Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

White screen on boot, OK in safemode


  • This topic is locked This topic is locked
30 replies to this topic

#1 kythoon

kythoon

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 23 July 2013 - 07:54 PM

Hey

 

Seem I have a similar issue to other people. I turned my computer on today and I was presented with a white screen. I could tell that ctrl+shift+esc brought up the task manager (mouse icon changed) but everything was still white. Booting into safemode with networking seemed to be fine and googling lead me to you guys.

 

My FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013
Ran by SYSTEM on 23-07-2013 20:33:31
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
 
 
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================
 
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)
HKU\Mike\...\Run: [AdobeBridge] -  [x]
 
========================== Services (Whitelisted) =================
 
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-07-12] (Adobe Systems Incorporated)
S4 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184 2012-08-11] (Apple Inc.)
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [44376 2010-03-18] (Microsoft Corporation)
S4 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1342024 2012-12-10] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S4 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-05-15] (Macrovision Europe Ltd.)
S4 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
S4 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-20] (Microsoft Corporation)
S4 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
S4 MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [199536 2010-05-20] (Microsoft Corporation)
S4 NAUpdate; C:\Program Files (x86)\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S4 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S4 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [161384 2013-02-28] (Skype Technologies)
S4 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [559016 2013-07-09] (Valve Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]
S2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [95760 2012-06-17] (Advanced Micro Devices)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-05-22] ()
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x64.sys [54272 2009-06-19] (Atheros Communications, Inc.)
S3 LEqdUsb; C:\Windows\System32\DRIVERS\LEqdUsb.Sys [74256 2009-06-17] (Logitech, Inc.)
S3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [22408 2011-05-15] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [16008 2011-05-15] (Logitech Inc.)
S3 LHidEqd; C:\Windows\System32\DRIVERS\LHidEqd.Sys [13328 2009-06-17] (Logitech, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-05-22] ()
S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [57872 2009-06-17] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [40976 2009-06-17] (Logitech, Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [38912 2010-09-06] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-05-15] (Duplex Secure Ltd.)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [2060144 2010-05-20] (Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Western Digital Technologies)
S3 WimFltr; system32\DRIVERS\wimfltr.sys [x]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\DRIVERS\1394ohci.sys A87D604AEA360176311474C87A63BB88
C:\Windows\System32\drivers\ACPI.sys D81D9E70B8A6DD14D42D7B4EFA65D5F2
C:\Windows\system32\drivers\acpipmi.sys 99F8E788246D495CE3794D7E7821D2CA
C:\Windows\system32\drivers\adp94xx.sys 2F6B34B83843F0C5118B63AC634F5BF4
C:\Windows\system32\drivers\adpahci.sys 597F78224EE9224EA1A13D6350CED962
C:\Windows\system32\drivers\adpu320.sys E109549C90F62FB570B9540C4B148E54
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys 608C14DBA7299D8CB6ED035A68A15799
C:\Windows\system32\drivers\aliide.sys 5812713A477A3AD7363C7438CA2EE038
C:\Windows\system32\drivers\amdide.sys 1FF8B4431C353CE385C875F194924C0C
C:\Windows\system32\drivers\amdk8.sys 7024F087CFF1833A806193EF9D22CDA9
C:\Windows\System32\DRIVERS\atikmdag.sys 0B45C18B0F3EE996D25BAA4E74884B83
C:\Windows\System32\DRIVERS\atikmpag.sys 0E57258E5CC4CC7A9A9A877AFDF0CEC6
C:\Windows\system32\drivers\amdppm.sys 1E56388B3FE0D031C44144EB8C4D6217
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys F67F933E79241ED32FF46A4F29B5120B
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 89A69C3F2F319B43379399547526D952
C:\Windows\system32\drivers\arc.sys C484F8CEB1717C540242531DB7845C4E
C:\Windows\system32\drivers\arcsas.sys 019AF6924AEFE7839F61C830227FE79C
C:\Windows\System32\DRIVERS\asyncmac.sys 769765CE2CC62867468CEA93969B2242
C:\Windows\System32\drivers\atapi.sys 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\System32\drivers\AtihdW76.sys 24464B908E143D2561E9E452FEE97309
C:\Windows\System32\DRIVERS\atikmdag.sys 0B45C18B0F3EE996D25BAA4E74884B83
C:\Windows\System32\DRIVERS\atksgt.sys FC0E8778C000291CAF60EB88C011E931
C:\Windows\System32\DRIVERS\avgfwd6a.sys 3D1FFAA3358CA0D8A298DEA8BECFC468
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 388056EBD5FE6718FE669078DBE37897
C:\Windows\System32\DRIVERS\avgidsha.sys 550E981747D6A6C55078C77346FFC2C6
C:\Windows\System32\DRIVERS\avgldx64.sys 5989592A91A17587799792A81E1541D4
C:\Windows\System32\DRIVERS\avgloga.sys 3FC43AA02545FCDDC22817829114DEC8
C:\Windows\System32\DRIVERS\avgmfx64.sys 767B4A485FB22AA0FC0BF5EEF00572B9
C:\Windows\System32\DRIVERS\avgrkx64.sys FE4F444DBE4BBBDFD8FECF49398DEFC7
C:\Windows\System32\DRIVERS\avgtdia.sys 6E634525613D48A1D1657FB21F21F3B2
C:\Windows\system32\drivers\bxvbda.sys 3E5B191307609F7514148C6832BB0842
C:\Windows\System32\DRIVERS\b57nd60a.sys B5ACE6968304A3900EEB1EBFD9622DF2
C:\Windows\System32\Drivers\Beep.sys 16A47CE2DECC9B099349A5F840654746
C:\Windows\System32\DRIVERS\blbdrive.sys 61583EE3C3A17003C4ACD0475646B4D3
C:\Windows\System32\DRIVERS\bowser.sys 6C02A83164F5CC0A262F4199F0871CF5
C:\Windows\system32\drivers\BrFiltLo.sys F09EEE9EDC320B5E1501F749FDE686C8
C:\Windows\system32\drivers\BrFiltUp.sys B114D3098E9BDB8BEA8B053685831BE6
C:\Windows\System32\Drivers\Brserid.sys 43BEA8D483BF1870F018E2D02E06A5BD
C:\Windows\System32\Drivers\BrSerWdm.sys A6ECA2151B08A09CACECA35C07F05B42
C:\Windows\System32\Drivers\BrUsbMdm.sys B79968002C277E869CF38BD22CD61524
C:\Windows\System32\Drivers\BrUsbSer.sys A87528880231C54E75EA7A44943B38BF
