Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't install 51 critical Windows updates, BSOD...


  • This topic is locked This topic is locked
16 replies to this topic

#1 violetp

violetp

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:52 AM

Posted 02 August 2013 - 01:09 AM

     Okay, I am not very computer savvy, so please go easy on me....My one year old computer suddenly stopped installing updates a few months ago..I tried everything I could think of: Microsoft updater troubleshooting tools, manual installs, nothing. I finally got so frustrated Ifollowed a Google link to "remove corrupted Windows files ", (yes I now know that was a big mistake)... Next time it rebooted, Windows couldn't load. It just blue screened...Flat-lined....It was horrifying! 

     I found the recovery disks and  tried to back up my photos first but it kept hanging..anyhow, after multiple attempts, finally got Windows  running again. . I went to the recycle bin and hit restore all.....I know, I know....I probably don't deserve a computer, just a stick and dirt......(And of course not having  backed up my computer, I have been frantically uploading all my photos ever since...)

     I  updated and ran Spybot  and came up with "Error: Service check: the Services.sbs file is missing. Please use the update to get a new copy!"  I hit  update again, but it didn't work, so I uninstalled and reinstalled a fresh copy, but got the same message. My computer is actually running just fine right now, but I'm pretty sure it's "dead man walking". I don't even know where to start..

Should I pull the plug?
Please help!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Shiloh at 21:49:39 on 2013-08-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7933.5016 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ANIWConnService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\program files\soluto\soluto.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Windows\explorer.exe
C:\Windows\system32\prevhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Shiloh\Desktop\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://%20www.google.com/
uSearch Bar = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C81256A3-DBE4-11E2-82E2-082E5F236ABE}
uProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: {EEE6C35C-6118-11DC-9C72-001320C79847} - <orphaned>
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4BAE0EF5-4FCC-4E57-BC74-934871397FD3} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4BAE0EF5-4FCC-4E57-BC74-934871397FD3}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4BAE0EF5-4FCC-4E57-BC74-934871397FD3}\46C696E6B666233603 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4BAE0EF5-4FCC-4E57-BC74-934871397FD3}\84967686350756564623 : DHCPNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
TCP: Interfaces\{9A01853C-87BA-4DDD-83CB-012C93211801} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A0F973D1-CA40-4073-9103-9A932CAC4A0C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A0F973D1-CA40-4073-9103-9A932CAC4A0C}\84967686350756564623 : DHCPNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
TCP: Interfaces\{A0F973D1-CA40-4073-9103-9A932CAC4A0C}\D4F4A5142545D28405F5E4564777F627B6 : DHCPNameServer = 192.168.0.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com?src=6&barid={C81256A3-DBE4-11E2-82E2-082E5F236ABE}&crg=3.5000006.10045&st=23&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
FF - ExtSQL: 2013-06-23 02:12; {EEE6C361-6118-11DC-9C72-001320C79847}; C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2013-06-28 06:18; firefox@ghostery.com; C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\firefox@ghostery.com
FF - ExtSQL: 2013-07-13 03:39; info@youtube-mp3.org; C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\info@youtube-mp3.org.xpi
FF - ExtSQL: 2013-07-13 03:39; YoutubeDownloader@PeterOlayev.com; C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF - ExtSQL: 2013-07-29 22:20; {146f1820-2b0d-49ef-acbf-d85a6986e10c}; C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi
FF - ExtSQL: 2013-07-29 22:42; {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}; C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-1-4 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-1-4 38016]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-4 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-4 189936]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-2-8 25056]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-7-16 54728]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2012-2-5 15872]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-2-4 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-2-4 378944]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 ANIWConnService;ANIWConn Service;C:\Windows\System32\ANIWConnService.exe --> C:\Windows\System32\ANIWConnService.exe [?]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-2-4 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-2-4 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-16 46808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-31 66560]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-1-4 1127448]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-1 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-1 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-1 171928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-7-10 182848]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-7-10 792128]
R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2013-2-8 303360]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-5-29 619904]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-2-6 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-2-8 1256192]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-2-22 13728]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-4 412776]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-1-4 38456]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-2-22 81824]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-2-22 15776]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S3 RTL8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192u.sys [2010-4-13 1631264]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-7-10 1942528]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-5 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-01 13:38:06    17272    -c--a-w-    C:\Windows\System32\sdnclean64.exe
2013-07-31 13:48:10    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5FCFCBC7-8CB5-465D-A796-131586CD9A3C}\offreg.dll
2013-07-31 04:43:10    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5FCFCBC7-8CB5-465D-A796-131586CD9A3C}\mpengine.dll
2013-07-30 12:46:38    --------    dc----w-    C:\Users\Shiloh\AppData\Local\{DDC4D14D-977A-47A4-969A-C75D00BAAD36}
2013-07-29 21:26:42    679936    -c--a-w-    C:\Windows\System32\Fliqlo.scr
2013-07-29 21:26:42    679936    -c----w-    C:\Windows\SysWow64\Fliqlo.scr
2013-07-29 21:26:42    --------    dc----w-    C:\ProgramData\Screentime
2013-07-29 21:26:36    --------    dc----w-    C:\Users\Shiloh\AppData\Local\Screentime
2013-07-17 06:54:11    54728    -c--a-w-    C:\Windows\System32\drivers\Soluto.sys
2013-07-17 06:54:09    --------    dc----w-    C:\Program Files\Soluto
2013-07-16 10:04:43    --------    dcsh--w-    C:\Windows\System32\%APPDATA%
2013-07-16 10:04:21    --------    dcsh--w-    C:\Windows\SysWow64\%APPDATA%
2013-07-14 08:37:44    --------    dc----w-    C:\Program Files\iPod
2013-07-14 08:37:41    --------    dc----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-14 08:37:41    --------    dc----w-    C:\Program Files\iTunes
2013-07-14 08:37:41    --------    dc----w-    C:\Program Files (x86)\iTunes
2013-07-13 12:37:09    --------    dc----w-    C:\Users\Shiloh\AppData\Local\{EDBA08E2-D1AD-4D53-B2F4-2651EA666D7D}
2013-07-05 07:54:09    108968    -c--a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-05 05:51:39    --------    dc----w-    C:\Users\Shiloh\AppData\Local\{4A8BABF5-A93D-4AA8-991F-95642207C0BD}
.
==================== Find3M  ====================
.
2013-07-17 18:53:30    71048    -c--a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 18:53:30    692104    -c--a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-05 07:53:35    972712    -c--a-w-    C:\Windows\System32\deployJava1.dll
2013-07-05 07:53:35    1093032    -c--a-w-    C:\Windows\System32\npDeployJava1.dll
2013-07-05 07:45:46    867240    -c--a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-05 07:45:46    789416    -c--a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-27 21:05:26    189936    -c--a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 21:05:26    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:07    72016    -c--a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07    65336    -c--a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37    41664    -c--a-w-    C:\Windows\avastSS.scr
.
============= FINISH: 21:50:18.47 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 06 August 2013 - 01:28 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 violetp

