Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black backgroud, no icons, no start menu


  • This topic is locked This topic is locked
29 replies to this topic

#1 cencored

cencored

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 19 November 2013 - 12:57 AM

Hi guys, I am desperate. I installed some nividia software upgrade which was flashing in my icon tray at the bottom right. After a restart my desktop icons disappeared, my start menu empty and a black background.

 

I have researched on this forum and it looks like ppl have encountered this. However there is a difference because all my documents, pictures, downloads folder etc is all gone. So I have had some software configuration in username/appdata/roaming/... and all that is gone so some of the installed software doesn't run properly anymore. 

I was not able to locate the temp file that is supposed to still hold all of this information (through unhide as well as manual search).

 

I did not delete any temp folders ever since this issue happened.

Both malwarebytes and my microsoft virus killer software didn't find a virus, so I'm not sure how this happened....

 

Any advise is much appreciated!


Edited by cencored, 19 November 2013 - 12:57 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 AM

Posted 24 November 2013 - 01:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514675 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 30 November 2013 - 07:39 PM

Greetings cencored and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 cencored

cencored
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 02 December 2013 - 02:14 AM

Thanks for your reply here is the response

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Kojak (administrator) on KOJAK-PC on 02-12-2013 18:10:34
Running from C:\Users\Kojak\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCAB2AD8D3AE4CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 61.9.194.49 61.9.195.193
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2013-06-03 13:09] - [2013-06-03 13:09] - 0027136 ____A (Microsoft Corporation) DFDE777FAF31DC25E3624E8071073146
 
C:\Windows\SysWOW64\svchost.exe
[2013-06-03 13:09] - [2013-06-03 13:09] - 0021504 ____A (Microsoft Corporation) FFB38D8AFD6F4FCA1D46D64F1EDE0B9F
 
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-06-03 13:09] - [2013-06-03 13:09] - 0296808 ____A (Microsoft Corporation) DF83AA1C4278E2C0E36C0479C1555A9C
 
 
 
LastRegBack: 2013-11-30 19:13
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Kojak at 2013-12-02 18:11:02
Running from C:\Users\Kojak\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 13:34 - 2013-07-31 23:40 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2013 06:09:39 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/02/2013 07:07:50 AM) (Source: MSDTC) (User: )
Description: none available
 
Error: (11/30/2013 10:51:08 PM) (Source: Application Hang) (User: )
Description: The program TrackIR5.exe version 5.2.0.200 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b70
 
Start Time: 01ceedab96fef637
 
Termination Time: 50
 
Application Path: C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe
 
Report Id: b135a37e-59b5-11e3-89e5-406c8f398721
 
Error: (11/30/2013 10:50:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.61637.0, time stamp: 0x46fadb14
Faulting module name: MSVBVM60.DLL, version: 6.0.98.15, time stamp: 0x4a5bda6c
Exception code: 0xc0000005
Fault offset: 0x0001f581
Faulting process id: 0x508
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
 
Error: (11/30/2013 09:21:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.61637.0, time stamp: 0x46fadb14
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04246c81
Faulting process id: 0x5c0
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
 
Error: (11/30/2013 09:15:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.61637.0, time stamp: 0x46fadb14
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2b2b2b2b
Faulting process id: 0x1710
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
 
Error: (11/30/2013 08:54:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.61637.0, time stamp: 0x46fadb14
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04246c81
Faulting process id: 0xb10
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
 
Error: (11/30/2013 06:50:18 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/30/2013 07:48:28 AM) (Source: MSDTC) (User: )
Description: none available
 
Error: (11/29/2013 09:23:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: fsx.exe, version: 10.0.61637.0, time stamp: 0x46fadb14
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04246c81
Faulting process id: 0x1054
Faulting application start time: 0xfsx.exe0
Faulting application path: fsx.exe1
Faulting module path: fsx.exe2
Report Id: fsx.exe3
 
 
System errors:
=============
Error: (12/02/2013 06:09:47 PM) (Source: Service Control Manager) (User: )
Description: The Windows Font Cache Service service failed to start due to the following error: 
%%1083
 
Error: (12/02/2013 07:07:50 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
prl_fs
 
Error: (12/02/2013 07:07:49 AM) (Source: Service Control Manager) (User: )
Description: The Parallels Coherence Service service failed to start due to the following error: 
%%1053
 
Error: (12/02/2013 07:07:49 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Parallels Coherence Service service to connect.
 
Error: (11/30/2013 09:22:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Font Cache Service service failed to start due to the following error: 
%%1083
 
Error: (11/30/2013 09:16:38 PM) (Source: Service Control Manager) (User: )
Description: The Windows Font Cache Service service failed to start due to the following error: 
%%1083
 
Error: (11/30/2013 08:56:03 PM) (Source: Service Control Manager) (User: )
Description: The Windows Font Cache Service service failed to start due to the following error: 
%%1083
 
Error: (11/30/2013 08:24:13 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (11/30/2013 08:16:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Font Cache Service service failed to start due to the following error: 
%%1083
 
Error: (11/30/2013 08:16:35 PM) (Source: Service Control Manager) (User: )
Description: The Windows Font Cache Service service failed to start due to the following error: 
%%1083
 
 
Microsoft Office Sessions:
=========================
Error: (12/02/2013 06:09:39 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/02/2013 07:07:50 AM) (Source: MSDTC)(User: )
Description: none available
 
Error: (11/30/2013 10:51:08 PM) (Source: Application Hang)(User: )
Description: TrackIR5.exe5.2.0.200b7001ceedab96fef63750C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exeb135a37e-59b5-11e3-89e5-406c8f398721
 
Error: (11/30/2013 10:50:41 PM) (Source: Application Error)(User: )
Description: fsx.exe10.0.61637.046fadb14MSVBVM60.DLL6.0.98.154a5bda6cc00000050001f58150801ceedb5ef4e0045F:\Microsoft Flight Simulator X\fsx.exeC:\Windows\system32\MSVBVM60.DLLa2f7bcbe-59b5-11e3-89e5-406c8f398721
 