C:\Windows\system32\drivers\bthmodem.sys 9DA669F11D1F894AB4EB69BF546A42E8
C:\Windows\System32\DRIVERS\cdfs.sys B8BD2BB284668C84865658C77574381A
C:\Windows\System32\DRIVERS\cdrom.sys F036CE71586E93D94DAB220D7BDF4416
C:\Windows\system32\drivers\circlass.sys D7CD5C4E1B71FA62050515314CFB52CF
C:\Windows\System32\CLFS.sys FE1EC06F2253F691FE36217C592A0206
C:\Windows\system32\drivers\CmBatt.sys 0840155D0BDDF1190F84A663C284BD33
C:\Windows\system32\drivers\cmdide.sys E19D3F095812725D88F9001985B94EDD
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\system32\drivers\compbatt.sys 102DE219C3F61415F964C88E9085AD14
C:\Windows\System32\DRIVERS\CompositeBus.sys 03EDB043586CCEBA243D689BDDA370A8
C:\Windows\system32\drivers\crcdisk.sys 1C827878A998C18847245FE1F34EE597
C:\Windows\System32\Drivers\dfsc.sys 9BB2EF44EAA163B29C4A4587887A0FE4
C:\Windows\System32\drivers\discache.sys 13096B05847EC78F0977F2C0F79E9AB3
C:\Windows\System32\drivers\disk.sys 9819EEE8B5EA3784EC4AF3B137A5244C
C:\Windows\System32\drivers\drmkaud.sys 9B19F34400D24DF84C858A421C205754
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\drivers\evbda.sys DC5D737F51BE844D8C82C695EB17372F
C:\Windows\system32\drivers\elxstor.sys 0E5DA5369A0FCAEA12456DD852545184
C:\Windows\system32\drivers\errdev.sys 34A3C54752046E79A126E15C51DB409B
C:\Windows\System32\Drivers\exfat.sys A510C654EC00C1E9BDD91EEB3A59823B
C:\Windows\System32\Drivers\fastfat.sys 0ADC83218B66A6DB380C330836F3E36D
C:\Windows\System32\DRIVERS\fdc.sys D765D19CD8EF61F650C384F62FAC00AB
C:\Windows\System32\drivers\fileinfo.sys 655661BE46B5F5F3FD454E2C3095B930
C:\Windows\System32\drivers\filetrace.sys 5F671AB5BC87EEA04EC38A6CD5962A47
C:\Windows\System32\DRIVERS\flpydisk.sys C172A0F53008EAEB8EA33FE10E177AF5
C:\Windows\System32\drivers\fltmgr.sys DA6B67270FD9DB3697B20FCE94950741
C:\Windows\System32\drivers\FsDepends.sys D43703496149971890703B4B1B723EAC
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys 8C778D335C9D272CFD3298AB02ABE3B6
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys F2523EF6460FC42405B12248338AB2F0
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys 97BFED39B6B79EB12CDDBFEED51F56BB
C:\Windows\system32\drivers\HidBatt.sys 78E86380454A7B10A5EB255DC44A355F
C:\Windows\system32\drivers\hidbth.sys 7FD2A313F7AFE5C4DAB14798C48DD104
C:\Windows\system32\drivers\hidir.sys 0A77D29F311B88CFAE3B13F9C1A73825
C:\Windows\System32\DRIVERS\hidusb.sys 9592090A7E2B61CD582B612B6DF70536
C:\Windows\system32\drivers\HpSAMD.sys 39D2ABCD392F3D8A6DCE7B60AE7B8EFC
C:\Windows\System32\drivers\HTTP.sys 0EA7DE1ACB728DD5A369FD742D6EEE28
C:\Windows\System32\drivers\hwpolicy.sys A5462BD6884960C9DC85ED49D34FF392
C:\Windows\system32\drivers\i8042prt.sys FA55C73D4AFFA7EE23AC4BE53B4592D3
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys 5C18831C61933628F5BB0EA2675B9D21
C:\Windows\system32\drivers\intelide.sys F00F20E70C6EC3AA366910083A0518AA
C:\Windows\System32\DRIVERS\intelppm.sys ADA036632C664CAA754079041CF1F8C1
C:\Windows\System32\DRIVERS\ipfltdrv.sys C9F0E1BD74365A8771590E9008D22AB6
C:\Windows\system32\drivers\IPMIDrv.sys 0FC1AEA580957AA8817B8F305D18CA3A
C:\Windows\System32\drivers\ipnat.sys AF9B39A7E7B6CAA203B3862582E9F2D0
C:\Windows\System32\drivers\irenum.sys 3ABF5E7213EB28966D55D58B515D5CE9
C:\Windows\system32\drivers\isapnp.sys 2F7B28DC3E1183E5EB418DF55C204F38
C:\Windows\system32\drivers\msiscsi.sys D931D7309DEB2317035B07C9F9E6B0BD
C:\Windows\System32\DRIVERS\kbdclass.sys BC02336F1CBA7DCC7D1213BB588A68A5
C:\Windows\System32\DRIVERS\kbdhid.sys 0705EFF5B42A9DB58548EEC3B26BB484
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys 6869281E78CB31A43E969F06B57347C4
C:\Windows\System32\DRIVERS\L1E62x64.sys 2AC603C3188C704CFCE353659AA7AD71
C:\Windows\System32\DRIVERS\LEqdUsb.Sys BECBD7CD46776B8739EE18061F45A581
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\LHidEqd.Sys 21D6BD7D62C270059EB8E2B1D4095880
C:\Windows\System32\DRIVERS\LHidFilt.Sys B6552D382FF070B4ED34CBD6737277C0
C:\Windows\System32\DRIVERS\lirsgt.sys 156AB2E56DC3CA0B582E3362E07CDED7
C:\Windows\System32\DRIVERS\lltdio.sys 1538831CF8AD2979A04C423779465827
C:\Windows\System32\DRIVERS\LMouFilt.Sys 73C1F563AB73D459DFFE682D66476558
C:\Windows\system32\drivers\lsi_fc.sys 1A93E54EB0ECE102495A51266DCDB6A6
C:\Windows\system32\drivers\lsi_sas.sys 1047184A9FDC8BDBFF857175875EE810
C:\Windows\system32\drivers\lsi_sas2.sys 30F5C0DE1EE8B5BC9306C1F0E4A75F93
C:\Windows\system32\drivers\lsi_scsi.sys 0504EACAFF0D3C8AED161C4B0D369D4A
C:\Windows\system32\drivers\luafv.sys 43D0F98E1D56CCDDB0D5254CFF7B356E
C:\Windows\System32\Drivers\LUsbFilt.Sys 9D9714E78EAC9E5368208649489C920E
C:\Windows\System32\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF
C:\Windows\system32\drivers\megasas.sys A55805F747C6EDB6A9080D7C633BD0F4
C:\Windows\system32\drivers\MegaSR.sys BAF74CE0072480C3B6B7C13B2A94D6B3
C:\Windows\System32\drivers\modem.sys 800BA92F7010378B09F9ED9270F07137
C:\Windows\System32\DRIVERS\monitor.sys B03D591DC7DA45ECE20B3B467E6AADAA
C:\Windows\System32\DRIVERS\mouclass.sys 7D27EA49F3C1F687D357E77A470AEA99
C:\Windows\System32\DRIVERS\mouhid.sys D3BF052C40B0C4166D9FD86A4288C1E6
C:\Windows\System32\drivers\mountmgr.sys 32E7A3D591D671A6DF2DB515A5CBE0FA
C:\Windows\system32\drivers\mpio.sys A44B420D30BD56E145D6A2BC8768EC58
C:\Windows\System32\drivers\mpsdrv.sys 6C38C9E45AE0EA2FA5E551F2ED5E978F
C:\Windows\system32\drivers\mrxdav.sys DC722758B8261E1ABAFD31A3C0A66380
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys C25F0BAFA182CBCA2DD3C851C2E75796
C:\Windows\system32\drivers\msdsm.sys DB801A638D011B9633829EB6F663C900
C:\Windows\System32\Drivers\Msfs.sys AA3FB40E17CE1388FA1BEDAB50EA8F96
C:\Windows\System32\drivers\mshidkmdf.sys F9D215A46A8B9753F61767FA72A20326
C:\Windows\System32\drivers\msisadrv.sys D916874BBD4F8B07BFB7FA9B3CCAE29D
C:\Windows\System32\drivers\MSKSSRV.sys 49CCF2C4FEA34FFAD8B1B59D49439366
C:\Windows\System32\drivers\MSPCLOCK.sys BDD71ACE35A232104DDD349EE70E1AB3
C:\Windows\System32\drivers\MSPQM.sys 4ED981241DB27C3383D72092B618A1D0
C:\Windows\System32\Drivers\MsRPC.sys 759A9EEB0FA9ED79DA1FB7D4EF78866D
C:\Windows\System32\DRIVERS\mssmbios.sys 0EED230E37515A0EAEE3C2E1BC97B288
C:\Windows\System32\drivers\MSTEE.sys 2E66F9ECB30B4221A318C92AC2250779
C:\Windows\system32\drivers\MTConfig.sys 7EA404308934E675BFFDE8EDF0757BCD
C:\Windows\System32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089
C:\Windows\System32\Drivers\mup.sys F9A18612FD3526FE473C1BDA678D61C8
