Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win 7 unable to log in normal mode


  • This topic is locked This topic is locked
34 replies to this topic

#1 angrymasteryoda

angrymasteryoda

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 01 October 2013 - 11:24 AM

I am unable to boot into normal mode only able to use safe mode. when logging in to normal it just sits on the welcome screen or it will get past that and stay on a black screen with a cursor.

 

 

 




ComboFix 13-10-01.03 - Kim 10/01/2013 8:32.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.5330 [GMT -7:00]
Running from: c:\users\Kim\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll
c:\programdata\Roaming
c:\windows\gt.exe
c:\windows\s.bat
c:\windows\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-09-01 to 2013-10-01 )))))))))))))))))))))))))))))))
.
.
2013-10-01 15:37 . 2013-10-01 15:37    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-01 07:26 . 2009-01-25 20:14    17272    ----a-w-    c:\windows\system32\sdnclean64.exe
2013-10-01 07:26 . 2013-10-01 07:28    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2013-10-01 06:52 . 2013-10-01 06:52    --------    d-----w-    c:\programdata\Tarma Installer
2013-10-01 06:52 . 2013-10-01 06:52    --------    d-----w-    c:\users\Kim\AppData\Roaming\OpenCandy
2013-10-01 01:36 . 2013-10-01 01:36    --------    d-----w-    c:\users\Kim\AppData\Roaming\Malwarebytes
2013-10-01 01:36 . 2013-10-01 01:36    --------    d-----w-    c:\programdata\Malwarebytes
2013-10-01 01:36 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-01 01:36 . 2013-10-01 01:36    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-01 01:36 . 2013-10-01 01:36    --------    d-----w-    c:\users\Kim\AppData\Local\Programs
2013-10-01 01:28 . 2013-10-01 01:28    --------    d-----w-    c:\program files (x86)\TeaTimer (Spybot - Search & Destroy)
2013-10-01 01:28 . 2013-10-01 01:28    --------    d-----w-    c:\program files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2013-10-01 01:28 . 2013-10-01 01:28    --------    d-----w-    c:\program files (x86)\SDHelper (Spybot - Search & Destroy)
2013-10-01 01:28 . 2013-10-01 01:28    --------    d-----w-    c:\program files (x86)\File Scanner Library (Spybot - Search & Destroy)
2013-10-01 01:27 . 2013-10-01 07:53    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-10-01 01:27 . 2013-10-01 01:27    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2013-09-11 02:55 . 2013-09-11 02:55    --------    d-----w-    c:\users\Kim\AppData\Roaming\Search Protection
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 03:25 . 2012-06-16 08:28    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-15 03:25 . 2012-06-16 08:28    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-23 15:09 . 2013-08-23 15:09    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-23 15:09 . 2013-08-23 15:09    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-08-23 15:09 . 2013-08-23 15:09    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-08-16 03:50 . 2012-11-14 00:35    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49    176936    ----a-w-    c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-08-16 03:50    3122864    ----a-w-    c:\program files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll" [2013-08-16 3122864]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Kim\AppData\Roaming\uTorrent\uTorrent.exe" [2013-09-11 1130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"PLTSR"="c:\program files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [2010-10-22 364400]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-03-09 329056]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-20 2598520]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-16 2314416]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ     autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"VitaKeyTSR"=c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe /run
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" -d
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" /s
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"BrowserPlugInHelper"=c:\program files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
R1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
R1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys;c:\windows\SYSNATIVE\DRIVERS\EgisTecFF.sys [x]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [x]
R2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
R3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 03:24    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 03:27]
.
2013-10-01 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-01 17:58]
.
2013-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 16:12]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 16:12]
.
2013-10-01 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-01 17:57]
.
2013-10-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-10-01 17:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]
2012-03-17 04:22    105472    ----a-w-    c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-09 16:01    1508192    ----a-w-    c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-09 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-09 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ie
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\xki05be8.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - ExtSQL: !HIDDEN! 2013-01-21 20:58; {8D150B8F-EFE8-45a3-A4A3-053020F48FAC}; c:\program files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - c:\program files\PrivacySafeGuard\PrivacySafeGuard.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-01 09:08:27 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-01 16:08
.
Pre-Run: 208,865,009,664 bytes free
Post-Run: 208,488,996,864 bytes free
.
- - End Of File - - ECC339384976D7BE96D068A46A9A00B3