Error: (11/30/2013 09:21:14 PM) (Source: Application Error)(User: )
Description: fsx.exe10.0.61637.046fadb14unknown0.0.0.000000000c000000504246c815c001ceedb52854cabeF:\Microsoft Flight Simulator X\fsx.exeunknown23ce4b9c-59a9-11e3-89e5-406c8f398721
 
Error: (11/30/2013 09:15:52 PM) (Source: Application Error)(User: )
Description: fsx.exe10.0.61637.046fadb14unknown0.0.0.000000000c00000052b2b2b2b171001ceedb24878b95aF:\Microsoft Flight Simulator X\fsx.exeunknown63ca7fca-59a8-11e3-89e5-406c8f398721
 
Error: (11/30/2013 08:54:56 PM) (Source: Application Error)(User: )
Description: fsx.exe10.0.61637.046fadb14unknown0.0.0.000000000c000000504246c81b1001ceedac83677dc5F:\Microsoft Flight Simulator X\fsx.exeunknown7719c9fe-59a5-11e3-89e5-406c8f398721
 
Error: (11/30/2013 06:50:18 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/30/2013 07:48:28 AM) (Source: MSDTC)(User: )
Description: none available
 
Error: (11/29/2013 09:23:34 PM) (Source: Application Error)(User: )
Description: fsx.exe10.0.61637.046fadb14unknown0.0.0.000000000c000000504246c81105401ceecd9e55e220fF:\Microsoft Flight Simulator X\fsx.exeunknown4cbba1e5-58e0-11e3-898f-406c8f398721
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 30%
Total physical RAM: 8098.7 MB
Available physical RAM: 5601.8 MB
Total Pagefile: 9596.89 MB
Available Pagefile: 6753 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: (BOOTCAMP) (Fixed) (Total:27.94 GB) (Free:0.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Macintosh HD) (Fixed) (Total:205.02 GB) (Free:20.84 GB) HFS
 
==================== End Of Log ============================


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 02 December 2013 - 09:19 AM

Greetings,

Looks like we need to run the program again a different way. Please do this.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 cencored

cencored
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 02 December 2013 - 07:13 PM

Thanks so much again for your help with this.
Please see below:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2013
Ran by SYSTEM on MININT-AR0M0S6 on 03-12-2013 00:10:15
Running from D:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-13] (Logitech Inc.)
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [743776 2013-01-15] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-22] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2013-01-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
 
==================== Services (Whitelisted) =================
 
S2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226144 2013-01-15] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-22] (Microsoft Corporation)
S2 PrlVssProvider; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S2 PrlVssProvider; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S2 prl_uprof; C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll [85248 2013-06-16] (Parallels Holdings, Ltd. and its affiliates.)
 
==================== Drivers (Whitelisted) ====================
 
S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-06-17] (Apple Inc.)
S3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-06-17] (Apple Inc.)
S3 B57ports; C:\Windows\System32\DRIVERS\b57ports.sys [44544 2012-12-09] (Broadcom Corporation)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-29] (Disc Soft Ltd)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-26] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-26] (Microsoft Corporation)
S3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
S3 prl_memdev; C:\Windows\System32\DRIVERS\prl_memdev.sys [21760 2013-06-16] ()
S3 SaiH0763; C:\Windows\System32\DRIVERS\SaiH0763.sys [178304 2008-02-14] (Saitek)
S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-01] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-29] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-29] (Saitek)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
NETSVC: prl_uprof -> C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll (Parallels Holdings, Ltd. and its affiliates.)
 
