Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Will not load outside of safe mode


  • This topic is locked This topic is locked
23 replies to this topic

#1 ZcarEnthusiast5

ZcarEnthusiast5

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 15 February 2014 - 10:31 PM

PC will boot, but will not load once logged in. It will login in safe mode.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16428
Run by the cook at 20:44:07 on 2014-02-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2807.2137 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: <No Name>: {55b8f6ed-2800-4f27-974a-80ef13a91083} -
uURLSearchHooks: <No Name>: {8ba2cfef-a1bc-4964-aadc-33be1ae5a33c} -
uURLSearchHooks: <No Name>: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} -
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: <No Name>: {a8625cb7-85fe-4936-92a4-b2a7c925209e} -
uURLSearchHooks: <No Name>: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} -
dURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} -
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Toolbar BHO: {664a876f-a887-4016-abb7-423f1129d6ca} - C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8bar.dll
BHO: ArcadeFrontier Addon: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - C:\Users\the cook\AppData\Local\ArcadeFrontier\ArcadeFrontier.dll
BHO: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Toolbar BHO: {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
BHO: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\the cook\AppData\Local\ArcadeCandy\candyEX.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Toolbar BHO: {dc9051c2-8f55-479a-97a4-747980d9047f} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbar.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: MyFunCards: {4B3B7746-935C-48E9-95CD-A855419CDEF0} - C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8bar.dll
TB: WeatherBlink: {F20DE5E0-2A6E-4C54-985F-1CF59551CE39} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbar.dll
TB: TotalRecipeSearch: {A0154E07-2B48-475C-A82A-80EFD84EA33E} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -
TB: MyFunCards: {4b3b7746-935c-48e9-95cd-a855419cdef0} - C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8bar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: WeatherBlink: {f20de5e0-2a6e-4c54-985f-1cf59551ce39} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbar.dll
TB: TotalRecipeSearch: {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll
TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3C42Q68V05X4:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [MyFunCardsbarIE Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\c8brmon.exe
mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun: [WeatherBlink Browser Plugin Loader] C:\PROGRA~2\WEATHE~2\bar\1.bin\gcbrmon.exe
mRun: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h
mRun: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe
mRun: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
mRun: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
mRun: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{58C726EF-830D-4242-803E-0980299852EE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{58C726EF-830D-4242-803E-0980299852EE}\2656C6B696E6E2433336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{58C726EF-830D-4242-803E-0980299852EE}\E45445745414250313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BD96AD06-2A37-43F6-A4DB-17C4E56F5352} : DHCPNameServer = 168.95.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\the cook\AppData\Roaming\Mozilla\Firefox\Profiles\z0fkviz5.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
FF - plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
FF - plugin: C:\Program Files (x86)\WeatherBlink\bar\1.bin\NPgcStub.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-10-1 46368]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-9-30 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-30 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2014-2-15 67584]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-30 321104]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-10-18 868896]
S2 GamingWonderlandService;GamingWonderlandService;C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe [2012-7-3 42504]
S2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-30 13336]
S2 MapsGalaxy_39Service;MapsGalaxyService;C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [2012-11-3 42504]
S2 MyFunCardsbarIEService;MyFunCards Service;C:\PROGRA~2\MYFUNC~2\bar\1.bin\c8barsvc.exe [2011-3-20 28766]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2011-7-2 34320]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 TotalRecipeSearch_14Service;TotalRecipeSearchService;C:\PROGRA~2\TOTALR~2\bar\1.bin\14barsvc.exe [2011-10-18 42504]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-30 2320920]
S2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-30 243232]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-9 1771544]
S2 WeatherBlinkService;WeatherBlinkService;C:\PROGRA~2\WEATHE~2\bar\1.bin\gcbarsvc.exe [2011-8-27 42504]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-19 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-30 158976]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-30 287232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-29 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-30 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-29 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-13 1255736]
.
=============== Created Last 30 ================
.
2014-02-16 02:27:58    --------    d-----w-    C:\Program Files (x86)\Cobian Backup 11
2014-02-15 02:34:21    --------    d-----w-    C:\Users\the cook\AppData\Local\Mozilla
2014-02-14 06:27:11    --------    d-----w-    C:\Users\the cook\AppData\Roaming\Malwarebytes
2014-02-14 06:24:07    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-02-14 06:24:07    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 05:47:24    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-02-14 05:47:19    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-14 05:46:36    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-29 00:13:36    --------    d-----w-    C:\ProgramData\Visan
2014-01-29 00:13:36    --------    d-----w-    C:\ProgramData\HP Photo Creations
2014-01-29 00:13:36    --------    d-----w-    C:\Program Files (x86)\HP Photo Creations
2014-01-29 00:13:15    --------    d-----w-    C:\Users\the cook\AppData\Roaming\HpUpdate
2014-01-29 00:12:46    762400    ------w-    C:\Windows\System32\HPDiscoPMC511.dll
2014-01-29 00:11:27    --------    d-----w-    C:\Program Files (x86)\HP
2014-01-29 00:10:21    --------    d-----w-    C:\Program Files\HP
2014-01-29 00:09:28    --------    d-----w-    C:\Users\the cook\AppData\Local\HP
.
==================== Find3M  ====================
.
2014-02-05 14:42:35    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 14:42:35    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-17 11:02:04    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-17 11:02:04    194048    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2013-11-27 01:41:37    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 20:47:06.37 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 ZcarEnthusiast5

