Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Win 7, startup fail, Windows repair fail

  • This topic is locked This topic is locked
22 replies to this topic

#1 composerken


  • Members
  • 10 posts
  • Local time:04:24 PM

Posted 18 October 2013 - 03:21 PM

Hi, first time poster here.  I work for a composer managing/troubleshooting his computers.  One of them recently started failing to reboot and I can't even get into Safemode.  Trying to system restore fails with the error 0x800700b7.  I read a few other threads having the same issue resolved by the Farbar Recovery scan then fix.  I downloaded FRST64.exe, put it on a USB stick, ran it and created the attached FRST.txt log.  Can someone help me with a Fixlist.txt solution as well?


Many many many thanks in advance!

Attached Files

  • Attached File  FRST.txt   29.16KB   6 downloads

Edited by hamluis, 18 October 2013 - 05:20 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.

BC AdBot (Login to Remove)


#2 polskamachina


  • Malware Response Team
  • 3,920 posts
  • Gender:Male
  • Local time:05:24 PM

Posted 20 October 2013 - 12:53 PM

Hi composerken :)

I will be handling your computer issues to help you get up and running again. Please give me some time to look over your situation and I will get back to you as soon as possible.

Thanks for your patience.


#3 composerken

  • Topic Starter

  • Members
  • 10 posts
  • Local time:04:24 PM

Posted 20 October 2013 - 01:28 PM

Hi polskamachina,


Thank you for getting back to me so quickly.  I wanted to give you an update in my situation to help you further.


I decided to try a Windows Memory Diagnostic from the System Recovery Options.  After the memory test finished the system immediately proceeded to the Windows bootup screen and windows finally booted.  I was welcomed with a dialog box that said something to the effect: "System Image Recovery successful", which I thought was weird since previous attempts to run image recovery failed.


The system worked fine with Windows now running.  Satisfied, I decided to shut down.  After powering up the computer later, the same issue as before resulted.  I went straight to the Memory Diagnostic.  This time it took two different memory diagnostic runs to get to the Windows bootup screen, and finally into Windows.


I suspect the memory is faulty, but would love to know what you think.  I would love not to have to run a memory diagnostic every time to get to Windows.  Thank you again in advance!

#4 polskamachina


  • Malware Response Team
  • 3,920 posts
  • Gender:Male
  • Local time:05:24 PM

Posted 20 October 2013 - 06:52 PM

Hi composerken :)


Thank you for posting the update. I have added that information to your other observations and will be replying back to you soon.



#5 polskamachina


  • Malware Response Team
  • 3,920 posts
  • Gender:Male
  • Local time:05:24 PM

Posted 22 October 2013 - 12:32 AM

Hi composerken smile.png
Let's run a memory test and see what we can find. Please follow the directions below. You will need a USB flash drive to run this test.
First, back up your flash drive.
Select Download - Auto-installer for USB Key from this link and download the file to your flash drive.
Run Memtest86+ from the USB flash drive.


Click on I Agree when presented with the License Agreement and proceed from there.


Remember that you will need to set your BIOS to boot from the USB flash drive when your computer restarts to begin the test.


It may take a while for this test to complete. Let me know if there were any faults found in your next reply.


#6 polskamachina


  • Malware Response Team
  • 3,920 posts
  • Gender:Male
  • Local time:05:24 PM

Posted 27 October 2013 - 11:24 AM

Hi composerken :)
It's been several days since you've checked in. Do you still need help with this? If not, this topic will be closed in 48 hours.
Let me know if you have any questions.

#7 composerken

  • Topic Starter

  • Members
  • 10 posts
  • Local time:04:24 PM

Posted 28 October 2013 - 01:30 AM

Hi polskamachina,


I'm so sorry for not getting back to you quicker.  I have finally had time to run the memory test tonight, as the studio is in the middle of a move.


It's currently about 4 hours into the process, and I can't really tell what percentage it is to being finished.  How long do the memory tests usually take?


so far it reads no errors.

#8 composerken

  • Topic Starter

  • Members
  • 10 posts
  • Local time:04:24 PM

Posted 28 October 2013 - 02:05 AM

The attached pictures is the current state of the test...it has not changed for over 4 hours, if that helps.

Attached Files

#9 composerken

  • Topic Starter

  • Members
  • 10 posts
  • Local time:04:24 PM

Posted 28 October 2013 - 05:55 AM

The test seemed like it froze - after sending you the picture it stayed exactly at that place for three and a half hours.  I decided to quit the computer - I had to move its location, unfortunately.