==================== One Month Created Files and Folders ========
 
2013-12-01 23:11 - 2013-12-01 23:11 - 00010799 _____ C:\Users\Kojak\Downloads\Addition.txt
2013-12-01 23:10 - 2013-12-01 23:11 - 00002381 _____ C:\Users\Kojak\Downloads\FRST.txt
2013-12-01 23:10 - 2013-12-01 23:10 - 00000000 ____D C:\FRST
2013-12-01 23:09 - 2013-12-01 23:10 - 01959184 _____ (Farbar) C:\Users\Kojak\Downloads\FRST64.exe
2013-11-27 13:37 - 2013-11-27 13:37 - 00000000 ____D C:\Users\Kojak\AppData\Roaming\NVIDIA
2013-11-27 12:48 - 2013-11-27 12:48 - 00002112 _____ C:\Users\Public\Desktop\TrackIR v5.lnk
2013-11-27 12:33 - 2013-11-27 12:48 - 00000000 ____D C:\Program Files (x86)\NaturalPoint
2013-11-27 12:32 - 2013-11-27 12:33 - 18105736 _____ (NaturalPoint) C:\Users\Kojak\Downloads\TrackIR_5.2.2.Final.exe
2013-11-26 02:56 - 2013-11-26 02:56 - 00001058 _____ C:\Users\Kojak\Desktop\Orbx YBRM Control Panel (FSX).lnk
2013-11-26 02:56 - 2013-11-26 02:56 - 00001058 _____ C:\Users\Kojak\Desktop\FTX Aero FSX.lnk
2013-11-26 02:56 - 2013-11-26 02:56 - 00001001 _____ C:\Users\Kojak\Desktop\FTX Night.lnk
2013-11-26 02:56 - 2013-11-26 02:56 - 00000991 _____ C:\Users\Kojak\Desktop\FTX Day.lnk
2013-11-26 02:51 - 2013-06-22 16:08 - 724497849 _____ C:\Users\Kojak\Desktop\ORBX YBRM.rar
2013-11-26 00:56 - 2013-11-26 00:56 - 00000000 ____D C:\Users\Kojak\AppData\Local\SmartTechnology
2013-11-25 22:21 - 2013-11-25 22:21 - 00000000 ____D C:\Users\Kojak\AppData\Roaming\Adobe
2013-11-25 22:19 - 2013-10-13 23:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2013-11-25 22:16 - 2013-11-25 22:16 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-25 22:16 - 2013-11-25 22:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-25 22:16 - 2013-11-25 22:16 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-25 22:16 - 2013-11-25 22:16 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-25 22:16 - 2013-11-25 22:16 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-25 22:16 - 2013-11-25 22:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-25 22:16 - 2013-11-25 22:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-25 22:16 - 2013-11-25 22:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-25 22:16 - 2013-11-25 22:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-25 22:16 - 2013-11-25 22:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-25 22:16 - 2013-11-25 22:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-25 22:15 - 2013-11-25 22:19 - 00007582 _____ C:\Windows\IE11_main.log
2013-11-25 03:08 - 2013-11-25 03:08 - 00000000 ____D C:\Users\Kojak\Downloads\F1_C162_Skycatcher_EZdok_Profile
2013-11-25 03:05 - 2013-11-25 03:05 - 00206043 _____ C:\Users\Kojak\Downloads\EZdok_Profile_for_F1_C162_Skycatcher.zip
2013-11-25 03:01 - 2013-11-25 03:01 - 00002087 _____ C:\Users\Kojak\Downloads\My Heavies - Air and Ground.zip
2013-11-25 00:29 - 2013-11-25 00:30 - 00434176 _____ (TODO: <Company name>) C:\Users\Kojak\Downloads\fsxfix.exe
2013-11-25 00:24 - 2013-11-25 00:24 - 00000000 ____D C:\Users\Kojak\AppData\Roaming\EZCA
2013-11-25 00:23 - 2013-11-25 00:25 - 07082831 _____ (FSFDT) C:\Users\Kojak\Downloads\SetupFSInn13B2_3.exe
2013-11-25 00:23 - 2013-11-25 00:24 - 04502982 _____ (FSFDT) C:\Users\Kojak\Downloads\SetupFSCopilot17B2_4.exe
2013-11-24 23:19 - 2013-11-24 23:19 - 00000000 ____D C:\Users\Kojak\AppData\Local\Apple
2013-11-24 23:07 - 2013-11-24 23:07 - 00001009 _____ C:\Users\Kojak\Desktop\rex.exe - Shortcut.lnk
2013-11-24 23:05 - 2013-11-24 23:05 - 00000000 ____D C:\Users\Kojak\Desktop\FSUIPC 4.858
2013-11-18 21:12 - 2013-11-18 21:12 - 00000000 ____D C:\Users\Kojak\Documents\rxpGnsSim
2013-11-18 21:05 - 2013-11-25 02:49 - 00006052 _____ C:\Users\Kojak\Documents\rxpGnsSim.dll.log
2013-11-18 21:01 - 2013-11-25 01:45 - 00000000 ____D C:\ProgramData\Reality XP
2013-11-18 21:00 - 2013-11-18 21:10 - 00000000 ____D C:\RealityXP
2013-11-18 20:56 - 2013-11-18 20:58 - 12508243 _____ ( Flight1, Inc.) C:\Users\Kojak\Downloads\rxpGNS-430WAAS.exe
2013-11-18 18:17 - 2013-11-18 18:17 - 00000651 _____ C:\Users\Kojak\Downloads\FixDesktop.reg
2013-11-18 18:02 - 2013-11-18 18:02 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Kojak\Downloads\unhide (2).exe
2013-11-18 17:59 - 2013-11-18 17:59 - 00326484 _____ C:\Users\Kojak\Downloads\win7-x64-sm-reset.exe
2013-11-18 17:46 - 2013-11-18 17:46 - 00891200 _____ C:\Users\Kojak\Downloads\SecurityCheck.exe
2013-11-18 17:41 - 2013-11-18 17:41 - 00000000 ____D C:\Users\Kojak\AppData\Roaming\Malwarebytes
2013-11-18 17:41 - 2013-11-18 17:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 17:40 - 2013-11-18 17:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kojak\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-18 17:37 - 2013-11-18 17:37 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Kojak\Downloads\rkill.exe
2013-11-18 17:37 - 2013-11-18 17:37 - 00002964 _____ C:\Users\Kojak\Desktop\Rkill.txt
2013-11-18 17:37 - 2013-11-18 17:37 - 00000000 ____D C:\Users\Kojak\Desktop\rkill
2013-11-18 16:37 - 2013-11-18 16:37 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Kojak\Downloads\unhide (1).exe
2013-11-18 16:35 - 2013-11-18 17:56 - 00002520 _____ C:\Users\Kojak\Desktop\unhide.txt
2013-11-18 16:35 - 2013-11-18 16:35 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Kojak\Downloads\unhide.exe
2013-11-18 03:40 - 2013-11-18 03:40 - 00002267 _____ C:\Users\Kojak\Desktop\Google Chrome.lnk
2013-11-18 03:23 - 2013-11-18 19:35 - 00033540 _____ C:\Users\Kojak\AppData\Local\parallels.log
2013-11-18 03:23 - 2013-11-18 03:23 - 00060464 _____ C:\Users\Kojak\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-18 03:23 - 2013-11-18 03:23 - 00000020 ___SH C:\Users\Kojak\ntuser.ini
2013-11-18 03:23 - 2013-11-18 03:23 - 00000000 ____D C:\Users\Kojak\AppData\Roaming\DAEMON Tools Lite
2013-11-18 03:20 - 2013-12-02 03:42 - 00000000 ____D C:\Users\Kojak\Documents\Flight Simulator X Files
2013-11-18 03:20 - 2013-11-18 03:27 - 00000000 ____D C:\Users\Kojak\AppData\Local\NVIDIA