violetp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:52 AM

Posted 08 August 2013 - 05:25 PM

Hi Nasdaq,

I attempted the instructions you gave me, but I ran into some huge problems...

  • I printed everything

 

  • AdwCleaner ran fine (log attached)

 

  • JRT ran fine (log attached)

 

  • ComboFix - I downloaded and saved to desktop. I thought I had disabled Avast and Spybot (per forum114351), but apparently not, because ComboFix refused to run until they were fully disabled. After trying to figure out how (even with the tutorial), I finally decided that it would be easier to completely uninstall both Spybot and Avast, then reinstall them when I was done.

 

  • After uninstalling, Spybot said I needed to reboot system to complete.

And that's where things fell apart....

Windows wouldn't boot. I tried the recovery from the hard drive, then I tried the DVD ROM, I tried repairing, the recovery tools, system restore- nothing.
I received an error code (0X0007006)

The keyboard became unresponsive,,,I was stuck....

After about 2 hours,I finally removed the recovery disk, ( to check it on another computer), and all of a sudden I looked up and there was my desktop!!!

I don't know what happened..I guess the computer restored itself back to August 5th, I think....

And Avast..... was right back at work, securing my system....Like nothing ever happened!!!

  • So, why did it BSOD again?? ( Since my last BSOD a week ago, I have rebooted several times with no problem).

 

  • And why didn't my recovery disks work? (Or did they?)

 

  • And most importantly, now what? I am sending the 2 log files.....but......I assume that the Adware and Junkware stuff that had been deleted is now restored, right?
  •  
  • I have NOT ran Combofix....I think I need to learn how to properly disable my antivirus first instead of just uninstalling it to avoid a reboot. Thank you so much for helping me....I really do appreciate it!

Annette


# AdwCleaner v2.306 - Logfile created 08/07/2013 at 17:08:55
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Shiloh - MOZART-HP
# Boot Mode : Normal
# Running from : C:\Users\Shiloh\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\2fqia3fe.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\2fqia3fe.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\2fqia3fe.default\StumbleUpon
Folder Deleted : C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\jetpack
Folder Deleted : C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\StumbleUpon

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=US&userid=9318a32c-6959-4f10-8704-9084e15ef081&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=US&userid=9318a32c-6959-4f10-8704-9084e15ef081&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=US&userid=9318a32c-6959-4f10-8704-9084e15ef081&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C81256A3-DBE4-11E2-82E2-082E5F236ABE} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\2fqia3fe.default\prefs.js

C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\2fqia3fe.default\user.js ... Deleted !

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109980");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "dc18fb360000000000000022b0edd64b");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "dc18fb360000000000000022b0edd64b");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15397");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:59:46");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.speeddial.thumbnail-5-url", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox");
Deleted : user_pref("browser.startup.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com?src=6&barid={C81256A3-DBE4-11E2-82E2-082E5F236[...]