I will give it another go tomorrow sometime.

#10 polskamachina


  • Malware Response Team
  • 3,920 posts
  • Gender:Male
  • Local time:05:24 PM

Posted 28 October 2013 - 10:02 AM

Hi composerken :)


Please hold off on another run of memtest86 until I sort out the results of your last run.



#11 polskamachina


  • Malware Response Team
  • 3,920 posts
  • Gender:Male
  • Local time:05:24 PM

Posted 30 October 2013 - 12:46 AM

Hi composerken :)


Below are three separate procedures that need to be performed. Let me know if you have any questions.
1) Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions <-important
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
2) Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

3) Please download DDS by sUBs from one of the following links. Save it to your desktop.

  • Double click on the DDS icon, allow it to run.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open the logfile.
  • You can find the logfile on your desktop as well.
  • Please post the content of that logfile with your next answer.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


How is your computer performing now?


#12 composerken

  • Topic Starter

  • Members
  • 10 posts
  • Local time:04:24 PM

Posted 30 October 2013 - 10:31 PM

Hi polskamachina, thanks again for the directions.


So far the computer still only loads windows after I perform a memory test as before.  (although I haven't tried restarting yet after running these three programs)


Here are the logs. 


Malwarebytes Anti-Malware

Database version: v2013.10.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Owner :: KENTERPRISE [administrator]

10/30/2013 8:14:50 PM
MBAM-log-2013-10-30 (20-17-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207005
Time elapsed: 1 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CrossriderApp0004493.BHO (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0004493.BHO.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0004493.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0004493.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Owner\Downloads\DTLite4454-0315.exe (PUP.Optional.OpenCandy) -> No action taken.



# AdwCleaner v3.010 - Report created 30/10/2013 at 20:22:03
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - KENTERPRISE
# Running from : C:\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Windows\System32\Tasks\LaunchApp
Folder Found C:\Program Files (x86)\Coupon Companion
Folder Found C:\Program Files (x86)\Vuze
Folder Found C:\Program Files (x86)\Vuze Remote toolbar
Folder Found C:\Users\Owner\AppData\Local\Coupon Companion
Folder Found C:\Users\Owner\AppData\LocalLow\Search Settings

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Search Settings
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\Software\Search Settings
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Google Chrome v

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup


AdwCleaner[R0].txt - [3310 octets] - [30/10/2013 20:22:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3370 octets] ##########



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.21.2
Run by Owner at 20:25:36 on 2013-10-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16366.13194 [GMT -7:00]
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Bitdefender Antispyware *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\FlashGet\flashget.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
============== Pseudo HJT Report ===============
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\6.7\vuzeToolbarIE.dll
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit = userinit.exe
BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\6.7\vuzeToolbarIE.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\6.7\vuzeToolbarIE.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [Verbose] "C:\Program Files (x86)\NCH Software\Verbose\verbose.exe" -logon
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [ElevatedDiagnostics] rundll32 "C:\Users\Owner\AppData\Local\Google\ElevatedDiagnostics\lfjbpkra.dll",DllRegisterServerW
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
TCP: NameServer =
TCP: Interfaces\{86BF4035-9742-42C8-935F-0ABBE36C80E0} : DHCPNameServer =
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
x64-Run: [FirefaceUsbTray1] firefaceusb.exe
x64-Run: [FirefaceMixTray2] TotalMixFX.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-1-11 727592]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-10-2 150256]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2013-2-10 413448]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2013-2-10 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2013-2-10 1096176]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-1-17 55280]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-4-26 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-1-11 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2013-1-11 76944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-8 283200]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2013-2-10 347016]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2013-2-10 253256]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-8-4 352816]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2013-2-10 580728]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2012-5-23 21520]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-18 13592]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-2-18 165032]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-1-11 95184]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-2-8 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2013-2-10 403416]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2013-2-10 1162360]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-8-27 67320]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-13 96896]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-1-11 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-7-15 601360]
R3 firefaceu64;RME Fireface USB Audio Device;C:\Windows\System32\drivers\fireface_usb_64.sys [2013-4-4 101632]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-10-25 96768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-10-25 213504]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2013-2-10 77144]
R3 pctplsm;pctplsm;C:\Windows\System32\drivers\pctplsm64.sys [2013-2-10 87968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-1-11 82824]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-6-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-15 39464]
S3 dalwdmservice;dal service;C:\Windows\System32\drivers\Dalwdm.sys [2012-5-23 139792]
S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\System32\drivers\dgmbx2.sys [2011-2-13 194864]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2009-11-16 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2009-11-16 42192]
S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\System32\drivers\dgmbx2fu.sys [2011-2-13 32944]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\System32\drivers\mbx2midk.sys [2012-5-23 32400]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 sonydcam;Generic 1394 Desktop Camera;C:\Windows\System32\drivers\sonydcam.sys [2009-7-13 33792]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-18 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-3-28 69392]
=============== Created Last 30 ================
2013-10-31 03:22:01 -------- d-----w- C:\AdwCleaner
2013-10-31 03:13:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-10-31 03:12:35 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-31 03:12:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-31 03:12:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-18 20:30:52 -------- d-----w- C:\FRST
2013-10-18 17:53:26 -------- d-----w- C:\Users\Owner\AppData\Local\LAV
2013-10-17 21:53:28 -------- d-----w- C:\Users\Owner\AppData\Roaming\Wivi Band
2013-10-17 21:50:56 -------- d-----w- C:\Program Files (x86)\Wivi Band
2013-10-17 21:23:11 -------- d-----w- C:\Program Files\McAfee Security Scan
2013-10-17 19:41:20 -------- d-----w- C:\GIGA
2013-10-10 18:41:17 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-04 01:36:28 -------- d-----w- C:\Program Files (x86)\TransMac
2013-10-03 01:25:34 150256 ----a-w- C:\Windows\System32\drivers\gzflt.sys
==================== Find3M  ====================
2013-10-09 01:30:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 01:30:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-03 01:25:26 389240 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
============= FINISH: 20:25:47.30 ===============