2013-11-18 03:19 - 2013-11-18 03:19 - 00000000 ____D C:\9.3.21.0
2013-11-17 01:59 - 2013-11-17 02:27 - 00000000 ____D C:\Program Files (x86)\FSFDT
2013-11-16 14:54 - 2013-11-25 10:49 - 00002014 _____ C:\Windows\PFRO.log
2013-11-16 00:38 - 2013-11-16 00:38 - 00000000 ____D C:\Windows\System32\appmgmt
2013-11-13 00:11 - 2013-10-11 18:25 - 00832000 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 00:11 - 2013-10-11 18:24 - 00861184 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 00:11 - 2013-10-11 18:24 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 00:11 - 2013-10-11 18:23 - 00706560 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2013-11-13 00:11 - 2013-10-11 17:57 - 00657920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 00:11 - 2013-10-11 17:56 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 00:11 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 00:11 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 00:11 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 00:11 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 00:11 - 2013-10-03 18:24 - 01931264 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 00:11 - 2013-10-03 18:02 - 01796608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 00:11 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 00:11 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 00:11 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 00:11 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 00:11 - 2013-09-27 17:14 - 00496128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 00:11 - 2013-09-24 18:30 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 00:11 - 2013-09-24 18:30 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 00:11 - 2013-09-24 18:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 00:11 - 2013-09-24 18:27 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 00:11 - 2013-09-24 18:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 00:11 - 2013-09-24 18:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 00:11 - 2013-09-24 18:26 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 00:11 - 2013-09-24 18:25 - 01446400 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 00:11 - 2013-09-24 18:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 00:11 - 2013-09-24 18:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 00:11 - 2013-09-24 18:00 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 00:11 - 2013-09-24 17:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 00:11 - 2013-09-24 17:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 00:11 - 2013-07-08 22:26 - 00458704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-08 21:02 - 2013-12-01 12:07 - 00004039 _____ C:\Windows\setupact.log
2013-11-08 21:02 - 2013-11-08 21:02 - 00000000 _____ C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
2013-12-02 16:00 - 2013-07-21 10:31 - 00000000 ____D C:\.Trashes
2013-12-02 04:03 - 2013-07-08 05:55 - 01257394 _____ C:\Windows\WindowsUpdate.log
2013-12-02 03:48 - 2013-07-09 03:28 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 03:42 - 2013-11-18 03:20 - 00000000 ____D C:\Users\Kojak\Documents\Flight Simulator X Files
2013-12-02 01:48 - 2013-07-09 03:28 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 00:12 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-01 23:15 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 23:15 - 2009-07-13 20:45 - 00022080 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 23:11 - 2013-12-01 23:11 - 00010799 _____ C:\Users\Kojak\Downloads\Addition.txt
2013-12-01 23:11 - 2013-12-01 23:10 - 00002381 _____ C:\Users\Kojak\Downloads\FRST.txt
2013-12-01 23:10 - 2013-12-01 23:10 - 00000000 ____D C:\FRST
2013-12-01 23:10 - 2013-12-01 23:09 - 01959184 _____ (Farbar) C:\Users\Kojak\Downloads\FRST64.exe
2013-12-01 12:07 - 2013-11-08 21:02 - 00004039 _____ C:\Windows\setupact.log
2013-12-01 12:07 - 2013-07-08 16:55 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-01 12:07 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 12:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2013-11-27 13:37 - 2013-11-27 13:37 - 00000000 ____D C:\Users\Kojak\AppData\Roaming\NVIDIA
2013-11-27 12:48 - 2013-11-27 12:48 - 00002112 _____ C:\Users\Public\Desktop\TrackIR v5.lnk
2013-11-27 12:48 - 2013-11-27 12:33 - 00000000 ____D C:\Program Files (x86)\NaturalPoint
2013-11-27 12:33 - 2013-11-27 12:32 - 18105736 _____ (NaturalPoint) C:\Users\Kojak\Downloads\TrackIR_5.2.2.Final.exe
2013-11-26 02:56 - 2013-11-26 02:56 - 00001058 _____ C:\Users\Kojak\Desktop\Orbx YBRM Control Panel (FSX).lnk
2013-11-26 02:56 - 2013-11-26 02:56 - 00001058 _____ C:\Users\Kojak\Desktop\FTX Aero FSX.lnk
2013-11-26 02:56 - 2013-11-26 02:56 - 00001001 _____ C:\Users\Kojak\Desktop\FTX Night.lnk
2013-11-26 02:56 - 2013-11-26 02:56 - 00000991 _____ C:\Users\Kojak\Desktop\FTX Day.lnk
2013-11-26 00:56 - 2013-11-26 00:56 - 00000000 ____D C:\Users\Kojak\AppData\Local\SmartTechnology
2013-11-25 22:21 - 2013-11-25 22:21 - 00000000 ____D C:\Users\Kojak\AppData\Roaming\Adobe
2013-11-25 22:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-25 22:19 - 2013-11-25 22:15 - 00007582 _____ C:\Windows\IE11_main.log
2013-11-25 22:16 - 2013-11-25 22:16 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-25 22:16 - 2013-11-25 22:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-25 22:16 - 2013-11-25 22:16 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-25 22:16 - 2013-11-25 22:16 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-25 22:16 - 2013-11-25 22:16 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-25 22:16 - 2013-11-25 22:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-25 22:16 - 2013-11-25 22:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-25 22:16 - 2013-11-25 22:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-25 22:16 - 2013-11-25 22:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-25 22:16 - 2013-11-25 22:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-25 22:16 - 2013-11-25 22:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-25 22:16 - 2013-11-25 22:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-25 22:16 - 2013-11-25 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-25 10:49 - 2013-11-16 14:54 - 00002014 _____ C:\Windows\PFRO.log