C:\Windows\System32\DRIVERS\nwifi.sys 1EA3749C4114DB3E3161156FFFFA6B33
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys 9F9A1F53AAD7DA4D6FEF5BB73AB811AC
C:\Windows\System32\DRIVERS\ndistapi.sys 30639C932D9FEF22B31268FE25A1B6E5
C:\Windows\System32\DRIVERS\ndisuio.sys 136185F9FB2CC61E573E676AA5402356
C:\Windows\System32\DRIVERS\ndiswan.sys 53F7305169863F0A2BDDC49E116C2E11
C:\Windows\System32\Drivers\NDProxy.sys 015C0D8E0E0421B4CFD48CFFE2825879
C:\Windows\System32\DRIVERS\netbios.sys 86743D9F5D2B1048062B14B1D84501C4
C:\Windows\System32\DRIVERS\netbt.sys 09594D1089C523423B32A4229263F068
C:\Windows\system32\drivers\nfrd960.sys 77889813BE4D166CDAB78DDBA990DA92
C:\Windows\System32\Drivers\Npfs.sys 1E4C4AB5C9B8DD13179BBDC75A2A01F7
C:\Windows\System32\drivers\nsiproxy.sys E7F5AE18AF4168178A642A9247C63001
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys 9899284589F75FA8724FF3D16AED75C1
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys 270D7CD42D6E3979F6DD0146650F0E05
C:\Windows\system32\drivers\ohci1394.sys 3589478E4B22CE21B41FA1BFC0B8B8A0
C:\Windows\system32\drivers\parport.sys 0086431C29C35BE1DBC43F52CC273887
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\PcaSp60.sys 5EACB8A19CAD7057806FBBF9550165E1
C:\Windows\System32\drivers\pci.sys 94575C0571D1462A0F70BDE6BD6EE6B3
C:\Windows\System32\drivers\pciide.sys B5B8B5EF2E5CB34DF8DCF8831E3534FA
C:\Windows\system32\drivers\pcmcia.sys B2E81D4E87CE48589F98CB8C05B01F2F
C:\Windows\System32\drivers\pcw.sys D6B9C2E1A11A3A4B26A182FFEF18F603
C:\Windows\System32\drivers\peauth.sys 68769C3356B3BE5D1C732C97B9A80D6E
C:\Windows\System32\DRIVERS\raspptp.sys F92A2C41117A11A00BE01CA01A7FCDE9
C:\Windows\system32\drivers\processr.sys 0D922E23C041EFB1C3FAC2A6F943C9BF
C:\Windows\System32\DRIVERS\pacer.sys 0557CF5A2556BD58E26384169D72438D
C:\Windows\system32\drivers\ql2300.sys A53A15A11EBFD21077463EE2C7AFEEF0
C:\Windows\system32\drivers\ql40xx.sys 4F6D12B51DE1AAEFF7DC58C4D75423C8
C:\Windows\system32\drivers\qwavedrv.sys 76707BB36430888D9CE9D705398ADB6C
C:\Windows\System32\DRIVERS\rasacd.sys 5A0DA8AD5762FA2D91678A8A01311704
C:\Windows\System32\DRIVERS\AgileVpn.sys 7ECFF9B22276B73F43A99A15A6094E90
C:\Windows\System32\DRIVERS\rasl2tp.sys 471815800AE33E6F1C32FB1B97C490CA
C:\Windows\System32\DRIVERS\raspppoe.sys 855C9B1CD4756C5E9A2AA58A15F58C25
C:\Windows\System32\DRIVERS\rassstp.sys E8B1E447B008D07FF47D016C2B0EEECB
C:\Windows\System32\DRIVERS\rdbss.sys 77F665941019A1594D887A74F301FA2F
C:\Windows\system32\drivers\rdpbus.sys 302DA2A0539F2CF54D7C6CC30C1F2D8D
C:\Windows\System32\DRIVERS\RDPCDD.sys CEA6CC257FC9B7715F1C2B4849286D24
C:\Windows\System32\drivers\rdpencdd.sys BB5971A4F00659529A5C44831AF22365
C:\Windows\System32\drivers\rdprefmp.sys 216F3FA57533D98E1F74DED70113177A
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys 34ED295FA0121C241BFEF24764FC4520
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 71B48DDAF5E9C2B40E64DE5C405F5AAC
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys C903D49655B4AAE46673F0AAA6BE0F58
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys DDC86E4F8E7456261E637E3552E804FF
C:\Windows\system32\drivers\sbp2port.sys AC03AF3329579FFFB455AA2DAABBE22B
C:\Windows\System32\DRIVERS\scfilter.sys 253F38D0D7074C02FF8DEB9836C97D2B
C:\Windows\System32\Drivers\secdrv.sys 3EA8A16169C26AFBEB544E0E48421186
C:\Windows\System32\DRIVERS\serenum.sys CB624C0035412AF0DEBEC78C41F5CA1B
C:\Windows\System32\DRIVERS\serial.sys C1D8E28B2C2ADFAEC4BA89E9FDA69BD6
C:\Windows\system32\drivers\sermouse.sys 1C545A7D0691CC4A027396535691C3E3
C:\Windows\system32\drivers\sffdisk.sys A554811BCD09279536440C964AE35BBF
C:\Windows\system32\drivers\sffp_mmc.sys FF414F0BAEFEBA59BC6C04B3DB0B87BF
C:\Windows\system32\drivers\sffp_sd.sys DD85B78243A19B59F0637DCF284DA63C
C:\Windows\system32\drivers\sfloppy.sys A9D601643A1647211A1EE2EC4E433FF4
C:\Windows\system32\drivers\SiSRaid2.sys 843CAF1E5FDE1FFD5FF768F23A51E2E1
C:\Windows\system32\drivers\sisraid4.sys 6A6C106D42E9FFFF8B9FCB4F754F6DA4
C:\Windows\System32\DRIVERS\smb.sys 548260A7B8654E024DC30BF8A7C5BAA4
C:\Windows\System32\Drivers\spldr.sys B9E31E5CACDFE584F34F730A677803F9
C:\Windows\System32\Drivers\sptd.sys 602884696850C86434530790B110E8EB
C:\Windows\System32\DRIVERS\dccmtr.sys 1D437579B9E02829011BE00E482C63A0
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys F3817967ED533D08327DC73BC4D5542A
C:\Windows\System32\DRIVERS\swenum.sys D01EC09B6711A5F8E7E6564A4D0FBC90
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys 3371D21011695B16333A3934340C4E7C
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys DDAD5A7AB24D8B65F8D724F5C20FD806
C:\Windows\System32\DRIVERS\termdd.sys 561E7E1F06895D78DE991E01DD0FB6E5
C:\Windows\System32\DRIVERS\tssecsrv.sys CE18B2CDFC837C99E5FAE9CA6CBA5D30
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys 3566A8DAAFA27AF944F5D705EAA64894
C:\Windows\system32\drivers\uagp35.sys B4DD609BD7E282BFC683CEC7EAAAAD67
C:\Windows\System32\DRIVERS\udfs.sys FF4232A1A64012BAA1FD97C7B67DF593
C:\Windows\system32\drivers\uliagpkx.sys 4BFE1BC28391222894CBF1E7D0E42320
C:\Windows\System32\DRIVERS\umbus.sys DC54A574663A895C8763AF0FA1FF7561
C:\Windows\system32\drivers\umpass.sys B2E8E8CB557B156DA5493BBDDCC1474D
C:\Windows\System32\Drivers\usbaapl64.sys 43228F8EDD1B0BCDD3145AD246E63D39
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys AF0892A803FDDA7492F595368E3B68E7
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys 73188F58FB384E75C4063D29413CEE3D
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\drivers\vdrvroot.sys C5C876CCFC083FF3B128F933823E87BD
C:\Windows\System32\DRIVERS\vgapnp.sys DA4DA3F5E02943C2DC8C6ED875DE68DD
C:\Windows\System32\drivers\vga.sys 53E92A310193CB3C03BEA963DE7D9CFC
C:\Windows\system32\drivers\vhdmp.sys 2CE2DF28C83AEAF30084E1B1EB253CBB
C:\Windows\system32\drivers\viaide.sys E5689D93FFE4E5D66C0178761240DD54
C:\Windows\System32\drivers\volmgr.sys D2AAFD421940F640B407AEFAAEBD91B0
C:\Windows\System32\drivers\volmgrx.sys A255814907C89BE58B79EF2F189B843B
C:\Windows\System32\drivers\volsnap.sys 0D08D2F3B3FF84E433346669B5E0F639
C:\Windows\system32\drivers\vsmraid.sys 5E2016EA6EBACA03C04FEAC5F330D997
C:\Windows\System32\drivers\vwifibus.sys 36D4720B72B5C5D9CB2B9C29E9DF67A1
C:\Windows\System32\DRIVERS\VX1000.sys CE6C085771812D5EE863CC7EF93CAEF2
C:\Windows\system32\drivers\wacompen.sys 4E9440F4F152A7B944CB1663D3935A3E
C:\Windows\System32\DRIVERS\wanarp.sys 356AFD78A6ED4457169241AC3965230C
C:\Windows\System32\DRIVERS\wanarp.sys 356AFD78A6ED4457169241AC3965230C