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:26 AM

Posted 03 October 2013 - 09:38 PM

Hello angrymasteryoda, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

===================================================
 
Spybot S&D No Longer Recommended
 
--------------------
 
MVPS.org is no longer recommending Spybot S&D due to poor testing results.  (scroll down on the web site and read under Freeware Antispyware Products)
 
I strongly recommend uninstalling Spybot Search & Destroy.  The presence of this program can make cleaning your computer more difficult.
 
If you choose to uninstall please go to StartControl PanelAdd/Remove Programs (or Programs and Features) and uninstall the program.

 

==========

 

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer. i.e. (uTorrent)

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

 

==========

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.


Things I need to see in your next reply:

  • AdwCleaner Log
  • JRT Log

Best Regards,
oneof4.


#3 angrymasteryoda

angrymasteryoda
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 04 October 2013 - 12:17 AM

I am still unable to log into the normal windows mode i get past the password input page and to the welcome with the pinwheel let it sit there for 20mins

 

about the p2p i am aware however this is my cousins computer i guess she just used it to Microsoft office so hopefully once its fixed she will not use it agian

Attached Files


Edited by angrymasteryoda, 04 October 2013 - 12:27 AM.


#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:26 AM

Posted 04 October 2013 - 12:54 PM

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system.

Plug the flashdrive into the infected PC.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Best Regards,
oneof4.


#5 angrymasteryoda

angrymasteryoda
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 October 2013 - 04:00 PM