File : C:\Users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\prefs.js

Deleted : user_pref("browser.newtab.url", "hxxp://start.sweetpacks.com/?barid={C81256A3-DBE4-11E2-82E2-082E5F2[...]
Deleted : user_pref("extensions.ghostery.bugs", "{\"copyright\":\"This proprietary database is protected by co[...]
Deleted : user_pref("extensions.ghostery.lsos", "{\"copyright\":\"This proprietary database is protected by co[...]
Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com?src=6&barid={C81256A3-DBE4-11E2-82E2-082E5F236[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]

File : C:\Users\drowsy\AppData\Roaming\Mozilla\Firefox\Profiles\q906r3a5.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={4578DC63-074C-4EA4-B80B-510BD0FC[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B3e19d67a-66b4-461e-8c7d-fb5ad5f356bb%[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Shiloh\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\drowsy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [14147 octets] - [07/08/2013 17:08:55]

########## EOF - C:\AdwCleaner[S1].txt - [14208 octets] ##########


Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows 7 Home Premium x64
Ran by Shiloh on Wed 08/07/2013 at 17:24:27.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3181388897-2329154711-3546373857-1000\Software\SweetIM"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{502E455D-4655-4013-A367-9E231032D03A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D54729FB-089B-4E92-A260-6326B2FD9454}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{502E455D-4655-4013-A367-9E231032D03A}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoBC52.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{0112E3F5-ACF9-41A7-963C-48DAAEEA9DE0}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{01678F19-1548-4753-A071-8E5BB4C3FD9F}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{04067D87-3B78-44AA-AEE8-4435CCE18B0C}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{043509D5-8665-4BDE-97F1-7E92CB9E9D1A}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{0566B53B-20C2-43FC-9439-2CA713D8CBF6}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{076F94E0-2745-409A-BCDB-721D5BD45B58}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{146FA063-79C1-4978-933D-27B428BB6D3D}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{17B7B813-4C9E-4207-B9A3-59A7313A5D98}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{17F5E474-8B56-40DD-BCB2-006F534930C3}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{1C6140CB-6A5B-4675-B353-811C26F68EF3}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{217BA562-B652-4CF1-BC98-088E95418CF6}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{274A2008-6A4A-410A-837A-C91308F0DEE6}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{2EBE5016-B2F8-41F4-90E8-91E9BC0A41FB}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{32C0940C-2572-4CD6-AF69-BCA2FE67AEAD}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{3C1330A5-60AD-4885-B3D1-D72DC874CC88}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{3D3A93DD-2B86-49A4-AFCC-0AE9C2EF07E2}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{3D3CF9D8-A5AB-4BA0-BCF9-185868FC1341}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{46827EBA-2B83-4658-97B4-C68D89902C98}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{4A8BABF5-A93D-4AA8-991F-95642207C0BD}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{4DFA8F87-4E82-43ED-AC50-9BC5CBEA89A8}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{4F75A9CA-9139-439B-B915-4ADE2C8FBC88}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{4FDBC9BD-8B72-4B69-87BD-074739FB9F18}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{5658A59F-8D96-4A85-A2AA-BA32D83E1775}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{57E16210-A37E-4E17-B16C-DEB73CF546E1}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{60DEFE68-53F8-4251-9B97-CED66E8DA638}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{62B95FA4-1F76-4C66-9490-4C8FD87AF837}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{7003AAC5-2E9F-4950-A43D-2287A2B2CF0B}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{7392635D-5A1B-4E2D-9B35-3C67F56B3D7C}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{756E0835-3EFE-4F7A-966D-1EE5D5292462}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{8180F162-133A-44E1-B8AF-DDB055D254E8}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{838B8DF3-F748-44AD-B3CF-1B017A8A643A}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{9434AF98-62EA-4AC8-9E84-04F4DA110CE8}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{99BD8B93-0395-461A-BF5B-E58B74BD6769}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{9BC54A0F-4D94-459C-A627-DE86AD10BCDE}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{A3DC695F-9012-4765-99CC-FA99ABC2D1D6}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{A8657220-236A-4628-B694-ECA22A3B5A91}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{AF7D2D9E-CDE3-41D3-BB37-2A18DFE37CFF}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{B050D416-9D1A-48E6-9FFD-32FEBB1F28EF}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{B581F13A-3660-4908-A1B3-CE03D3BA7E0E}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{BD663B02-B3AA-4088-92DE-B0E216E955CF}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{BD7363CF-C783-4A09-AA78-85F42D327C87}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{C417E030-BE0A-4F22-8FEE-013F2653D5F6}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{C6AE71CD-D8A7-4117-B039-5788D18A0BA6}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{C95E36F4-9E4B-46C9-95AA-13EB2825D787}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{D26CCB6B-B60B-4293-B7CA-9F612EBD9E08}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{D8731608-0193-4D2A-BD46-D37497F69830}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{D9E5157C-CD05-44CA-AE92-1A6E844521E4}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{DA8D1947-DDE4-4621-AE5D-CE9D73DC691B}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{DD091595-91E9-4D74-A990-A4299EB03502}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{DDC4D14D-977A-47A4-969A-C75D00BAAD36}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{E19FE275-427E-4BCC-8350-02F6C9B16C66}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{E5FF64F4-388A-4D96-B1E7-AAD9A3D2A590}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{EDBA08E2-D1AD-4D53-B2F4-2651EA666D7D}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{F8EF6ED0-BB85-4B32-953E-9B592E1578FE}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{FABB5D78-C15B-4A6D-8B44-40CD628E962E}
Successfully deleted: [Empty Folder] C:\Users\Shiloh\appdata\local\{FEBF7B41-FA4A-450D-A4DF-9C9F80EFD99A}