C:\Windows\system32\drivers\wd.sys 72889E16FF12BA0F235467D6091B17DC
C:\Windows\System32\DRIVERS\wdcsam64.sys A3D04EBF5227886029B4532F20D026F7
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys 611B23304BF067451A9FDEE01FBDD725
C:\Windows\System32\drivers\wimmount.sys 05ECAEC3E4529A7153B3136CEB49F0EC
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys F6FF8944478594D0E414D3F048F0D778
C:\Windows\system32\drivers\ws2ifsl.sys 6BCC1D7D2FD2453957C5479A32364E52
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-23 20:08 - 2013-07-23 20:08 - 00000000 ____D C:\FRST
2013-07-23 16:24 - 2013-07-23 16:24 - 01779757 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2013-07-23 16:22 - 2013-07-23 16:22 - 01064600 _____ C:\Users\Mike\Downloads\setup.exe
2013-07-23 15:56 - 2013-07-23 15:57 - 149303296 _____ C:\Users\Mike\Downloads\win7-32bit rc.iso
2013-07-23 15:56 - 2013-07-23 15:56 - 01220240 _____ (Farbar) C:\Users\Mike\Downloads\FRST.exe
2013-07-23 15:56 - 2013-07-23 15:56 - 00857600 _____ C:\Users\Mike\Downloads\WiNToBootic.exe
2013-07-23 15:15 - 2013-07-23 15:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-23 15:15 - 2013-07-23 15:15 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 15:15 - 2013-07-23 15:15 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes
2013-07-23 15:15 - 2013-07-23 15:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 15:15 - 2013-04-04 10:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-23 15:07 - 2013-07-23 15:08 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Downloads\iexplore.exe.exe
2013-07-21 08:56 - 2013-07-21 08:57 - 00012781 _____ C:\Users\Mike\Downloads\Canoe Checklist (1) (1).xlsx
2013-07-19 13:08 - 2013-07-19 13:09 - 00018435 _____ C:\Windows\DirectX.log
2013-07-17 13:16 - 2013-07-17 13:16 - 00000930 _____ C:\Users\Public\Desktop\calibre.lnk
2013-07-17 13:15 - 2013-07-17 13:16 - 00000000 ____D C:\Program Files\Calibre2
2013-07-17 13:09 - 2013-07-17 13:10 - 57843712 _____ C:\Users\Mike\Downloads\calibre-64bit-0.9.39.msi
2013-07-17 12:59 - 2013-07-17 13:00 - 00000000 ____D C:\ProgramData\safee save
2013-07-17 12:58 - 2013-07-17 12:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-17 12:56 - 2013-07-17 16:18 - 00000000 ____D C:\Users\Mike\Downloads\30_life_changing_books
2013-07-17 12:55 - 2013-07-17 12:55 - 00015166 _____ C:\Users\Mike\Downloads\[isoHunt] 30_life_changing_books.torrent
2013-07-17 12:54 - 2013-07-17 12:54 - 00387403 _____ C:\Users\Mike\Downloads\[isoHunt] Chuck_-_Season_5_Complete_HDTV_(XviD_MP3)___Gag_Reel_(MP4).6991680.TPB.torrent
2013-07-14 16:46 - 2013-07-14 16:46 - 00014478 _____ C:\Users\Mike\Downloads\[isoHunt] 4213681.torrent
2013-07-14 15:55 - 2013-07-14 15:56 - 00014459 _____ C:\Users\Mike\Downloads\[isoHunt] Chuck.S04E22.HDTV.XviD-LOL.[eztv].torrent
2013-07-14 11:19 - 2013-07-14 11:19 - 00011802 _____ C:\Users\Mike\Downloads\[isoHunt] Chuck_Season_5.6998517.TPB.torrent
2013-07-14 11:16 - 2013-07-14 11:16 - 00146211 _____ C:\Users\Mike\Downloads\[isoHunt] Chuck Season 1, 2, 3 & 4   Extras (Webisodes etc) DVDRip HDTV TSV.torrent
2013-07-14 11:13 - 2013-07-14 15:45 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc
2013-07-14 10:32 - 2013-07-14 10:32 - 00046068 _____ C:\Users\Mike\Downloads\[isoHunt] Chuck_-_Season_4_Complete_HDTV_(XviD_MP3).6398917.TPB.torrent
2013-07-09 17:52 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 17:52 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 17:52 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 17:52 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 17:52 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 17:52 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 17:52 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 17:52 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 17:52 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 17:52 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 17:52 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-09 17:52 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-09 17:52 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-09 17:52 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-09 17:52 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-09 17:52 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-09 17:52 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-09 17:52 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-09 17:52 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-09 17:52 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-09 17:52 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-09 17:52 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-09 17:52 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-09 17:52 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-09 17:52 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-09 17:52 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-09 17:52 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-09 17:52 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-09 17:52 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-09 17:52 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-09 17:52 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 16:52 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 16:52 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 16:52 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 16:52 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 16:52 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 16:52 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 16:52 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-07 15:47 - 2013-07-07 15:47 - 22937227 _____ C:\Users\Mike\Downloads\vlc-2.0.7-win32.exe
2013-07-06 03:17 - 2013-07-06 03:16 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-06 03:17 - 2013-07-06 03:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-06 03:17 - 2013-07-06 03:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-06 03:17 - 2013-07-06 03:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-05 15:56 - 2013-07-05 15:56 - 00000000 ____D C:\Users\Mike\Downloads\HDRsoft Photomatix Pro [v4.2.7] (32-64bit) [with Key] - [MAHIY]
2013-06-24 18:57 - 2013-06-24 18:57 - 00012781 _____ C:\Users\Mike\Downloads\Canoe Checklist (1).xlsx
2013-06-23 16:50 - 2013-06-23 16:50 - 08964977 _____ C:\Users\Mike\Downloads\MapDisplay.rar
 