sorry i was so slow to respond i have been really busy. but here is the log file

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-D9IAHLH on 06-10-2013 13:57:50
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-03-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-03-09] (Lenovo(beijing) Limited)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [] -  [x]
HKLM-x32\...\Runonce: [GrpConv] - grpconv -o [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-09] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKU\Kim\...\Run: [uTorrent] - C:\Users\Kim\AppData\Roaming\uTorrent\uTorrent.exe [1130576 2013-09-10] (BitTorrent Inc.)
HKU\Kim\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S0].txt [12111 2013-10-03] ()
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-12-05] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2072896 2011-10-20] (TuneUp Software)
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-08-15] (AVG Technologies)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-07] (DT Soft Ltd)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-20] (TuneUp Software)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BcmSqlStartupSvc;
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 CLKMSVC10_3A60B698;
S2 CLKMSVC10_C3B3B687;
S2 DriverService;
S2 IAStorDataMgrSvc;
S2 iATAgentService;
S2 idealife Update Service;
S3 IGRS;
S2 IviRegMgr;
S2 nvUpdatusService;
S2 Oasis2Service;
S2 PCCarerService;
S2 ReadyComm.DirectRouter;
S2 RichVideo;
S2 RtLedService;
S2 SeaPort;
S2 SoftwareService;
S3 SQLWriter;
S2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 13:57 - 2013-10-06 13:57 - 00000000 ____D C:\FRST
2013-10-03 20:59 - 2013-10-03 20:59 - 00004099 _____ C:\Users\Kim\Desktop\JRT.txt
2013-10-03 20:57 - 2013-10-03 20:57 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 20:55 - 2013-10-03 20:55 - 01030305 _____ (Thisisu) C:\Users\Kim\Downloads\JRT.exe
2013-10-03 20:49 - 2013-10-03 20:52 - 00000000 ____D C:\AdwCleaner
2013-10-03 20:49 - 2013-10-03 20:49 - 01045226 _____ C:\Users\Kim\Downloads\AdwCleaner.exe
2013-10-01 16:15 - 2013-10-01 16:15 - 00001724 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-10-01 16:15 - 2013-10-01 16:15 - 00000000 ____D C:\Program Files\Defraggler
2013-10-01 13:39 - 2013-10-01 13:39 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Kim\Desktop\SpyHunter-Installer.exe
2013-10-01 08:40 - 2013-10-01 08:40 - 00001616 _____ C:\Users\Kim\Desktop\123abc - Shortcut.lnk
2013-10-01 08:20 - 2013-10-01 08:20 - 00021855 _____ C:\Users\Kim\Desktop\dds.txt
2013-10-01 08:20 - 2013-10-01 08:20 - 00013977 _____ C:\Users\Kim\Desktop\attach.txt
2013-10-01 08:19 - 2013-10-01 08:19 - 00688992 ____R (Swearware) C:\Users\Kim\Downloads\dds.com
2013-10-01 08:16 - 2013-10-01 08:16 - 04100432 _____ (Piriform Ltd) C:\Users\Kim\Downloads\dfsetup215.exe
2013-10-01 08:08 - 2013-10-01 08:08 - 00027565 _____ C:\ComboFix.txt
2013-10-01 07:28 - 2013-10-01 07:28 - 05132885 ____R (Swearware) C:\Users\Kim\Downloads\ComboFix.exe
2013-09-30 23:57 - 2009-06-10 13:00 - 00000824 _____ C:\Windows\System32\Drivers\etc\hosts.20131001-005743.backup
2013-09-30 23:54 - 2013-09-30 23:54 - 00000000 ____D C:\Users\Kim\Documents\ProcAlyzer Dumps
2013-09-30 23:27 - 2013-09-30 23:27 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-09-30 23:27 - 2013-09-30 23:27 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-09-30 23:27 - 2013-09-30 23:27 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-09-30 23:26 - 2013-09-30 23:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-30 23:26 - 2013-09-30 23:26 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-30 23:26 - 2009-01-25 12:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-09-30 23:25 - 2013-09-30 23:26 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Kim\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-30 23:14 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-30 23:14 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-30 23:14 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-30 23:14 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-30 23:14 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-30 23:14 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-30 23:14 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-30 23:14 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-30 23:13 - 2013-10-01 08:08 - 00000000 ____D C:\Qoobox
2013-09-30 23:12 - 2013-10-01 08:07 - 00000000 ____D C:\Windows\erdnt
2013-09-30 22:52 - 2013-09-30 22:52 - 21644472 _____ (Media Player) C:\Users\Kim\Downloads\media.player.codec.pack.v4.2.0.setup.exe
2013-09-30 22:52 - 2013-09-30 22:52 - 14230160 _____ (DT Soft Ltd) C:\Users\Kim\Downloads\DTLite4454-0315.exe
2013-09-30 17:36 - 2013-10-01 08:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-30 17:36 - 2013-09-30 17:36 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Malwarebytes
2013-09-30 17:36 - 2013-09-30 17:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-30 17:36 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-09-30 17:28 - 2013-09-30 17:28 - 00000000 ____D C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2013-09-30 17:28 - 2013-09-30 17:28 - 00000000 ____D C:\Program Files (x86)\SDHelper (Spybot - Search & Destroy)
2013-09-30 17:28 - 2013-09-30 17:28 - 00000000 ____D C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2013-09-30 17:28 - 2013-09-30 17:28 - 00000000 ____D C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
2013-09-30 17:27 - 2013-10-01 09:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-30 17:27 - 2013-10-01 09:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-09-14 20:11 - 2013-09-14 20:12 - 00001288 _____ C:\Users\Kim\Desktop\shutdown.lnk
2013-09-14 19:03 - 2013-09-14 19:03 - 02049128 _____ (Trend Micro Inc.) C:\Users\Kim\Downloads\HousecallLauncher.exe
2013-09-14 19:03 - 2013-09-14 19:03 - 00000036 _____ C:\Users\Kim\AppData\Local\housecall.guid.cache
2013-09-14 14:43 - 2013-09-14 17:10 - 00043850 _____ C:\Windows\System32\avgrep.txt
2013-09-10 22:50 - 2013-09-10 22:50 - 00000000 ____D C:\Windows\pss
2013-09-10 21:40 - 2013-09-10 21:44 - 00007625 _____ C:\Users\Kim\AppData\Local\Resmon.ResmonCfg
2013-09-10 18:55 - 2013-09-10 18:55 - 00000847 _____ C:\Users\Kim\Desktop\µTorrent.lnk