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{7d4f1959-3f72-49d5-8e59-f02f8aa6815d}
Successfully deleted the following from C:\Users\Shiloh\AppData\Roaming\mozilla\firefox\profiles\a45ihhq8.default-1361599799720\prefs.js

user_pref("extensions.ghostery.bugs", "{\"copyright\":\"This proprietary database is protected by copyright, and is owned exclusively by Evidon and all rights to it are expres
user_pref("extensions.ghostery.lsos", "{\"copyright\":\"This proprietary database is protected by copyright, and is owned exclusively by Evidon and all rights to it are expres
Emptied folder: C:\Users\Shiloh\AppData\Roaming\mozilla\firefox\profiles\a45ihhq8.default-1361599799720\minidumps [45 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/07/2013 at 17:31:25.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail Delivery Subsystem <mailer-daemon@googlemail.com>

2:24 AM (12 hours ago)

to me
Delivery to the following recipient failed permanently:

bleep@bleepingcomputer.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain bleepingcomputer.com by aspmx.l.google.com. [2607:f8b0:4003:c02::1a].

The error that the other server returned was:
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 s9si3785298oem.29 - gsmtp

----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:content-type;
bh=W9axLao7RC/KzPy2RoaiCw0T2B5oGzwa4eUwyVeTCHQ=;
b=T0G6Mz93oY4MDIaYGFk7/8De5kV2Jbo2BSHGoQGNcXF7fgbsCtIimHhsJJ0FeNfvat
4WcWdysQ5Jn8aTTO+sC4WCqDWF2KRZrNdym7fyfx4RpibWS6m0D8W7aO9soxqoaJ3FyV
P23b4OYEAYT317qO/XDJPQoY+mQfjpMlgatuFT5gCNBK2EsXFuGUI50gHtdLBiVUh/u4
zVQWtKG40gGehR1ORZrthf3c0IhRxfODD+t0jHk4qCDHUBTWbkNOxzfcSp0qkYeMHkH8
qHzzO1CqYpaVCdLFlLqznDcJc+WwWQZ4IaI3gg/zzSJ4RXPKC9xzyiYdWESGHV8pDB8Q
bIyg==
X-Received: by 10.42.199.5 with SMTP id eq5mr1642424icb.1.1375953856453; Thu,
08 Aug 2013 02:24:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.40.193 with HTTP; Thu, 8 Aug 2013 02:23:56 -0700 (PDT)
In-Reply-To: <576696714eaefa3ccf95cbf581eb03a6@www.bleepingcomputer.com>
References: <576696714eaefa3ccf95cbf581eb03a6@www.bleepingcomputer.com>
From: Annette Perez <violetannette@gmail.com>
Date: Thu, 8 Aug 2013 02:23:56 -0700
Message-ID: <CAHi46kHBa-CZ_NJVUKos0qGg4BWZwxV9mQCOLgOwKTtJs9GneA@mail.gmail.com>
Subject: Re: A new reply has been posted to Can't install 51 critical Windows
updates, BSOD...
To: "BleepingComputer.com" <bleep@bleepingcomputer.com>
Content-Type: multipart/alternative; boundary=20cf30334605d7632b04e36c38af

Hi Nasdaq,

I attempted the instructions you gave me, but I ran into some huge
problems...

- I printed everything


- AdwCleaner ran fine (log attached)


- JRT ran fine (log attached)


- ComboFix - I downloaded and saved to desktop. I thought I had disabled
Avast and Spybot (per forum114351), but apparently not, because ComboFix
refused to run until they were fully disabled. After trying to figure
out how (even with the tutorial), I finally decided that it would be easier
to completely uninstall both Spybot and Avast, then reinstall them when I
was done.


- After uninstalling, Spybot said I needed to reboot system to complete.

And *that's *where things fell apart....


- Windows wouldn't boot. I tried the recovery from the hard
drive, then I tried the CDROM, I tried repairing, the recovery
tools, system restore- nothing.
- I received an error code (0X0007006)


- The keyboard became unresponsive,,,I was stuck....

After about 2 hours,I finally removed the recovery disk, ( to check it on
another computer), and all of a sudden I looked up and there was my
desktop!!!

I don't know what happened.... I guess it turned out after all that the
computer restored itself back to August 5th, I think....And Avast..... was
right back at work, securing my system....Like nothing ever happened!!!


- So, why did it BSOD again?? ( Since my last BSOD a week ago, I have
rebooted several times with no problem).



- And why didn't my recovery disks work? (Or did they?)



- And most importantly, now what? I am sending the 2 log
files.....but......I assume that the Adware and Junkware stuff that had
been deleted is now restored, right?
- I have NOT ran Combofix....I think I need to learn how to disable my
antivirus first instead of just uninstalling it to avoid a reboot. Thank
you so much for helping me....I really do appreciate it!

Annette
Hi Nasdaq



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 09 August 2013 - 07:30 AM



Is this an apple computer?
The BSOD error is know to happen on that type of computer.
Why I do not know.


.I assume that the Adware and Junkware stuff that had
been deleted is now restored, right?