==================== One Month Modified Files and Folders =======
 
2013-07-23 20:08 - 2013-07-23 20:08 - 00000000 ____D C:\FRST
2013-07-23 16:25 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 16:25 - 2009-07-13 20:45 - 00021888 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 16:24 - 2013-07-23 16:24 - 01779757 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2013-07-23 16:23 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2013-07-23 16:22 - 2013-07-23 16:22 - 01064600 _____ C:\Users\Mike\Downloads\setup.exe
2013-07-23 15:57 - 2013-07-23 15:56 - 149303296 _____ C:\Users\Mike\Downloads\win7-32bit rc.iso
2013-07-23 15:56 - 2013-07-23 15:56 - 01220240 _____ (Farbar) C:\Users\Mike\Downloads\FRST.exe
2013-07-23 15:56 - 2013-07-23 15:56 - 00857600 _____ C:\Users\Mike\Downloads\WiNToBootic.exe
2013-07-23 15:34 - 2013-04-10 14:00 - 00004858 _____ C:\Windows\PFRO.log
2013-07-23 15:28 - 2011-05-15 05:15 - 00000000 ___RD C:\Users\Mike\Desktop
2013-07-23 15:15 - 2013-07-23 15:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-23 15:15 - 2013-07-23 15:15 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-23 15:15 - 2013-07-23 15:15 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes
2013-07-23 15:15 - 2013-07-23 15:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-23 15:15 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-23 15:08 - 2013-07-23 15:07 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Downloads\iexplore.exe.exe
2013-07-23 14:32 - 2011-05-15 08:39 - 00000000 ____D C:\Windows\pss
2013-07-23 14:25 - 2011-05-15 06:40 - 00000000 ___RD C:\Users\Mike\Dropbox
2013-07-23 14:25 - 2011-05-15 06:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox
2013-07-23 14:24 - 2013-03-18 17:35 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-07-23 14:12 - 2013-03-18 13:40 - 00009746 _____ C:\Windows\setupact.log
2013-07-23 14:05 - 2011-05-15 06:14 - 00000000 ____D C:\ProgramData\MFAData
2013-07-23 14:04 - 2011-05-14 20:19 - 01939343 _____ C:\Windows\WindowsUpdate.log
2013-07-21 09:01 - 2011-05-15 07:08 - 00000000 ____D C:\Users\Mike\AppData\Local\Adobe
2013-07-21 08:57 - 2013-07-21 08:56 - 00012781 _____ C:\Users\Mike\Downloads\Canoe Checklist (1) (1).xlsx
2013-07-19 13:17 - 2013-05-20 15:08 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent
2013-07-19 13:10 - 2011-07-05 04:01 - 00000000 ____D C:\Users\Mike\Documents\My Games
2013-07-19 13:09 - 2013-07-19 13:08 - 00018435 _____ C:\Windows\DirectX.log
2013-07-18 16:08 - 2011-08-06 17:59 - 00000000 ____D C:\Users\Mike\Desktop\Lightroom Exports
2013-07-17 16:18 - 2013-07-17 12:56 - 00000000 ____D C:\Users\Mike\Downloads\30_life_changing_books
2013-07-17 13:40 - 2011-06-04 07:51 - 00000000 ____D C:\Users\Mike\Calibre - Short List
2013-07-17 13:16 - 2013-07-17 13:16 - 00000930 _____ C:\Users\Public\Desktop\calibre.lnk
2013-07-17 13:16 - 2013-07-17 13:15 - 00000000 ____D C:\Program Files\Calibre2
2013-07-17 13:10 - 2013-07-17 13:09 - 57843712 _____ C:\Users\Mike\Downloads\calibre-64bit-0.9.39.msi
2013-07-17 13:00 - 2013-07-17 12:59 - 00000000 ____D C:\ProgramData\safee save
2013-07-17 13:00 - 2011-05-21 13:43 - 00000000 ____D C:\Program Files\PhotomatixPro4
2013-07-17 13:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64
2013-07-17 12:59 - 2013-07-17 12:58 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-17 12:55 - 2013-07-17 12:55 - 00015166 _____ C:\Users\Mike\Downloads\[isoHunt] 30_life_changing_books.torrent
2013-07-17 12:54 - 2013-07-17 12:54 - 00387403 _____ C:\Users\Mike\Downloads\[isoHunt] Chuck_-_Season_5_Complete_HDTV_(XviD_MP3)___Gag_Reel_(MP4).6991680.TPB.torrent
2013-07-16 17:44 - 2009-07-13 21:13 - 00779306 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-14 16:46 - 2013-07-14 16:46 - 00014478 _____ C:\Users\Mike\Downloads\[isoHunt] 4213681.torrent
2013-07-14 15:56 - 2013-07-14 15:55 - 00014459 _____ C:\Users\Mike\Downloads\[isoHunt] Chuck.S04E22.HDTV.XviD-LOL.[eztv].torrent
2013-07-14 15:45 - 2013-07-14 11:13 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc
2013-07-14 11:19 - 2013-07-14 11:19 - 00011802 _____ C:\Users\Mike\Downloads\[isoHunt] Chuck_Season_5.6998517.TPB.torrent
2013-07-14 11:16 - 2013-07-14 11:16 - 00146211 _____ C:\Users\Mike\Downloads\[isoHunt] Chuck Season 1, 2, 3 & 4   Extras (Webisodes etc) DVDRip HDTV TSV.torrent
2013-07-14 10:32 - 2013-07-14 10:32 - 00046068 _____ C:\Users\Mike\Downloads\[isoHunt] Chuck_-_Season_4_Complete_HDTV_(XviD_MP3).6398917.TPB.torrent
2013-07-12 13:48 - 2012-04-02 14:05 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-12 13:48 - 2011-05-15 10:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-10 14:33 - 2011-05-19 16:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Mozilla
2013-07-10 14:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-10 13:49 - 2009-07-13 20:45 - 05109720 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 13:43 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 13:43 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 13:42 - 2013-03-12 18:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-09 18:01 - 2011-05-15 07:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-09 17:54 - 2011-05-15 05:23 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-07 15:47 - 2013-07-07 15:47 - 22937227 _____ C:\Users\Mike\Downloads\vlc-2.0.7-win32.exe
2013-07-07 11:42 - 2011-07-24 16:52 - 00000000 ____D C:\Users\Mike\Calibre - Photography Books Good
2013-07-07 11:42 - 2011-06-13 13:29 - 00000000 ____D C:\Users\Mike\Calibre - Long List 2
2013-07-07 11:42 - 2011-06-04 08:29 - 00000000 ____D C:\Users\Mike\Calibre - Long List
2013-07-06 03:16 - 2013-07-06 03:17 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-06 03:16 - 2013-07-06 03:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-06 03:16 - 2013-07-06 03:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-06 03:16 - 2013-07-06 03:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-06 03:16 - 2012-06-14 16:36 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-06 03:16 - 2011-05-15 08:52 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-06 03:04 - 2012-09-21 19:23 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2013
2013-07-05 15:56 - 2013-07-05 15:56 - 00000000 ____D C:\Users\Mike\Downloads\HDRsoft Photomatix Pro [v4.2.7] (32-64bit) [with Key] - [MAHIY]
2013-06-24 18:57 - 2013-06-24 18:57 - 00012781 _____ C:\Users\Mike\Downloads\Canoe Checklist (1).xlsx
2013-06-23 16:50 - 2013-06-23 16:50 - 08964977 _____ C:\Users\Mike\Downloads\MapDisplay.rar
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe
[2011-05-15 05:21] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
 
C:\Windows\System32\winlogon.exe
[2010-11-20 19:24] - [2010-11-20 19:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
 
C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA
 
C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\User32.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
 