2013-11-25 03:08 - 2013-11-25 03:08 - 00000000 ____D C:\Users\Kojak\Downloads\F1_C162_Skycatcher_EZdok_Profile
2013-11-25 03:05 - 2013-11-25 03:05 - 00206043 _____ C:\Users\Kojak\Downloads\EZdok_Profile_for_F1_C162_Skycatcher.zip
2013-11-25 03:01 - 2013-11-25 03:01 - 00002087 _____ C:\Users\Kojak\Downloads\My Heavies - Air and Ground.zip
2013-11-25 02:49 - 2013-11-18 21:05 - 00006052 _____ C:\Users\Kojak\Documents\rxpGnsSim.dll.log
2013-11-25 01:45 - 2013-11-18 21:01 - 00000000 ____D C:\ProgramData\Reality XP
2013-11-25 00:30 - 2013-11-25 00:29 - 00434176 _____ (TODO: <Company name>) C:\Users\Kojak\Downloads\fsxfix.exe
2013-11-25 00:25 - 2013-11-25 00:23 - 07082831 _____ (FSFDT) C:\Users\Kojak\Downloads\SetupFSInn13B2_3.exe
2013-11-25 00:24 - 2013-11-25 00:24 - 00000000 ____D C:\Users\Kojak\AppData\Roaming\EZCA
2013-11-25 00:24 - 2013-11-25 00:23 - 04502982 _____ (FSFDT) C:\Users\Kojak\Downloads\SetupFSCopilot17B2_4.exe
2013-11-25 00:24 - 2013-09-04 19:26 - 00000000 ____D C:\Program Files (x86)\EZCA
2013-11-24 23:19 - 2013-11-24 23:19 - 00000000 ____D C:\Users\Kojak\AppData\Local\Apple
2013-11-24 23:07 - 2013-11-24 23:07 - 00001009 _____ C:\Users\Kojak\Desktop\rex.exe - Shortcut.lnk
2013-11-24 23:05 - 2013-11-24 23:05 - 00000000 ____D C:\Users\Kojak\Desktop\FSUIPC 4.858
2013-11-19 02:21 - 2010-11-20 19:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-18 21:12 - 2013-11-18 21:12 - 00000000 ____D C:\Users\Kojak\Documents\rxpGnsSim
2013-11-18 21:10 - 2013-11-18 21:00 - 00000000 ____D C:\RealityXP
2013-11-18 21:01 - 2013-09-16 02:12 - 00000000 ____D C:\Program Files (x86)\Reality XP
2013-11-18 21:00 - 2013-07-08 05:55 - 00000000 ____D C:\Users\Kojak\AppData\Local\VirtualStore
2013-11-18 20:58 - 2013-11-18 20:56 - 12508243 _____ ( Flight1, Inc.) C:\Users\Kojak\Downloads\rxpGNS-430WAAS.exe
2013-11-18 19:35 - 2013-11-18 03:23 - 00033540 _____ C:\Users\Kojak\AppData\Local\parallels.log
2013-11-18 18:17 - 2013-11-18 18:17 - 00000651 _____ C:\Users\Kojak\Downloads\FixDesktop.reg
2013-11-18 18:02 - 2013-11-18 18:02 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Kojak\Downloads\unhide (2).exe
2013-11-18 17:59 - 2013-11-18 17:59 - 00326484 _____ C:\Users\Kojak\Downloads\win7-x64-sm-reset.exe
2013-11-18 17:56 - 2013-11-18 16:35 - 00002520 _____ C:\Users\Kojak\Desktop\unhide.txt
2013-11-18 17:46 - 2013-11-18 17:46 - 00891200 _____ C:\Users\Kojak\Downloads\SecurityCheck.exe
2013-11-18 17:41 - 2013-11-18 17:41 - 00000000 ____D C:\Users\Kojak\AppData\Roaming\Malwarebytes
2013-11-18 17:41 - 2013-11-18 17:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 17:40 - 2013-11-18 17:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Kojak\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-18 17:37 - 2013-11-18 17:37 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Kojak\Downloads\rkill.exe
2013-11-18 17:37 - 2013-11-18 17:37 - 00002964 _____ C:\Users\Kojak\Desktop\Rkill.txt
2013-11-18 17:37 - 2013-11-18 17:37 - 00000000 ____D C:\Users\Kojak\Desktop\rkill
2013-11-18 16:37 - 2013-11-18 16:37 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Kojak\Downloads\unhide (1).exe
2013-11-18 16:35 - 2013-11-18 16:35 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Kojak\Downloads\unhide.exe
2013-11-18 03:40 - 2013-11-18 03:40 - 00002267 _____ C:\Users\Kojak\Desktop\Google Chrome.lnk
2013-11-18 03:30 - 2013-07-08 16:55 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-18 03:30 - 2013-07-08 16:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-18 03:27 - 2013-11-18 03:20 - 00000000 ____D C:\Users\Kojak\AppData\Local\NVIDIA
2013-11-18 03:27 - 2013-07-08 16:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-18 03:23 - 2013-11-18 03:23 - 00060464 _____ C:\Users\Kojak\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-18 03:23 - 2013-11-18 03:23 - 00000020 ___SH C:\Users\Kojak\ntuser.ini
2013-11-18 03:23 - 2013-11-18 03:23 - 00000000 ____D C:\Users\Kojak\AppData\Roaming\DAEMON Tools Lite
2013-11-18 03:23 - 2013-07-14 19:10 - 00000000 ____D C:\ProgramData\Adobe
2013-11-18 03:23 - 2013-07-08 05:55 - 00000000 ____D C:\users\Kojak
2013-11-18 03:19 - 2013-11-18 03:19 - 00000000 ____D C:\9.3.21.0
2013-11-18 03:19 - 2013-08-29 23:15 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-11-18 03:19 - 2013-07-31 05:05 - 00000000 ___RD C:\Users\Kojak\Dropbox
2013-11-18 03:19 - 2013-07-09 03:28 - 00000000 ____D C:\Users\Kojak\AppData\Local\Google
2013-11-18 03:19 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Public\Libraries
2013-11-18 02:18 - 2013-09-04 02:40 - 00000000 ____D C:\Program Files (x86)\FS Recorder for FSX
2013-11-17 02:27 - 2013-11-17 01:59 - 00000000 ____D C:\Program Files (x86)\FSFDT
2013-11-16 00:58 - 2013-09-01 01:49 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-16 00:58 - 2013-09-01 01:49 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-16 00:58 - 2013-09-01 01:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-16 00:40 - 2013-07-08 05:59 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-11-16 00:38 - 2013-11-16 00:38 - 00000000 ____D C:\Windows\System32\appmgmt
2013-11-13 12:37 - 2013-07-08 23:44 - 00000000 ____D C:\Windows\Panther
2013-11-13 03:55 - 2013-08-09 03:25 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 03:55 - 2013-07-08 16:18 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-08 21:02 - 2013-11-08 21:02 - 00000000 _____ C:\Windows\setuperr.log
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2013-06-02 18:09] - [2013-06-02 18:09] - 0027136 ____A (Microsoft Corporation) DFDE777FAF31DC25E3624E8071073146
 