Run the ADWcleaner and Junk removal tool one more time.
===
Run this tool.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please let me know what problem persists.

#5 violetp

violetp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:52 AM

Posted 09 August 2013 - 06:00 PM

Hi Nasdaq,

 

No it's not an Apple computer... It is an HP Pavillion p6877.

 

I have been trying to download Adwcleaner for an hour...I pressed download, then "Allow"   but the screen just kept returning to the initial download page.

 

I finally clicked on "If your download doesn't start press here..."

 

I got a big red X (never seen it before) that said "This file does not have a program associated with it for performing this action. Please install program  or if one is already installed create an association in default program".

So I went to default in the Windows start menu and found hundreds of them....I don't know how to do this..Any ideas?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 10 August 2013 - 07:52 AM

Let me check the setting for these services.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#7 violetp

violetp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:52 AM

Posted 10 August 2013 - 04:39 PM

Hi Nasdaq,

 

Here is the log for the Farbar scan:

 

Farbar Service Scanner Version: 04-08-2013
Ran by Shiloh (administrator) on 10-08-2013 at 14:33:26
Running from "C:\Users\Shiloh\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
ProxyServer: localhost:21320


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 11 August 2013 - 07:06 AM


If you still have a problem with the Windows Update please run the Fit it uption on this page.

http://support.microsoft.com/kb/910336

If you have any other issues with this computer please explain.

#9 violetp

violetp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:52 AM

Posted 11 August 2013 - 02:44 PM


Hi Nasdaq,
 
I ran the "Fix It" scan you sent...Then I restarted the computer, and every single update failed....
Is there a way to copy my Windows 7 update history? I tried to "select all" but it was grayed out.

I am pasting just ONE of the failed updates..There are 49 more.

Thanks,

Annette


Security Update for Windows 7 for x64-based Systems (KB2830290)

Installation date: ‎8/‎11/‎2013 8:50 AM

Installation status: Failed

Error details: Code 80071A90

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

More information:
http://go.microsoft.com/fwlink/?LinkId=296427

Help and Support:
http://support.microsoft.com



#10 violetp

violetp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:52 AM

Posted 12 August 2013 - 12:28 AM

Hi  Nasdaq,

 

I think I figured it out!!! 
I stumbled on something online  when I was trying to look for way to cut and paste my Window Update History,  I ended up on Microsoft's site.and saw an article about Windows 7 update issues.... So I entered one of my error codes that kept showing up, and the article below came up. I decided to try it, and it seems to have worked!  I still don't believe it...

This is what I did:
     (I  found this update in my  failed update history  KB2647753,and manually updated it..It succeeded...Then I tried the others and now I am only missing one update!!!!)
My computer is very noisy and slow right now,,,I guess it is processing all the updates...
I truly do not understand how that one little update caused all the other updates to fail..
     Anyhow,   Problem solved!!! Thank you so much for your time and patience. You were a very big help! I really appreciate it!

(I posted the entire Microsoft article in blue to distinguish it from me.....)

Annette

 

​Unable to install KB2712808. Error code: 80071A90

Original Title:

I've been getting failed messages on my pc when attempting to update my Windows 7 x64 system.



This has been going on since August 15. I've done the Fix it tool more times than I can count. It's stayed plugged and uninterrupted every time the update runs. I'm honestly ready to get an Apple machine unless someone can help. I don't have time to keep fighting with my computer... HELP!
These area few of my most recent error codes:

Security Update for Windows 7 for x64-based Systems (KB2712808)

Installation date: ‎8/‎15/‎2012 9:50 PM

Installation status: Failed

Error details: Code 80071A90

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft.com/fwlink/?LinkId=257914

Help and Support:
http://support.microsoft.com

Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2722913)

Installation date: ‎8/‎15/‎2012 9:51 PM

Installation status: Failed

Error details: Code 80071A90

Update type: Important

Security issues have been identified that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft.com/fwlink/?LinkId=255327

Help and Support:
http://support.microsoft.com
Update for Windows 7 for x64-based Systems (KB2647753)

Installation date: ‎8/‎15/‎2012 9:52 PM

Installation status: Failed

Error details: Code 80071A90

Update type: Recommended

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

More information:
http://support.microsoft.com/kb/2647753

Help and Support:
http://support.microsoft.com
Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2736233)

Installation date: ‎9/‎16/‎2012 12:48 PM

Installation status: Failed

Error details: Code 80071A90

Update type: Important

Security issues have been identified in ActiveX controls that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft.com/fwlink/?LinkId=260919

Help and Support:
http://support.microsoft.com


Anannya Podder
Found this helpful 1
Answer
Anannya Podder replied on

Support Engineer Community Star Community Star

Hi,


1.Have you made any changes to the computer prior to the issue?
2. Does the issue occur with a particular update?

3. What is the complete error message received with error code?

Reply with the required information so that we can understand the issue and provide you troubleshooting steps accordingly.