==================== One Month Modified Files and Folders =======

2013-10-06 13:57 - 2013-10-06 13:57 - 00000000 ____D C:\FRST
2013-10-06 12:48 - 2012-03-09 08:16 - 00165497 _____ C:\Windows\System32\fastboot.set
2013-10-03 21:17 - 2009-07-13 21:13 - 00731790 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-03 21:14 - 2013-08-16 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-03 21:01 - 2012-03-09 08:01 - 01500659 _____ C:\FaceProv.log
2013-10-03 21:01 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 21:01 - 2009-07-13 20:51 - 00079590 _____ C:\Windows\setupact.log
2013-10-03 20:59 - 2013-10-03 20:59 - 00004099 _____ C:\Users\Kim\Desktop\JRT.txt
2013-10-03 20:57 - 2013-10-03 20:57 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 20:55 - 2013-10-03 20:55 - 01030305 _____ (Thisisu) C:\Users\Kim\Downloads\JRT.exe
2013-10-03 20:52 - 2013-10-03 20:49 - 00000000 ____D C:\AdwCleaner
2013-10-03 20:49 - 2013-10-03 20:49 - 01045226 _____ C:\Users\Kim\Downloads\AdwCleaner.exe
2013-10-01 16:15 - 2013-10-01 16:15 - 00001724 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-10-01 16:15 - 2013-10-01 16:15 - 00000000 ____D C:\Program Files\Defraggler
2013-10-01 13:39 - 2013-10-01 13:39 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Kim\Desktop\SpyHunter-Installer.exe
2013-10-01 09:00 - 2013-09-30 17:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-01 09:00 - 2013-09-30 17:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-10-01 08:40 - 2013-10-01 08:40 - 00001616 _____ C:\Users\Kim\Desktop\123abc - Shortcut.lnk
2013-10-01 08:29 - 2013-09-30 17:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 08:27 - 2012-04-30 19:05 - 00000000 ____D C:\Users\Kim\AppData\Local\Apps\2.0
2013-10-01 08:20 - 2013-10-01 08:20 - 00021855 _____ C:\Users\Kim\Desktop\dds.txt
2013-10-01 08:20 - 2013-10-01 08:20 - 00013977 _____ C:\Users\Kim\Desktop\attach.txt
2013-10-01 08:19 - 2013-10-01 08:19 - 00688992 ____R (Swearware) C:\Users\Kim\Downloads\dds.com
2013-10-01 08:16 - 2013-10-01 08:16 - 04100432 _____ (Piriform Ltd) C:\Users\Kim\Downloads\dfsetup215.exe
2013-10-01 08:08 - 2013-10-01 08:08 - 00027565 _____ C:\ComboFix.txt
2013-10-01 08:08 - 2013-09-30 23:13 - 00000000 ____D C:\Qoobox
2013-10-01 08:08 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-10-01 08:07 - 2013-09-30 23:12 - 00000000 ____D C:\Windows\erdnt
2013-10-01 08:04 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-10-01 07:38 - 2010-11-20 19:47 - 00035366 _____ C:\Windows\PFRO.log
2013-10-01 07:38 - 2009-07-13 18:34 - 70254592 _____ C:\Windows\System32\config\SOFTWARE.bak
2013-10-01 07:38 - 2009-07-13 18:34 - 24641536 _____ C:\Windows\System32\config\SYSTEM.bak
2013-10-01 07:38 - 2009-07-13 18:34 - 05505024 _____ C:\Windows\System32\config\DEFAULT.bak
2013-10-01 07:38 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\SECURITY.bak
2013-10-01 07:38 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\SAM.bak
2013-10-01 07:37 - 2012-05-07 09:31 - 00000000 ____D C:\Program Files\PrivacySafeGuard
2013-10-01 07:28 - 2013-10-01 07:28 - 05132885 ____R (Swearware) C:\Users\Kim\Downloads\ComboFix.exe
2013-10-01 07:24 - 2012-03-09 07:19 - 01515200 _____ C:\Windows\WindowsUpdate.log
2013-10-01 00:10 - 2012-05-07 09:31 - 00000000 ____D C:\Users\Kim\AppData\Roaming\uTorrent
2013-09-30 23:54 - 2013-09-30 23:54 - 00000000 ____D C:\Users\Kim\Documents\ProcAlyzer Dumps