ZcarEnthusiast5
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 16 February 2014 - 08:14 PM

I am not able to turn on firewall. The laptop will not start outside of safemode. It just sits at the welcome screen after logging in. Tried to install a spyware removal tool and it would get all the way to 'creating startup icons' and then never finish. Any help is appreciated.

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 17 February 2014 - 09:46 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Ask Toolbar
AVG Security Toolbar
Dogpile Bundle Toolbar
GamingWonderland Toolbar
MapsGalaxy Toolbar
My Web Search
MyFunCards
Skype Toolbars
TotalRecipeSearch


Close the window.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 ZcarEnthusiast5

ZcarEnthusiast5
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 17 February 2014 - 07:14 PM

Thank you for you help. I will begin the steps as soon as possible.

#5 ZcarEnthusiast5

ZcarEnthusiast5
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 18 February 2014 - 05:25 PM

I began the removal process on those toolbars and as I was trying to uninstall one of them, the PC locked up. I had to restart and when I did the PC would not boot in safe mode. After waiting for it to start the windows repair application came up. It tried to repair and would not let me cancel. The repair failed and it continues to do that every time I try to start it uo.

#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 19 February 2014 - 07:06 AM

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 ZcarEnthusiast5

ZcarEnthusiast5
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 19 February 2014 - 07:04 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by SYSTEM on MININT-1JI4G42 on 19-02-2014 18:02:27
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-12] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [258304 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Camera Assistant Software] - C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2010-07-06] (Chicony)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [MyFunCardsbarIE Browser Plugin Loader] - C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8brmon.exe [20480 2011-03-20] (MyFunCards)
HKLM-x32\...\Run: [My Web Search Bar Search Scope Monitor] - C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE [34336 2011-07-02] (MyWebSearch.com)
HKLM-x32\...\Run: [MyWebSearch Email Plugin] - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE [38408 2011-07-02] (MyWebSearch.com)
HKLM-x32\...\Run: [WeatherBlink Browser Plugin Loader] - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbrmon.exe [30096 2011-08-27] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [TotalRecipeSearch Search Scope Monitor] - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe [38440 2011-10-18] (MindSpark)
HKLM-x32\...\Run: [TotalRecipeSearch_14 Browser Plugin Loader] - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe [30096 2011-10-18] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [InstaLAN] - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [MapsGalaxy Search Scope Monitor] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [42536 2012-11-03] (MindSpark)
HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe [30096 2012-11-03] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2552856 2014-02-04] ()
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Cobian Backup 11 interface] - C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\the cook\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-25] (Google Inc.)
HKU\the cook\...\Run: [MyWebSearch Email Plugin] - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE [38408 2011-07-02] (MyWebSearch.com)
HKU\the cook\...\Run: [DW7] - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-07-18] (The Weather Channel)
HKU\the cook\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\the cook\...\Run: [HP ENVY 4500 series (NET)] - C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) =================

S2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
S2 MapsGalaxy_39Service; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [42504 2012-11-03] (COMPANYVERS_NAME)
S2 MyFunCardsbarIEService; C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8barsvc.exe [28766 2011-03-20] (MyFunCards)
S2 MyWebSearchService; C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE [34320 2011-07-02] (MyWebSearch.com)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 TotalRecipeSearch_14Service; C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe [42504 2011-10-18] (COMPANYVERS_NAME)
S2 WeatherBlinkService; C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbarsvc.exe [42504 2011-08-27] (COMPANYVERS_NAME)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]

