAAEAeqhguP4LEDNU8uCoGIhOms5wrsD0AbjpFA8= OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC GBT GBTUACPI FACP GBT GBTUACPI HPET GBT GBTUACPI MCFG GBT GBTUACPI MSDM GBT GBTUACPI TAMG GBT GBT B0 SSDT AMD POWERNOW SLIC DELL B10K
icon on your desktop.
button 
button 
Quote