Hi,

1. Which anti-virus software is installed on the computer?

2. Which “Fix it tool “are you referring to?

Method 1:

You may try the steps from the following link and check if it works:

Windows Update error 80071A90

http://windows.microsoft.com/en-US/windows7/Windows-Update-error-80071A90

Method 2:

For now, as a test, temporarily disable antivirus and try to install the update, refer the link for more information.

http://windows.microsoft.com/en-US/windows7/Disable-antivirus-software

Note: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you shouldn't disable your antivirus software. If you have to temporarily disable it to install other software, you should re-enable it as soon as you're done. If you're connected to the Internet or a network while your antivirus software is disabled, your computer is vulnerable to attacks.

Method 3:

You may run the fixit from the following link and check:

Fix the problem with Microsoft Windows Update that is not working

http://support.microsoft.com/mats/windows_update

Method 4:

You may try the fixit to reset windows update components from the following link:
How do I reset Windows Update components?
http://support.microsoft.com/kb/971058
important:
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article:

http://windows.microsoft.com/en-us/windows7/Back-up-the-registryHow to back up and restore the registry in Windows

All Replies (4)

nammac
Found this helpful 1
nammac replied on

well none of soultions on microsoft worked for me.

however I did discover online..on another site that error 80071A90 had something to do with the update KB2647753. After following the instructions to install the KB2647753 update manually and alone, like magic the problem was corrected...all the other failed updates...all 27 of them...were able to be downloaded and installed with out a problem...thank goodness

so...who's asleep at the wheel at microsoft????

NammaC

Anannya Podder
Found this helpful 0
Anannya Podder replied on

Support Engineer Community Star Community Star

Reply

Hi NammaC,



Thank you for sharing the information.

We are glad that the issue is fixed.



Fiesta-AV
Found this helpful 1
Fiesta-AV replied on

Reply

yeap, this completely did the trick. Thank you!



 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 12 August 2013 - 08:09 AM

Good catch.

I suggest you run these tools now.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

#12 violetp

violetp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:52 AM

Posted 12 August 2013 - 11:47 AM

Hi Nasdaq,

 

Actually I am glad you are still working with me... I happened to notice that the top of my toolbar said "sweetpacks" and I think that is malware.

 I did reinstall Malwarebytes (some of it was missing)  and ran it before I read this post...  It found 8 issues...I hope I didn't screw anything up..

I will work on the Combo Fix today and submit the results...

Thanks again!

Annette



#13 violetp

violetp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:52 AM

Posted 13 August 2013 - 06:41 PM

HI Nasdaq,
 
Finally! 
     It took a while to run Combofix because I ran into a problem with Spybot. I was missing a start up file so I couldn't uninstall, disable or reinstall. I sent them an email and they told me what to do.
     I had disabled Avast for 1 hour, but the Combofix scan ran about 2 hours, so I hope it didn't mess anything up.

 

Here are the logs for both  Combofix and Security Check:

 