C:\Windows\SysWOW64\svchost.exe
[2013-06-02 18:09] - [2013-06-02 18:09] - 0021504 ____A (Microsoft Corporation) FFB38D8AFD6F4FCA1D46D64F1EDE0B9F
 
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-06-02 18:09] - [2013-06-02 18:09] - 0296808 ____A (Microsoft Corporation) DF83AA1C4278E2C0E36C0479C1555A9C
 
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 8098.7 MB
Available physical RAM: 7320.99 MB
Total Pagefile: 8096.9 MB
Available Pagefile: 7321.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (BOOTCAMP) (Fixed) (Total:27.94 GB) (Free:0.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (WININSTALL) (Removable) (Total:7.82 GB) (Free:3.96 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 234 GB) (Disk ID: 1F771FD1)
 
Partition: GPT Partition TypePartition 2: (Not Active) - (Size=205 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=28 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 5B5657BD)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)
 
 
LastRegBack: 2013-11-30 00:13
 
==================== End Of Log ============================


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 02 December 2013 - 07:49 PM

Do you know the date you updated the Nvidia drivers?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 cencored

cencored
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 02 December 2013 - 09:00 PM

Around Nov 18 sounds about right.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 02 December 2013 - 10:55 PM

Please attempt to boot into Safe Mode and tell me what happens.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 cencored

cencored
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 02 December 2013 - 11:01 PM

It boots into safe mode without problems. Still the icons are still gone and the black background too.

I should mention that I have outsourced the windows temp folder to an external hdd due to a very small OS parition that I use on this computer for win 7.

At no time though was the external hdd not connected though.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 02 December 2013 - 11:10 PM

Thanks. We are going to attempt to do a System Restore to a point prior to the installation of the Nvidia drivers. It is possible there may be no Restore Points.

===================================================

Selecting Previous System Restore Point in Windows 7 Safe Mode

--------------------
  • Restart your computer
  • When the machine first starts gently tap the F8 key repeatedly until you are presented with a Advanced Boot Options menu
  • Select the option for Safe Mode using the arrow keys
  • Click on Start, Control Panel, then System
  • Click on System Protection in the left-hand task list
  • Click on the System Restore button, then click Next
  • Put a check mark in Show more restore points
  • If available, select a Restore Point prior to November 18th
  • Click Next, then Finish
  • If System Restore was an option, please reboot into Normal Mode and check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 cencored

cencored
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 02 December 2013 - 11:14 PM

Yes system restore was my first thought too, however I had switched off system restore (As it uses up space on the disk). Therefore unfortunately it was not an option (i checked).

 

Do you think this is a virus that hid my app data folder, pictures folder etc somewhere? unhide wasn't able to detect it...

thank you.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 02 December 2013 - 11:18 PM

I was afraid of no System Restore Points.  The Farbar Recovery Scan Tool report was indicating none were present.  I will be turning off my computer shortly but I would like you to do this please.  I will check the results in the morning. 
 
Not sure it is a virus.  It may be an operating system corruption.
 
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 cencored

cencored
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 02 December 2013 - 11:39 PM

ok here it is:

 

ComboFix 13-12-01.01 - Kojak 12/03/2013  15:45:19.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8099.6598 [GMT 11:00]
Running from: C:\Users\Kojak\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 * Resident AV is active
 
 
 
(((((((((((((((((((((((((   Files Created from 2013-11-03 to 2013-12-03  )))))))))))))))))))))))))))))))
 