C:\Windows\System32\userinit.exe
[2010-11-20 19:24] - [2010-11-20 19:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53
 
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-20 19:23] - [2010-11-20 19:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
 
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-07-17 13:14:18
Restore point made on: 2013-07-19 13:07:04
 
==================== BCD ================================
The boot configuration data store could not be opened.
The requested system device cannot be found.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 4095.05 MB
Available physical RAM: 3570.49 MB
Total Pagefile: 4093.33 MB
Available Pagefile: 3571.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.32 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:596.17 GB) (Free:263.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Media) (Fixed) (Total:1862.89 GB) (Free:1221.92 GB) NTFS
Drive e: (Mike) (Fixed) (Total:931.51 GB) (Free:697.85 GB) NTFS
Drive f: (Movies) (CDROM) (Total:3.89 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:0.93 GB) (Free:0.76 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 257697CB)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 261C04BE)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 956 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=956 MB) - (Type=07 NTFS)
 
 
LastRegBack: 2013-07-13 05:18
 
==================== End Of Log ============================

 

Interestingly when the system booted up again after running FRST, it loaded up fine. Only difference was that the taskbar is the old gray style. Thought I might be in safemode but there isn't the label and the screen resolution is normal.

 

Any thoughts on whats going on?

 

Thank you :)



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 PM

Posted 23 July 2013 - 10:12 PM


Hello kythoon

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kythoon

kythoon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 24 July 2013 - 05:56 AM

Hey, thanks for the quick reply

 

Here are the 2 logs

 

# AdwCleaner v2.306 - Logfile created 07/24/2013 at 06:42:06
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mike - MIKE-PC
# Boot Mode : Normal
# Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : Updater Service for AMZN
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nmlb8t17.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Amazon Browser Bar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v6
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\safee save
Folder Deleted : C:\Users\Mike\AppData\Local\Conduit
Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofbojhffjakdfgiaikmholldmnldnfd
Folder Deleted : C:\Users\Mike\AppData\Local\PackageAware
Folder Deleted : C:\Users\Mike\AppData\Local\Temp\CT3289075
Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mike\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Mike\AppData\LocalLow\uTorrentControl_v6
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nmlb8t17.default\CT3289075
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nmlb8t17.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nmlb8t17.default\extensions\staged
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nmlb8t17.default\Smartbar
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nmlb8t17.default\StumbleUpon
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v6
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\Software\uTorrentControl_v6
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{104F038B-A089-44BC-BDDE-30F71632222C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA1FFE2E-00FC-4D3E-B31F-F3D25653785E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v6 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN10331165003011824&UM=2&ctid=CT3289075 --> hxxp://www.google.com
 
-\\ Mozilla Firefox v8.0.1 (en-US)
 
File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nmlb8t17.default\prefs.js
 
Deleted : user_pref("CT3289075.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM3MzkzODgxNSwidXVpZCI6OTg2ODUzNTIxNjc2OTUyLCJ[...]
Deleted : user_pref("CT3289075.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289075.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3289075.FF19Solved", "true");
Deleted : user_pref("CT3289075.FirstTime", "true");
Deleted : user_pref("CT3289075.FirstTimeFF3", "true");
Deleted : user_pref("CT3289075.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3289075.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3289075.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3289075.SF_USER_ID.enc", "Y2lkXzE1NzIwMTMyMTQwMjM1MDkzMzA5");
Deleted : user_pref("CT3289075.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("CT3289075.UserID", "UN16669677961159256");
Deleted : user_pref("CT3289075.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3289075.autoDisableScopes", -1);
Deleted : user_pref("CT3289075.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289075.cbfirsttime.enc", "TW9uIEp1bCAxNSAyMDEzIDIxOjQwOjIyIEdNVC0wNDAwIChFYXN0ZXJuIERh[...]
Deleted : user_pref("CT3289075.defaultSearch", "true");
Deleted : user_pref("CT3289075.embeddedsData", "[{\"appId\":\"130064539389933152\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3289075.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3289075.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3289075.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3289075.fixPageNotFoundErrorByUser", "TRUE");
Deleted : user_pref("CT3289075.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3289075.fixUrls", true);
Deleted : user_pref("CT3289075.installDate", "20/5/2013 19:11:26");
Deleted : user_pref("CT3289075.installType", "xpe");
Deleted : user_pref("CT3289075.installUsage", "2013-06-02T02:30:40.4071162+03:00");
Deleted : user_pref("CT3289075.installUsageEarly", "2013-06-02T02:30:39.065671+03:00");
Deleted : user_pref("CT3289075.installerVersion", "1.3.7.3");
Deleted : user_pref("CT3289075.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3289075.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289075.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3289075.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3289075.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3289075.keyword", "true");
Deleted : user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3289075.lastVersion", "10.15.0.62");
Deleted : user_pref("CT3289075.mam_gk_appStateReportTime.enc", "MTM3MzkzODgyMTE4OA==");
Deleted : user_pref("CT3289075.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3289075.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3289075.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3289075.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3289075.mam_gk_calledSetupService.enc", "MQ==");
Deleted : user_pref("CT3289075.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
Deleted : user_pref("CT3289075.mam_gk_currentVersion.enc", "MS45LjAuNA==");
Deleted : user_pref("CT3289075.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Deleted : user_pref("CT3289075.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3289075.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Deleted : user_pref("CT3289075.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289075.mam_gk_lastLoginTime.enc", "MTM3MzkzODgxNzI4MQ==");
Deleted : user_pref("CT3289075.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3289075.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289075.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289075.mam_gk_settings1.6.0.99.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVy[...]
Deleted : user_pref("CT3289075.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289075.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289075.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289075.mam_gk_userId.enc", "ZjAzYWM3MzctYjJmMS00N2I1LTk5MTAtMDViNjYwMjc0OTRl");
Deleted : user_pref("CT3289075.migrateAppsAndComponents", true);
Deleted : user_pref("CT3289075.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3289075.openThankYouPage", "true");
Deleted : user_pref("CT3289075.openUninstallPage", "false");
Deleted : user_pref("CT3289075.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3289075.revertSettingsEnabled", "TRUE");
Deleted : user_pref("CT3289075.search.searchAppId", "130064539389933152");
Deleted : user_pref("CT3289075.search.searchCount", "0");
Deleted : user_pref("CT3289075.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3289075.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3289075.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3289075.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289075.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3289075.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3289075.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1370129442507");
Deleted : user_pref("CT3289075.serviceLayer_services_appsMetadata_lastUpdate", "1370129442488");
Deleted : user_pref("CT3289075.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1370129442437");
Deleted : user_pref("CT3289075.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1370129441[...]
Deleted : user_pref("CT3289075.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1370129442997")[...]
Deleted : user_pref("CT3289075.serviceLayer_services_location_lastUpdate", "1370129441293");
Deleted : user_pref("CT3289075.serviceLayer_services_login_10.15.0.62_lastUpdate", "1370129442643");
Deleted : user_pref("CT3289075.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1370129442463");
Deleted : user_pref("CT3289075.serviceLayer_services_searchAPI_lastUpdate", "1370129441392");
Deleted : user_pref("CT3289075.serviceLayer_services_serviceMap_lastUpdate", "1370129440323");
Deleted : user_pref("CT3289075.serviceLayer_services_toolbarContextMenu_lastUpdate", "1370129442375");
Deleted : user_pref("CT3289075.serviceLayer_services_toolbarSettings_lastUpdate", "1370129441298");
Deleted : user_pref("CT3289075.serviceLayer_services_translation_lastUpdate", "1370129442493");
Deleted : user_pref("CT3289075.settingsINI", true);
Deleted : user_pref("CT3289075.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3289075.showToolbarPermission", "false");
Deleted : user_pref("CT3289075.smartbar.CTID", "CT3289075");
Deleted : user_pref("CT3289075.smartbar.Uninstall", "0");
Deleted : user_pref("CT3289075.smartbar.homepage", true);
Deleted : user_pref("CT3289075.smartbar.toolbarName", "uTorrentControl_v6 ");
Deleted : user_pref("CT3289075.startPage", "true");
Deleted : user_pref("CT3289075.toolbarBornServerTime", "2-6-2013");
Deleted : user_pref("CT3289075.toolbarCurrentServerTime", "2-6-2013");
Deleted : user_pref("CT3289075.toolbarLoginClientTime", "Sat Jun 01 2013 19:30:42 GMT-0400 (Eastern Daylight T[...]
Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN16669677[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v6 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289075");
Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl_v6 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "uTorrentControl_v6 Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN1666967796115[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "X33CQSPSVQB1NDYFLYZZ9FPVTZBYLTXDGWJ6IWQEDMVLCBM7SC/LFEWKUKHIRLYTYFJ[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&Se[...]
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "AVG Secure Search");
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R2].txt - [16631 octets] - [24/07/2013 06:41:21]
AdwCleaner[S1].txt - [16795 octets] - [24/07/2013 06:42:06]
 