2013-09-30 23:28 - 2013-09-30 23:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-30 23:27 - 2013-09-30 23:27 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-09-30 23:27 - 2013-09-30 23:27 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-09-30 23:27 - 2013-09-30 23:27 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-09-30 23:26 - 2013-09-30 23:26 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-30 23:26 - 2013-09-30 23:25 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Kim\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-30 22:54 - 2012-03-09 08:04 - 00167424 _____ C:\Windows\System32\TPHDLOG0.LOG
2013-09-30 22:52 - 2013-09-30 22:52 - 21644472 _____ (Media Player) C:\Users\Kim\Downloads\media.player.codec.pack.v4.2.0.setup.exe
2013-09-30 22:52 - 2013-09-30 22:52 - 14230160 _____ (DT Soft Ltd) C:\Users\Kim\Downloads\DTLite4454-0315.exe
2013-09-30 21:06 - 2012-03-09 08:12 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-30 17:36 - 2013-09-30 17:36 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Malwarebytes
2013-09-30 17:36 - 2013-09-30 17:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-30 17:30 - 2012-03-09 08:04 - 02263808 _____ C:\Windows\System32\TPAPSLOG.LOG
2013-09-30 17:29 - 2012-07-03 12:18 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-09-30 17:28 - 2013-09-30 17:28 - 00000000 ____D C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2013-09-30 17:28 - 2013-09-30 17:28 - 00000000 ____D C:\Program Files (x86)\SDHelper (Spybot - Search & Destroy)
2013-09-30 17:28 - 2013-09-30 17:28 - 00000000 ____D C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2013-09-30 17:28 - 2013-09-30 17:28 - 00000000 ____D C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
2013-09-30 17:26 - 2012-03-09 08:01 - 00000000 ____D C:\ProgramData\VeriFace
2013-09-14 20:35 - 2012-03-09 08:12 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-14 20:22 - 2009-07-13 20:45 - 00021072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 20:22 - 2009-07-13 20:45 - 00021072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 20:12 - 2013-09-14 20:11 - 00001288 _____ C:\Users\Kim\Desktop\shutdown.lnk
2013-09-14 20:06 - 2012-07-28 08:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-14 19:29 - 2012-07-28 08:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-14 19:25 - 2012-06-16 00:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-14 19:25 - 2012-06-16 00:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-14 19:03 - 2013-09-14 19:03 - 02049128 _____ (Trend Micro Inc.) C:\Users\Kim\Downloads\HousecallLauncher.exe
2013-09-14 19:03 - 2013-09-14 19:03 - 00000036 _____ C:\Users\Kim\AppData\Local\housecall.guid.cache
2013-09-14 17:10 - 2013-09-14 14:43 - 00043850 _____ C:\Windows\System32\avgrep.txt
2013-09-10 22:50 - 2013-09-10 22:50 - 00000000 ____D C:\Windows\pss
2013-09-10 21:44 - 2013-09-10 21:40 - 00007625 _____ C:\Users\Kim\AppData\Local\Resmon.ResmonCfg
2013-09-10 18:55 - 2013-09-10 18:55 - 00000847 _____ C:\Users\Kim\Desktop\µTorrent.lnk
2013-09-10 17:26 - 2012-06-15 21:36 - 00000000 ____D C:\Users\Kim\AppData\Roaming\SoftGrid Client
2013-09-10 12:40 - 2013-09-01 06:00 - 00000000 ____D C:\Users\Kim\Documents\Lori Resume
2013-09-09 13:43 - 2012-05-15 21:28 - 00000000 ____D C:\Users\Kim\Documents\Outlook Files