 
2013-12-03 04:49:28 . 2013-12-03 04:49:28 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-12-02 07:18:41 . 2013-11-08 03:12:00 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{483E13BB-0306-43FD-9AA8-1DCF520C65CA}\mpengine.dll
2013-12-02 07:10:28 . 2013-12-02 07:10:28 -------- d-----w- C:\FRST
2013-11-30 07:59:28 . 2013-11-08 03:12:00 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-27 21:37:55 . 2013-11-27 21:37:55 -------- d-----w- C:\Users\Kojak\AppData\Roaming\NVIDIA
2013-11-27 20:33:46 . 2013-11-27 20:48:21 -------- d-----w- C:\Program Files (x86)\NaturalPoint
2013-11-26 08:56:07 . 2013-11-26 08:56:07 -------- d-----w- C:\Users\Kojak\AppData\Local\SmartTechnology
2013-11-26 06:19:07 . 2013-10-14 07:00:00 28368 ----a-w- C:\Windows\system32\IEUDINIT.EXE
2013-11-25 08:24:19 . 2013-11-25 08:24:19 -------- d-----w- C:\Users\Kojak\AppData\Roaming\EZCA
2013-11-25 07:19:54 . 2013-11-25 07:19:54 -------- d-----w- C:\Users\Kojak\AppData\Local\Apple
2013-11-19 05:01:38 . 2013-11-25 09:45:07 -------- d-----w- C:\ProgramData\Reality XP
2013-11-19 05:00:47 . 2013-11-19 05:10:15 -------- d-----w- C:\RealityXP
2013-11-19 02:27:52 . 2013-11-19 02:27:33 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C059579C-B46B-467C-AF06-D02D782ABD61}\gapaengine.dll
2013-11-19 01:41:26 . 2013-11-19 01:41:26 -------- d-----w- C:\Users\Kojak\AppData\Roaming\Malwarebytes
2013-11-19 01:41:21 . 2013-11-19 01:41:21 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-19 01:41:04 . 2013-11-19 01:41:04 -------- d-----w- C:\Users\Kojak\AppData\Local\Programs
2013-11-18 11:23:26 . 2013-11-18 11:23:26 -------- d-----w- C:\Users\Kojak\AppData\Roaming\DAEMON Tools Lite
2013-11-18 11:20:02 . 2013-11-18 11:27:08 -------- d-----w- C:\Users\Kojak\AppData\Local\NVIDIA
2013-11-18 11:19:39 . 2013-11-18 11:19:40 -------- d-----w- C:\9.3.21.0
2013-11-17 09:59:24 . 2013-11-17 10:27:30 -------- d-----w- C:\Program Files (x86)\FSFDT
2013-11-16 08:38:20 . 2013-11-16 08:38:20 -------- d-----w- C:\Windows\system32\appmgmt
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2013-11-19 10:21:41 . 2010-11-21 03:27:21 267936 ------w- C:\Windows\system32\MpSigStub.exe
2013-11-13 11:55:01 . 2013-07-09 00:18:08 82896128 ----a-w- C:\Windows\system32\MRT.exe
2013-09-26 22:53:06 . 2013-09-26 22:53:06 248240 ----a-w- C:\Windows\system32\drivers\MpFilter.sys
2013-09-26 22:53:06 . 2013-01-20 13:59:04 134944 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
2013-09-16 13:17:16 . 2013-09-16 13:17:28 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-14 02:20:55 . 2013-10-09 07:11:59 376768 ----a-w- C:\Windows\system32\drivers\netio.sys
2013-09-12 08:58:10 . 2013-09-20 11:55:10 9281032 ----a-w- C:\Windows\system32\nvcuda.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 7720576 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 7648000 ----a-w- C:\Windows\system32\nvopencl.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 681760 ----a-w- C:\Windows\system32\NvFBC64.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 6329552 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 603424 ----a-w- C:\Windows\system32\NvIFR64.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 586016 ----a-w- C:\Windows\SysWow64\NvFBC.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 515360 ----a-w- C:\Windows\SysWow64\NvIFR.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 458528 ----a-w- C:\Windows\system32\nvEncodeAPI64.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 388384 ----a-w- C:\Windows\SysWow64\nvEncodeAPI.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 2970400 ----a-w- C:\Windows\system32\nvcuvid.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 29337376 ----a-w- C:\Windows\system32\nvoglv64.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 2789152 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 25256224 ----a-w- C:\Windows\system32\nvcompiler.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 2367264 ----a-w- C:\Windows\system32\nvcuvenc.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 22102304 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 2007328 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 1884448 ----a-w- C:\Windows\system32\nvdispco6432723.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 17560352 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 15901448 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 15703688 ----a-w- C:\Windows\system32\nvd3dumx.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 1511712 ----a-w- C:\Windows\system32\nvdispgenco6432723.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 13628208 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2013-09-12 08:58:10 . 2013-09-20 11:55:10 11274528 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2013-09-12 08:58:10 . 2013-07-09 00:54:55 61216 ----a-w- C:\Windows\system32\OpenCL.dll
2013-09-12 08:58:10 . 2013-07-09 00:54:55 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-09-12 08:58:10 . 2013-07-09 00:54:35 2986672 ----a-w- C:\Windows\system32\nvapi64.dll
2013-09-12 08:58:10 . 2013-07-09 00:54:35 2630304 ----a-w- C:\Windows\SysWow64\nvapi.dll
2013-09-12 08:58:10 . 2013-07-09 00:54:35 12947360 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2013-09-12 07:25:43 . 2013-07-09 00:55:02 6599968 ----a-w- C:\Windows\system32\nvcpl.dll
2013-09-12 07:25:43 . 2013-07-09 00:55:02 3452192 ----a-w- C:\Windows\system32\nvsvc64.dll
2013-09-12 07:25:40 . 2013-07-09 00:55:02 920864 ----a-w- C:\Windows\system32\nvvsvc.exe
2013-09-12 07:25:40 . 2013-07-09 00:55:02 63776 ----a-w- C:\Windows\system32\nvshext.dll
2013-09-12 07:25:40 . 2013-07-09 00:55:02 2559776 ----a-w- C:\Windows\system32\nvsvcr.dll
2013-09-12 07:25:40 . 2013-07-09 00:55:02 219424 ----a-w- C:\Windows\system32\nvmctray.dll
2013-09-11 15:17:50 . 2013-09-11 15:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-09-08 02:27:14 . 2013-10-09 07:11:59 327168 ----a-w- C:\Windows\system32\mswsock.dll
2013-09-08 02:03:58 . 2013-10-09 07:11:59 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-07 02:27:48 . 2013-10-09 07:11:59 1896896 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-09-07 02:27:37 . 2013-10-09 07:11:59 288192 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-09-04 12:12:11 . 2013-10-09 07:11:56 343040 ----a-w- C:\Windows\system32\drivers\usbhub.sys
2013-09-04 12:11:51 . 2013-10-09 07:11:56 325120 ----a-w- C:\Windows\system32\drivers\usbport.sys
2013-09-04 12:11:49 . 2013-10-09 07:11:56 99840 ----a-w- C:\Windows\system32\drivers\usbccgp.sys
2013-09-04 12:11:43 . 2013-10-09 07:11:56 52736 ----a-w- C:\Windows\system32\drivers\usbehci.sys
2013-09-04 12:11:43 . 2013-10-09 07:11:56 30720 ----a-w- C:\Windows\system32\drivers\usbuhci.sys
2013-09-04 12:11:42 . 2013-10-09 07:11:56 25600 ----a-w- C:\Windows\system32\drivers\usbohci.sys
2013-09-04 12:11:40 . 2013-10-09 07:11:56 7808 ----a-w- C:\Windows\system32\drivers\usbd.sys
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
 