########## EOF - C:\AdwCleaner[S1].txt - [16856 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x64
Ran by Mike on 24/07/2013 at  6:47:46.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/07/2013 at  6:53:01.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Things are still running well. Though windows doesn't look the same and audio isn't on. Think I may have stopped some Window's Services when fiddling around in safeboot. Is there a list of what should be running?

 

Thanks



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 PM

Posted 24 July 2013 - 07:32 AM


Hello kythoon

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kythoon

kythoon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 25 July 2013 - 05:34 PM

ComboFix 13-07-25.02 - Mike 25/07/2013  18:07:34.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4095.2866 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130725180050.125599
c:\windows\SysWow64\acaptuser32 REMOVE.txt
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))
.
.
2013-07-24 10:47 . 2013-07-24 10:47 -------- d-----w- c:\windows\ERUNT
2013-07-24 10:45 . 2013-07-25 22:19 -------- d-----w- c:\programdata\boost_interprocess
2013-07-24 10:42 . 2013-07-24 10:42 171 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-24 04:08 . 2013-07-24 04:08 -------- d-----w- C:\FRST
2013-07-24 01:33 . 2013-07-24 01:33 -------- d-----w- c:\program files (x86)\CodeStuff
2013-07-24 00:23 . 2013-07-24 00:26 -------- d-----w- c:\program files (x86)\Amazon
2013-07-23 23:15 . 2013-07-23 23:15 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2013-07-23 23:15 . 2013-07-23 23:15 -------- d-----w- c:\programdata\Malwarebytes
2013-07-23 23:15 . 2013-07-23 23:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-23 23:15 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-17 21:15 . 2013-07-17 21:16 -------- d-----w- c:\program files\Calibre2
2013-07-17 20:58 . 2013-07-17 20:59 -------- d-----w- c:\programdata\InstallMate
2013-07-14 19:13 . 2013-07-14 23:45 -------- d-----w- c:\users\Mike\AppData\Roaming\vlc
2013-07-10 00:53 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 00:53 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 00:53 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 00:53 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 00:53 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 00:53 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 00:53 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 00:52 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 00:52 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 00:52 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 00:52 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 00:52 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 00:52 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 00:52 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 00:52 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 00:52 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 00:52 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 00:52 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 00:52 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-06 11:17 . 2013-07-06 11:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 21:48 . 2012-04-02 22:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-12 21:48 . 2011-05-15 18:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 01:54 . 2011-05-15 13:23 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-06 11:16 . 2012-06-15 00:36 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-06 11:16 . 2011-05-15 16:52 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-13 05:51 . 2013-06-11 23:02 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-11 23:02 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-11 23:02 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-11 23:02 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-11 23:02 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-11 23:02 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-11 23:02 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-11 23:02 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 23:02 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-11 23:02 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-11 23:02 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-11 23:02 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-11 23:02 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-03-13 3991720]
"GBMPro8Agent"="c:\program files (x86)\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-07-28 189056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-2-4 1207312]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys;c:\windows\SYSNATIVE\DRIVERS\dccmtr.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:48]
.
2013-07-22 c:\windows\Tasks\GBM - Weekly Main Backup-Full.job
- c:\program files (x86)\Genie-Soft\GBMPro8\GBM8.exe [2011-05-15 14:04]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291195301-2530021531-2950688569-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 13:18]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291195301-2530021531-2950688569-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 13:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-06-12 03:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-06-12 03:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-06-12 03:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{98CD7641-B483-4D37-A90B-7AB83C37846A}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nmlb8t17.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AVG\AVG2013\avgmfapx.exe
c:\program files (x86)\AVG\AVG2013\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2013-07-25  18:28:06 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-25 22:28
.
Pre-Run: 316,915,130,368 bytes free
Post-Run: 318,763,319,296 bytes free
.
- - End Of File - - 7660A733A427F34E45A2AAFEC106B71C
A36C5E4F47E84449FF07ED3517B43A31
 

Things seem to be doing well. Still have some sort of issue with the toolbar appearance and no sound. Think I turned out several Windows Services. Can i return these to default?

 

Thank you!



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 PM

Posted 25 July 2013 - 09:49 PM


Hello kythoon

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kythoon

kythoon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 26 July 2013 - 06:43 AM

Hey, a heads up that I'll be away over the weekend but will try and provide the latest log when I return on Sunday/Monday

 

Have a good weekend as well



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 PM

Posted 26 July 2013 - 09:25 AM

Thank you for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kythoon

kythoon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 28 July 2013 - 05:57 PM

ComboFix 13-07-27.01 - Mike 28/07/2013  18:34:25.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4095.2529 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130728182405.125599
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-28  )))))))))))))))))))))))))))))))
.
.
2013-07-28 22:47 . 2013-07-28 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-26 00:20 . 2013-07-26 00:30 -------- d-----w- c:\windows\system32\catroot2
2013-07-26 00:04 . 2013-07-26 00:05 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2013-07-25 23:56 . 2013-07-25 23:56 -------- d-----w- C:\RegBackup
2013-07-25 23:53 . 2013-07-26 00:15 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-07-25 23:52 . 2013-07-25 23:52 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-07-24 10:47 . 2013-07-24 10:47 -------- d-----w- c:\windows\ERUNT
2013-07-24 10:45 . 2013-07-28 22:47 -------- d-----w- c:\programdata\boost_interprocess
2013-07-24 10:42 . 2013-07-24 10:42 171 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-24 04:08 . 2013-07-24 04:08 -------- d-----w- C:\FRST
2013-07-24 01:33 . 2013-07-24 01:33 -------- d-----w- c:\program files (x86)\CodeStuff
2013-07-24 00:23 . 2013-07-24 00:26 -------- d-----w- c:\program files (x86)\Amazon
2013-07-23 23:15 . 2013-07-23 23:15 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2013-07-23 23:15 . 2013-07-23 23:15 -------- d-----w- c:\programdata\Malwarebytes
2013-07-23 23:15 . 2013-07-23 23:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-23 23:15 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-17 21:15 . 2013-07-17 21:16 -------- d-----w- c:\program files\Calibre2
2013-07-17 20:58 . 2013-07-17 20:59 -------- d-----w- c:\programdata\InstallMate
2013-07-14 19:13 . 2013-07-14 23:45 -------- d-----w- c:\users\Mike\AppData\Roaming\vlc
2013-07-10 00:53 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 00:53 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 00:53 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 00:53 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 00:53 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 00:53 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 00:53 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 00:52 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 00:52 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 00:52 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 00:52 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 00:52 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 00:52 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 00:52 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 00:52 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 00:52 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 00:52 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 00:52 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 00:52 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-06 11:17 . 2013-07-06 11:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 21:48 . 2012-04-02 22:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-12 21:48 . 2011-05-15 18:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 01:54 . 2011-05-15 13:23 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-06 11:16 . 2012-06-15 00:36 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-06 11:16 . 2011-05-15 16:52 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-13 05:51 . 2013-06-11 23:02 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-11 23:02 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-11 23:02 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-11 23:02 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-11 23:02 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-11 23:02 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-11 23:02 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-11 23:02 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 23:02 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-11 23:02 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-11 23:02 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-11 23:02 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-11 23:02 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-03-13 3991720]
"GBMPro8Agent"="c:\program files (x86)\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-07-28 189056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-2-4 1207312]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys;c:\windows\SYSNATIVE\DRIVERS\dccmtr.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:48]
.
2013-07-22 c:\windows\Tasks\GBM - Weekly Main Backup-Full.job
- c:\program files (x86)\Genie-Soft\GBMPro8\GBM8.exe [2011-05-15 14:04]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291195301-2530021531-2950688569-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 13:18]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4291195301-2530021531-2950688569-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 13:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-06-12 03:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-06-12 03:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-06-12 03:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{98CD7641-B483-4D37-A90B-7AB83C37846A}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nmlb8t17.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-28  18:50:13
ComboFix-quarantined-files.txt  2013-07-28 22:50
ComboFix2.txt  2013-07-25 22:28
.
Pre-Run: 323,824,451,584 bytes free
Post-Run: 323,387,392,000 bytes free
.
- - End Of File - - 1B0D7830E4AD8D2816D4CF2E7039C284
A36C5E4F47E84449FF07ED3517B43A31
 