#13 polskamachina


  • Malware Response Team
  • 3,920 posts
  • Gender:Male
  • Local time:05:24 PM

Posted 03 November 2013 - 01:16 PM

Hi composerken :)
There are six tasks below that need to be performed. In summary they are:

  1. Rerun the Malwarebytes Anti-Malware program and remove all the found malware.
  2. Rerun the AdwCleanear program and clean all the adware.
  3. Remove one of your two anti-virus programs.
  4. Run an online ESET scan.
  5. Perform an updated DDS scan.
  6. Double-check that you have included all the logs in your next reply to me. :thumbsup:

Let me know if you have any questions.


I would like for you to rerun the Malwarebytes Anti-Malware program. When the scan is finished and the threats are listed, please check all the boxes to the left of the found threats if they are not already checked. A sample image of the results screen is shown here at step 11. Once all the boxes are checked, then click on the button, "Remove selected." Please copy and paste the results of the log in your next reply to me.

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either PC Tools Spyware Doctor with Antivirus or Bitdefender Antivirus.
Below are more details on how to remove a program:
Windows 7 Instructions

  • Click on the Windows 7 Start Menu button (start-menu-button.jpg) and then click on the Control Panel.
  • Please double-click the Uninstall a program icon:
  • A list of programs installed will be populated this may take a bit of time.
  • In this list please find the program that you would like to remove and select it by left-clicking once on it.
  • Then click on the Uninstall button to start the uninstall process for this program. A wizard should then open, which will guide you through the rest of the uninstall.

If you find a visual aid appealing, you may like to watch the following video presentations which will show the above steps exactly as you would see them on your computer.

Video showing how to uninstall a program in Windows XP
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Please perform another DDS scan so we can see the status of your computer.




You should include the logs from Malwarebytes Anti-Malware, AdwCleaner, ESET Online Scanner, and DDS in your next reply.


How is your computer performing now?

#14 polskamachina


  • Malware Response Team
  • 3,920 posts
  • Gender:Male
  • Local time:05:24 PM

Posted 10 November 2013 - 02:12 PM

Hi composerken :)
It's been several days since you've checked in. Do you still need help with this? If not, this topic will be closed in 48 hours.
Let me know if you have any questions.

#15 composerken

  • Topic Starter

  • Members
  • 10 posts
  • Local time:04:24 PM

Posted 11 November 2013 - 05:55 PM

Hi polskamachina,


Sorry for not getting back to you right away and I really appreciate you attending to this problem.  I won't be able to run through the steps you've provided until this weekend - but I'll do it then!  Thanks for waiting... 

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users