R1 prl_fs;Parallels Shared Folders;C:\Windows\system32\DRIVERS\prl_fs.sys;C:\Windows\SYSNATIVE\DRIVERS\prl_fs.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Parallels Coherence Service;Parallels Coherence Service;C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe;C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe;C:\Program Files\Microsoft Security Client\NisSrv.exe [x]
R3 npusbio;npusbio;C:\Windows\system32\Drivers\npusbio_x64.sys;C:\Windows\SYSNATIVE\Drivers\npusbio_x64.sys [x]
R3 prl_dd;Parallels Display Adapter (WDDM);C:\Windows\system32\DRIVERS\prl_kmdd.sys;C:\Windows\SYSNATIVE\DRIVERS\prl_kmdd.sys [x]
R3 prl_memdev;prl_memdev;C:\Windows\system32\DRIVERS\prl_memdev.sys;C:\Windows\SYSNATIVE\DRIVERS\prl_memdev.sys [x]
R3 prl_mouf;Parallels Mouse Synchronization Device;C:\Windows\system32\DRIVERS\prl_mouf.sys;C:\Windows\SYSNATIVE\DRIVERS\prl_mouf.sys [x]
R3 prl_sound;Parallels Audio Controller;C:\Windows\system32\DRIVERS\prl_sound.sys;C:\Windows\SYSNATIVE\DRIVERS\prl_sound.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SaiH0763;SaiH0763;C:\Windows\system32\DRIVERS\SaiH0763.sys;C:\Windows\SYSNATIVE\DRIVERS\SaiH0763.sys [x]
R3 SaiH0BAC;SaiH0BAC;C:\Windows\system32\DRIVERS\SaiH0BAC.sys;C:\Windows\SYSNATIVE\DRIVERS\SaiH0BAC.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys;C:\Windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 prl_pv64;prl_pv64;C:\Windows\system32\DRIVERS\prl_pv64.sys;C:\Windows\SYSNATIVE\DRIVERS\prl_pv64.sys [x]
S0 prl_strg;Parallels paravirt disk filter;C:\Windows\system32\DRIVERS\prl_strg.sys;C:\Windows\SYSNATIVE\DRIVERS\prl_strg.sys [x]
S0 prl_tg;Parallels Tool Device;C:\Windows\system32\DRIVERS\prl_tg.sys;C:\Windows\SYSNATIVE\DRIVERS\prl_tg.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 prl_boot;Parallels BootCamp Helper;C:\Windows\system32\Drivers\prl_boot.sys;C:\Windows\SYSNATIVE\Drivers\prl_boot.sys [x]
S2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe;C:\Windows\SYSNATIVE\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe;C:\Windows\SYSNATIVE\AppleTimeSrv.exe [x]
S2 KeyAgent;KeyAgent;C:\Windows\system32\drivers\KeyAgent.sys;C:\Windows\SYSNATIVE\drivers\KeyAgent.sys [x]
S2 MacHALDriver;Mac HAL;C:\Windows\system32\drivers\MacHALDriver.sys;C:\Windows\SYSNATIVE\drivers\MacHALDriver.sys [x]
S2 Parallels Tools Service;Parallels Tools Service;C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe;C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe [x]
S2 prl_time;Parallels Time Synchronization Helper;C:\Windows\system32\drivers\prl_time.sys;C:\Windows\SYSNATIVE\drivers\prl_time.sys [x]
S2 prl_uprof;Parallels User Profile Service;C:\Windows\system32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x]
S2 PrlVssProvider;PrlVssProvider;C:\Windows\system32\dllhost.exe;C:\Windows\SYSNATIVE\dllhost.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\system32\DRIVERS\AppleBtBc.sys;C:\Windows\SYSNATIVE\DRIVERS\AppleBtBc.sys [x]
S3 applemtm;Apple Multitouch Mouse;C:\Windows\system32\DRIVERS\applemtm.sys;C:\Windows\SYSNATIVE\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;C:\Windows\system32\DRIVERS\applemtp.sys;C:\Windows\SYSNATIVE\DRIVERS\applemtp.sys [x]
S3 B57ports;Broadcom Simple Communications Device;C:\Windows\system32\DRIVERS\b57ports.sys;C:\Windows\SYSNATIVE\DRIVERS\b57ports.sys [x]
S3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys;C:\Windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 CirrusFilter;CS420xLowerFilter;C:\Windows\system32\DRIVERS\CS420x64.sys;C:\Windows\SYSNATIVE\DRIVERS\CS420x64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys;C:\Windows\SYSNATIVE\DRIVERS\KeyMagic.sys [x]
 
 
Contents of the 'Scheduled Tasks' folder
 
2013-12-02 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-09 11:28:04 . 2013-07-09 11:28:02]
 
2013-12-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-09 11:28:04 . 2013-07-09 11:28:02]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PrlToolsShellExt]
@="{456C7CE2-DAAA-4333-A715-898D4671BBD4}"
[HKEY_CLASSES_ROOT\CLSID\{456C7CE2-DAAA-4333-A715-898D4671BBD4}]
2013-06-16 18:41:14 277248 ----a-w- C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
prl_uprof
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.103.22 192.168.103.34
 
 
--------------------- LOCKED REGISTRY KEYS ---------------------
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
 
Completion time: 2013-12-03  15:51:02
ComboFix-quarantined-files.txt  2013-12-03 04:51:02
 
Pre-Run: 321,466,368 bytes free
Post-Run: 145,838,080 bytes free
 
- - End Of File - - 1D3C6B02808EBA4C1714A876C8769DA5
A36C5E4F47E84449FF07ED3517B43A31

Edited by cencored, 02 December 2013 - 11:55 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:01 AM

Posted 03 December 2013 - 09:21 AM

Thanks for going through that and posting the information. Although there is one folder I want to follow up on, I do not see any evidence of malware. A couple of things please.

===================================================

Troubleshooting Through Device Manager

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Display Adapters section by clicking + sign
  • Please list all the entries located under this category
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
C:\9.3.21.0 /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. If necessary please zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • List of Display Adapter entries
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users