ComboFix 13-08-12.01 - Shiloh 08/13/2013 13:53:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7933.5481 [GMT -7:00]
Running from: c:\users\Shiloh\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\smartscan
c:\program files (x86)\smartscan\welcome.exe
c:\users\Shiloh\0013.grd
c:\users\Shiloh\New Folder (6)\Documents\nosyj.txt
c:\users\Shiloh\New Folder (6)\Documents\ppguestpassport.txt
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-07-13 to 2013-08-13 )))))))))))))))))))))))))))))))
.
.
2013-08-13 07:50 . 2013-07-15 10:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0500511-3797-4062-A537-E644D72DCA0E}\mpengine.dll
2013-08-12 05:36 . 2013-08-12 05:36 -------- dcsh--w- c:\windows\SysWow64\AI_RecycleBin
2013-08-12 04:29 . 2013-08-12 04:29 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-08-12 04:29 . 2013-08-12 04:29 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-08-12 04:29 . 2013-08-12 04:29 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-08-12 04:29 . 2013-08-12 04:29 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-08-12 04:26 . 2013-08-12 04:26 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-08-12 04:26 . 2013-08-12 04:26 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-08-12 04:26 . 2013-08-12 04:26 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-08-12 04:26 . 2013-08-12 04:26 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-08-12 04:25 . 2013-08-12 04:25 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-08-12 04:25 . 2013-08-12 04:25 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-08-12 04:25 . 2013-08-12 04:25 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-08-12 04:25 . 2013-08-12 04:25 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-08-12 04:25 . 2013-08-12 04:25 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-08-12 04:25 . 2013-08-12 04:25 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-08-12 04:25 . 2013-08-12 04:25 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-08-11 15:41 . 2013-08-11 15:43 -------- dc----w- c:\windows\system32\MRT
2013-08-08 08:06 . 2013-08-12 04:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-08-08 08:06 . 2013-08-12 04:24 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-08-08 07:44 . 2013-08-12 04:22 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-08-08 07:44 . 2013-08-12 04:22 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-08 04:41 . 2013-08-08 04:41 -------- dcs---w- c:\windows\SysWow64\Microsoft
2013-08-08 00:24 . 2013-08-08 00:24 -------- dc----w- c:\windows\ERUNT
2013-08-05 11:26 . 2013-08-08 06:30 -------- dc----w- C:\cd3a16467098a6514b1a0b33b22b
2013-08-01 13:38 . 2009-01-25 20:14 17272 -c--a-w- c:\windows\system32\sdnclean64.exe
2013-07-30 21:56 . 2013-07-30 21:56 -------- dc----w- c:\users\drowsy\AppData\Roaming\WTablet
2013-07-29 21:26 . 2013-07-29 21:26 679936 -c--a-w- c:\windows\system32\Fliqlo.scr
2013-07-29 21:26 . 2013-07-29 21:26 679936 -c----w- c:\windows\SysWow64\Fliqlo.scr
2013-07-29 21:26 . 2013-07-29 21:26 -------- dc----w- c:\programdata\Screentime
2013-07-29 21:26 . 2013-07-29 21:26 -------- dc----w- c:\users\Shiloh\AppData\Local\Screentime
2013-07-16 10:04 . 2013-07-16 10:04 -------- dcsh--w- c:\windows\system32\%APPDATA%
2013-07-16 10:04 . 2013-07-16 10:04 -------- dcsh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-12 04:32 . 2013-07-11 07:41 9070080 ----a-w- c:\windows\system32\mshtml.dll
2013-08-12 04:32 . 2013-07-11 07:41 12295680 ----a-w- c:\windows\system32\ieframe.dll
2013-08-12 04:32 . 2013-07-11 07:41 1188864 ----a-w- c:\windows\system32\wininet.dll
2013-08-12 04:32 . 2013-07-11 07:41 64512 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-12 04:32 . 2013-07-11 07:41 247808 ----a-w- c:\windows\system32\ieui.dll
2013-08-12 04:32 . 2013-07-11 07:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-12 04:32 . 2013-07-11 07:41 1492992 ----a-w- c:\windows\system32\urlmon.dll
2013-08-12 04:32 . 2013-07-11 07:41 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-12 04:32 . 2013-07-11 07:41 735232 ----a-w- c:\windows\system32\msfeeds.dll
2013-08-12 04:32 . 2013-07-11 07:41 2458112 ----a-w- c:\windows\system32\iertutil.dll
2013-08-12 04:32 . 2013-07-11 07:41 97792 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-12 04:32 . 2013-07-11 07:41 134144 ----a-w- c:\windows\system32\url.dll
2013-08-12 04:32 . 2013-07-11 07:41 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-08-12 04:31 . 2013-05-16 16:10 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-08-12 04:31 . 2013-05-16 16:10 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-08-12 04:31 . 2013-05-16 16:10 144384 ----a-w- c:\windows\system32\cdd.dll
2013-08-12 04:31 . 2012-11-16 08:01 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-08-12 04:31 . 2012-11-16 08:01 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-08-12 04:31 . 2012-11-16 08:01 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-08-12 04:31 . 2012-11-16 08:01 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-08-12 04:31 . 2013-04-10 22:52 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-08-12 04:31 . 2013-04-10 22:52 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-08-12 04:31 . 2013-04-10 22:52 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-08-12 04:31 . 2013-04-10 22:52 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-08-12 04:31 . 2013-04-10 22:52 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-08-12 04:31 . 2013-04-10 22:52 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-08-12 04:31 . 2013-06-12 10:24 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-12 04:31 . 2013-02-13 08:11 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-08-12 04:30 . 2013-05-16 16:10 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-08-12 04:30 . 2013-05-16 16:10 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-08-12 04:30 . 2013-05-16 16:10 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-08-12 04:30 . 2013-05-16 16:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-08-12 04:30 . 2013-05-16 16:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-08-12 04:30 . 2013-05-16 16:10 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-08-12 04:30 . 2013-05-16 16:10 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-08-12 04:30 . 2013-05-16 16:10 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-08-12 04:30 . 2013-05-16 16:10 1930752 ----a-w- c:\windows\system32\authui.dll
2013-08-12 04:30 . 2013-05-16 16:10 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-08-12 04:30 . 2013-05-16 16:10 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-08-12 04:30 . 2013-05-16 16:10 111448 ----a-w- c:\windows\system32\consent.exe
2013-08-12 04:30 . 2013-05-16 16:10 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-08-12 04:30 . 2013-05-16 16:10 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-08-12 04:30 . 2013-04-23 19:26 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-08-12 04:27 . 2012-09-12 05:39 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-08-12 04:27 . 2012-09-12 05:39 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-08-12 04:27 . 2013-03-20 22:38 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-08-12 04:27 . 2012-11-16 08:01 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2013-08-12 04:27 . 2012-11-16 08:01 216576 ----a-w- c:\windows\system32\ncsi.dll