Turned it on today and was surprised to see the toolbar looking like normal. Not sure what else changed.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 PM

Posted 28 July 2013 - 08:21 PM


Hello kythoon

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kythoon

kythoon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 30 July 2013 - 08:09 PM

 
7-Zip 9.22beta
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Creative Cloud
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CC
Adobe Photoshop CS5
And Yet It Moves
Apple Application Support
Apple Software Update
Assassin's Creed II
µTorrent
Bastion
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
BlackBerry Device Manager 6.0.2
BlackBerry Device Software Updater
Borderlands 2
Braid
calibre
Call of Duty® 4 - Modern Warfare™
Canon RAW Codec
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Cave Story+
CCC Help English
CodeStuff Starter
Color Efex Pro 3.0 Complete
DeepSkyStacker
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Deus Ex: Human Revolution
Dfine 2.0
Dragon Age II
Dropbox
erLT
Fallout: New Vegas
Far Cry® 3
FITS Liberator 3.0
GECK - New Vegas Edition
Genie Backup Manager Pro 8.0
Gmail Backup
Google Chrome
Google Talk Plugin
GPU Caps Viewer 1.16.0
Gratuitous Space Battles
Guild Wars 2
Hammerfight
High-Definition Video Playback 10
Jamestown
Java 3D 1.5.2
Java 7 Update 25
Java Auto Updater
JavaFX 2.1.1
LastPass (uninstall only)
Left 4 Dead 2
LIMBO
Logitech SetPoint
LRTimelapse
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Camera Codec Pack
Microsoft Corporation
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NiceCopier
NightSky
Notepad++
NVIDIA PhysX
OnTopReplica
OpenAL
Orcs Must Die!
Orcs Must Die! 2
Overlord II
Path of Exile
PDF Settings CC
PDF Settings CS5
Plex Media Server
Portal
Portal 2
PTGui Pro 9.0
QuickTime
Rainmeter
RegiStar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Sharpener Pro 3.0
Sid Meier's Civilization V
Silver Efex Pro
Skype Click to Call
Skype™ 6.3
Spyder4Pro
Steam
Super Meat Boy
Superbrothers: Sword & Sworcery EP
Team Fortress 2
The Elder Scrolls V: Skyrim
The Photographer's Ephemeris
The Witcher 2
The Witcher: Enhanced Edition
Topaz  InFocus
Topaz Adjust 4
Topaz Clean 3
Topaz Clean 3 (64-bit)
Topaz DeJpeg 4
Topaz DeJpeg 4 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
Topaz Detail 2
Topaz Detail 2 (64-bit)
Topaz Fusion Express 2
Topaz Fusion Express 2 (64-bit)
Topaz InFocus (64-bit)
Topaz Lens Effects
Topaz Lens Effects (64-bit)
Topaz ReMask 2
Topaz ReMask 2 (64-bit)
Topaz Simplify 3
Topaz Simplify 3 (64-bit)
Torchlight II
Trine 2
Ubisoft Game Launcher
Unreal Tournament 2004
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Video Download Capture V2.6.5
Visual Studio 2008 x64 Redistributables
Viveza
VLC media player 2.0.7
Xvid Video Codec
 
Was this want you wanted? What's Qoobox?
 
More to follow in second post


#12 kythoon

kythoon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 30 July 2013 - 08:25 PM

Bads news today :(

 

Came back to my computer and found that it booted up badly. It looked ok at first (saw the bios, windows logo, the tune, desktop and icons) but then the icons disappeared and were covered with blue squares. I could click on some things but couldn't see what opened. So I restarted but things got worse.

 

At the windows logo page, I saw two vertical static noise bars (inch wide each) which made it hard to see through. When the desktop appeared the whole surface was covered with this noise. Restarted again

 

This time the computer went into a bluescreen crash. Could only make out atimpag.sys (I think). Restarted again

 

Was finally given the option to go into safe mode this time. This worked and I was able to save the dump file from the crash. Turns out I can't post a .dmp and the .xml has disappeared from my desktop and the folder. The pop up window read

 

  Problem Event Name: BlueScreen
  OS Version: 6.1.7601.2.1.0.768.3
  Locale ID: 4105
 
Additional information about the problem:
  BCCode: 116
  BCP1: FFFFFA80060284E0
  BCP2: FFFFF88002F42768
  BCP3: 0000000000000000
  BCP4: 0000000000000002
  OS Version: 6_1_7601
  Service Pack: 1_0
  Product: 768_1
 
Files that help describe the problem:
  C:\Windows\Minidump\073013-33509-01.dmp
  C:\Users\Mike\AppData\Local\Temp\WER-119091-0.sysdata.xml

 

I rebooted again, this time into safe mode with networking and was able to post this message. Any thoughts on whats up? Things looked so good after the weekend



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 PM

Posted 30 July 2013 - 08:40 PM


Hello

first thing running thru my mind is some hardware is going out


I want you to run things in selective startup, this will help pinpoint the type of problem it is



1. push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
2. In the Open box, type msconfig and then click OK. The System Configuration Utility appears.
3. Click the "services" tab.
4. Put a checkmark in "hide all Microsofts services".
5. Uncheck anything that is left.
6. click on the "startup" tab
7. uncheck all under this tab
8. click on the apply button


Restat the computer and see how things are doing, If things are doing better then repeat the process but this time start with the services and start by adding the first half back and apply the changes

If things go bad again then you know the problem is in the services that you restarted and you can keep searching untill you find the one it is

if you restart all the services and things are still ok then go back and do the same thing for the startup programs



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 kythoon

kythoon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 30 July 2013 - 09:16 PM

Sounded like a good plan but things didn't improve when I unchecked everything and rebooted. First time I got a blank blue screen after the windows logo. Then the monitors went blank and said nothing was received. On the second reboot (after safemode to see that all non-microsoft services/programs were unchecked) I got to the desktop but then the same thing happened with the icons disappearing when i hover over them.



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 PM

Posted 30 July 2013 - 09:49 PM

OK lets try system restore to a point before any of this started



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users