Files to move or delete:
====================
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Kim\AppData\Local\Temp\Quarantine.exe
C:\Users\Kim\AppData\Local\Temp\SHSetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6058.14 MB
Available physical RAM: 5355.73 MB
Total Pagefile: 6056.34 MB
Available Pagefile: 5343.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:194.15 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.23 GB) NTFS
Drive f: (Tool Box) (CDROM) (Total:0.11 GB) (Free:0 GB) UDF
Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive h: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 40D6378B)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 984 MB) (Disk ID: A37D7681)
Partition 1: (Not Active) - (Size=983 MB) - (Type=06)


LastRegBack: 2013-09-03 12:30

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   22.19KB   3 downloads

Edited by oneof4, 06 October 2013 - 09:33 PM.


#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:26 AM

Posted 07 October 2013 - 07:03 PM

Hey :)

 

I'd like for you to run ComboFix again, but please do the following first:

  • Navigate to C:\users\Kim\Downloads\ComboFix.exe
  • Right-Click on ComboFix.exe and choose Delete.
  • Now, follow the download link below to download the latest version. IMPORTANT: Save it to your DESKTOP

Please visit this webpage for download links, and instructions for running the tool: 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Before running ComboFix, please perform the following:

  • Uninstall Spybot Search and Destroy

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
If you need instructions on how to disable these programs see the following link:

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 

Please include the C:\ComboFix.txt in your next reply for further review.


Best Regards,
oneof4.


#7 angrymasteryoda

angrymasteryoda
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 08 October 2013 - 01:52 AM

i do not have any options to turn off avg 2012 in safe mode(since i can only login in safe mode) the program that opens is only a avg command line composer which seems to only do scans. but combo fix is still detecting it as a problem should i just uninstall it.


Edited by angrymasteryoda, 08 October 2013 - 01:56 AM.


#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:26 AM

Posted 08 October 2013 - 06:00 AM

Yes, if it will let you do that in safe mode.  That's actually what is recommended anyway, it just freaks most people out when you tell them to "uninstall" their antivirus software.


Best Regards,
oneof4.


#9 angrymasteryoda

angrymasteryoda
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 08 October 2013 - 11:54 PM

did an uninstall on avg combofix still says its on there though

 

ComboFix 13-10-04.02 - Kim 10/08/2013  21:05:02.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6058.5272 [GMT -7:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-09 to 2013-10-09  )))))))))))))))))))))))))))))))
.
.
2013-10-09 04:10 . 2013-10-09 04:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-06 21:57 . 2013-10-06 21:57 -------- d-----w- C:\FRST
2013-10-04 04:57 . 2013-10-04 04:57 -------- d-----w- c:\windows\ERUNT
2013-10-04 04:49 . 2013-10-04 04:52 -------- d-----w- C:\AdwCleaner
2013-10-02 00:15 . 2013-10-02 00:15 -------- d-----w- c:\program files\Defraggler
2013-10-01 07:26 . 2013-10-08 06:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-10-01 01:36 . 2013-10-01 01:36 -------- d-----w- c:\users\Kim\AppData\Roaming\Malwarebytes
2013-10-01 01:36 . 2013-10-01 01:36 -------- d-----w- c:\programdata\Malwarebytes
2013-10-01 01:36 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-01 01:36 . 2013-10-01 16:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-01 01:36 . 2013-10-01 01:36 -------- d-----w- c:\users\Kim\AppData\Local\Programs
2013-10-01 01:28 . 2013-10-01 01:28 -------- d-----w- c:\program files (x86)\TeaTimer (Spybot - Search & Destroy)
2013-10-01 01:28 . 2013-10-01 01:28 -------- d-----w- c:\program files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2013-10-01 01:28 . 2013-10-01 01:28 -------- d-----w- c:\program files (x86)\SDHelper (Spybot - Search & Destroy)
2013-10-01 01:28 . 2013-10-01 01:28 -------- d-----w- c:\program files (x86)\File Scanner Library (Spybot - Search & Destroy)
2013-10-01 01:27 . 2013-10-01 17:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-10-01 01:27 . 2013-10-01 17:00 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 03:25 . 2012-06-16 08:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-15 03:25 . 2012-06-16 08:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-23 15:09 . 2013-08-23 15:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-23 15:09 . 2013-08-23 15:09 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-23 15:09 . 2013-08-23 15:09 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-16 03:50 . 2012-11-14 00:35 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Kim\AppData\Roaming\uTorrent\uTorrent.exe" [2013-09-11 1130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920]
"PLTSR"="c:\program files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [2010-10-22 364400]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-03-09 329056]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-24 136488]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"VitaKeyTSR"=c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe /run
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" -d
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" /s
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"BrowserPlugInHelper"=c:\program files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
R1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
R1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys;c:\windows\SYSNATIVE\DRIVERS\EgisTecFF.sys [x]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [x]
R2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
R3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 03:24 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 03:27]
.
2013-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 16:12]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 16:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]
2012-03-17 04:22 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-09 16:01 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-09 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-09 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ie
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\xki05be8.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - ExtSQL: !HIDDEN! 2013-01-21 20:58; {8D150B8F-EFE8-45a3-A4A3-053020F48FAC}; c:\program files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-48e4cff94f039634 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe
AddRemove-Search Protection - c:\users\Kim\AppData\Roaming\Search Protection\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-08  21:12:13
ComboFix-quarantined-files.txt  2013-10-09 04:12
ComboFix2.txt  2013-10-01 16:08
.
Pre-Run: 209,309,155,328 bytes free
Post-Run: 209,129,652,224 bytes free
.
- - End Of File - - C5ED6FEF0B64D476FC4D459E00165457