2013-08-12 04:27 . 2012-11-16 08:01 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-08-12 04:27 . 2012-11-16 08:01 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2013-08-12 04:27 . 2012-11-16 08:01 303104 ----a-w- c:\windows\system32\nlasvc.dll
2013-08-12 04:27 . 2012-11-16 08:01 246272 ----a-w- c:\windows\system32\netcorehc.dll
2013-08-12 04:27 . 2012-11-16 08:01 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2013-08-12 04:27 . 2012-11-16 08:01 70656 ----a-w- c:\windows\system32\nlaapi.dll
2013-08-12 04:27 . 2012-11-16 08:01 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-12 04:27 . 2012-11-16 08:01 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2013-08-12 04:27 . 2012-11-16 08:01 18944 ----a-w- c:\windows\system32\netevent.dll
2013-08-12 04:27 . 2012-09-12 05:39 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2013-08-12 04:27 . 2012-12-13 01:01 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-08-12 04:27 . 2012-12-13 01:01 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-08-12 04:27 . 2013-07-11 07:41 624128 ----a-w- c:\windows\system32\qedit.dll
2013-08-12 04:27 . 2013-07-11 07:41 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-08-12 04:27 . 2012-10-10 01:37 220160 ----a-w- c:\windows\system32\wintrust.dll
2013-08-12 04:27 . 2012-10-10 01:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-12 04:26 . 2013-07-11 07:41 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-12 04:26 . 2013-07-11 07:41 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-12 04:26 . 2013-02-13 08:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-12 04:26 . 2013-02-13 08:11 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-12 04:26 . 2013-02-13 08:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-12 04:26 . 2013-02-13 08:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-12 04:26 . 2013-02-13 08:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-12 04:26 . 2013-02-13 08:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-12 04:26 . 2013-02-13 08:11 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-12 04:26 . 2012-09-26 11:04 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-08-12 04:26 . 2012-11-27 21:30 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2013-08-12 04:25 . 2012-10-10 01:36 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-08-12 04:25 . 2012-10-10 01:36 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-08-12 04:25 . 2012-08-15 20:40 911360 ----a-w- c:\windows\system32\jscript.dll
2013-08-12 04:25 . 2012-08-15 20:40 609792 ----a-w- c:\windows\system32\vbscript.dll
2013-08-12 04:25 . 2012-08-15 20:40 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-12 04:25 . 2012-11-16 08:00 95744 ----a-w- c:\windows\system32\synceng.dll
2013-08-12 04:25 . 2012-11-16 08:00 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-08-12 04:24 . 2013-06-12 10:23 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-08-12 04:24 . 2013-06-12 10:23 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-08-12 04:24 . 2013-07-11 07:41 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-08-12 04:24 . 2013-06-12 10:23 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-08-12 04:24 . 2013-06-12 10:23 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-08-12 04:24 . 2012-08-15 20:40 136704 ----a-w- c:\windows\system32\browser.dll
2013-08-12 04:24 . 2012-08-15 20:40 73216 ----a-w- c:\windows\system32\netapi32.dll
2013-08-12 04:24 . 2012-08-15 20:40 59392 ----a-w- c:\windows\system32\browcli.dll
2013-08-12 04:24 . 2012-08-15 20:40 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2013-08-12 04:23 . 2013-04-10 22:51 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-08-12 04:23 . 2012-08-15 20:40 503808 ----a-w- c:\windows\system32\srcore.dll
2013-08-12 04:23 . 2012-08-15 20:40 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-08-12 04:23 . 2013-06-12 10:23 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-08-12 04:23 . 2013-06-12 10:23 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-08-12 04:23 . 2013-06-12 10:23 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-08-12 04:23 . 2013-06-12 10:23 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-12 04:23 . 2013-06-12 10:23 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-12 04:23 . 2013-06-12 10:23 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2011-06-27 409600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2013-2-8 8453376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 RTL8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192u.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192u.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe;c:\windows\SYSNATIVE\ANIWConnService.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:53]
.
2013-08-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-02 04:09]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07 00:32]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07 00:32]
.
2013-08-08 c:\windows\Tasks\HPCeeScheduleForMOZART-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-08-13 c:\windows\Tasks\HPCeeScheduleForShiloh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 23:11 778704 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 23:11 778704 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 23:11 778704 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 23:11 778704 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 23:11 778704 -c--a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://%20www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C81256A3-DBE4-11E2-82E2-082E5F236ABE}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com?src=6&barid={C81256A3-DBE4-11E2-82E2-082E5F236ABE}&crg=3.5000006.10045&st=23&q=
FF - ExtSQL: 2013-06-28 06:18; firefox@ghostery.com; c:\users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\firefox@ghostery.com.xpi
FF - ExtSQL: 2013-07-13 03:39; info@youtube-mp3.org; c:\users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\info@youtube-mp3.org.xpi
FF - ExtSQL: 2013-07-13 03:39; YoutubeDownloader@PeterOlayev.com; c:\users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF - ExtSQL: 2013-07-29 22:20; {146f1820-2b0d-49ef-acbf-d85a6986e10c}; c:\users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi
FF - ExtSQL: 2013-07-29 22:42; {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}; c:\users\Shiloh\AppData\Roaming\Mozilla\Firefox\Profiles\a45ihhq8.default-1361599799720\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
FF - ExtSQL: 2013-08-08 00:25; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ANIWConnService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2013-08-13 16:03:36 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-13 23:03
.
Pre-Run: 291,954,286,592 bytes free
Post-Run: 294,990,757,888 bytes free
.
- - End Of File - - EE5B5128DB18B7710E44C3C306B3A40A
CBE3F28F76376FBA369FE2E13CCCC526

Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox 22.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 AM

Posted 14 August 2013 - 07:11 AM

The logs are clean.

Any remaining issues?

#15 violetp

violetp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:52 AM

Posted 15 August 2013 - 08:33 AM

No.  My computer seems to be running perfect.

Thank you so much!

Annette






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users