#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:26 AM

Posted 09 October 2013 - 10:43 AM

Can you boot into "Normal" Windows?


Edited by oneof4, 09 October 2013 - 10:44 AM.

Best Regards,
oneof4.


#11 angrymasteryoda

angrymasteryoda
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 10 October 2013 - 12:00 AM

Nope still get stuck trying



#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:26 AM

Posted 11 October 2013 - 06:08 PM

Boot into safe mode w/ networking, then perform the following:

 

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

 

==========

 

Update and run Malwarebytes (Full Scan)

Remove what it finds, and post the log for me.

 

==========

 

Try to boot into Normal Mode afterward.


Edited by oneof4, 11 October 2013 - 06:09 PM.

Best Regards,
oneof4.


#13 angrymasteryoda

angrymasteryoda
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 13 October 2013 - 12:18 AM

Still unable to get into normal mode

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.12.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Kim :: KIM-PC [administrator]

Protection: Disabled

10/12/2013 5:45:57 PM
MBAM-log-2013-10-12 (22-15-09).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373339
Time elapsed: 4 hour(s), 8 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\TypeLib\{1EA1A4B4-B3EF-481F-89D7-467FEAD5CF20} (PUP.PrivacySafeGuard) -> No action taken.
HKCR\Interface\{C8DA3FA9-8DD9-4BF6-BBBA-625B0E3D07F7} (PUP.PrivacySafeGuard) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe.vir (PUP.Optional.Tarma.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\ProgramData\WeCareReminder\ReminderHelper.exe.vir (PUP.Optional.WeCare.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\ProgramData\WeCareReminder\WCAutoUpdate.exe.vir (PUP.Optional.WeCare.A) -> No action taken.
C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PUP.PrivacySafeGuard) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\PrivacySafeGuard\PrIVacysafeguard.dll.vir (PUP.PrivacySafeGuard) -> No action taken.
C:\Users\Kim\Downloads\DTLite4454-0315.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Kim\Downloads\media.player.codec.pack.v4.2.0.setup.exe (PUP.Dealio.TB) -> No action taken.
C:\Windows\Installer\21e3bf.msi (PUP.Optional.WeCare.A) -> No action taken.

(end)
 


Edited by angrymasteryoda, 13 October 2013 - 12:52 AM.


#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:26 AM

Posted 13 October 2013 - 07:28 AM

Re-run MBAM, and select the items that it found, then allow it to remove them.  Afterward, try Normal mode once again.


Best Regards,
oneof4.


#15 angrymasteryoda

angrymasteryoda
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 13 October 2013 - 05:00 PM

re ran and deleted now when i type in my password on the normal mode login it wont let me press the enter key just stuck on the screen where it asks for password






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users