==================== Drivers (Whitelisted) ====================

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-09-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-09] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
S0 rjaty; System32\drivers\imofugc.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-19 18:02 - 2014-02-19 18:02 - 00000000 ____D () C:\FRST
2014-02-15 19:21 - 2014-02-15 19:21 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-15 19:21 - 2014-02-15 19:21 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-15 19:21 - 2014-02-15 19:21 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-02-15 19:15 - 2014-02-15 19:15 - 00001294 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-15 19:14 - 2014-02-15 19:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-15 19:14 - 2013-09-20 08:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-02-15 19:09 - 2014-02-15 19:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 19:08 - 2014-02-15 19:08 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\the cook\Downloads\spybot-2.2.exe
2014-02-15 18:47 - 2014-02-15 18:47 - 00034880 _____ () C:\Users\the cook\Desktop\attach.txt
2014-02-15 18:47 - 2014-02-15 18:47 - 00021941 _____ () C:\Users\the cook\Desktop\dds.txt
2014-02-15 18:43 - 2014-02-15 18:44 - 00688992 ____R (Swearware) C:\Users\the cook\Downloads\dds.com
2014-02-15 18:42 - 2014-02-15 18:42 - 00543016 _____ (Fusion Install ) C:\Users\the cook\Downloads\Setup.exe
2014-02-15 18:27 - 2014-02-15 18:42 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-02-15 18:23 - 2014-02-15 18:24 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\the cook\Downloads\cbSetup.exe
2014-02-14 18:46 - 2014-02-14 18:46 - 00018270 _____ () C:\Users\the cook\Downloads\hijackthis.log
2014-02-14 18:44 - 2014-02-14 18:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\the cook\Downloads\HijackThis.exe
2014-02-14 18:36 - 2014-02-14 18:36 - 01402880 _____ () C:\Users\the cook\Downloads\HijackThis.msi
2014-02-14 18:34 - 2014-02-14 18:34 - 00001062 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-14 18:34 - 2014-02-14 18:34 - 00000000 ____D () C:\Users\the cook\AppData\Local\Mozilla
2014-02-14 18:33 - 2014-02-14 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 18:33 - 2014-02-14 18:33 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-14 18:33 - 2014-02-14 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-13 22:27 - 2014-02-13 22:27 - 00000000 ____D () C:\Users\the cook\AppData\Roaming\Malwarebytes
2014-02-13 22:26 - 2014-02-13 22:26 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-13 22:24 - 2014-02-13 22:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 22:24 - 2013-04-04 12:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-02-13 21:47 - 2014-02-13 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 21:47 - 2014-02-13 21:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-13 21:46 - 2014-02-14 08:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-02-13 21:46 - 2014-02-13 22:07 - 00000000 ____D () C:\Users\the cook\Desktop\mbar
2014-02-11 23:04 - 2014-02-11 23:04 - 00003288 ____N () C:\bootsqm.dat
2014-01-28 16:13 - 2014-02-11 21:25 - 00000000 ____D () C:\Users\the cook\AppData\Roaming\HpUpdate
2014-01-28 16:13 - 2014-01-28 16:13 - 00003612 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP ENVY 4500 series
2014-01-28 16:13 - 2014-01-28 16:13 - 00002002 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-28 16:13 - 2014-01-28 16:13 - 00000000 ____D () C:\ProgramData\Visan
2014-01-28 16:13 - 2014-01-28 16:13 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-01-28 16:13 - 2014-01-28 16:13 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-01-28 16:13 - 2014-01-28 16:13 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-28 16:12 - 2014-01-28 16:12 - 00002183 _____ () C:\Users\Public\Desktop\HP ENVY 4500 series.lnk
2014-01-28 16:12 - 2014-01-28 16:12 - 00001145 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 4500 series.lnk
2014-01-28 16:12 - 2013-08-13 11:42 - 00762400 ____N (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPMC511.dll
2014-01-28 16:11 - 2014-01-28 16:13 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-28 16:11 - 2014-01-28 16:11 - 00000000 ____D () C:\ProgramData\HP
2014-01-28 16:10 - 2014-01-28 16:10 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-01-28 16:10 - 2014-01-28 16:10 - 00000000 ____D () C:\Program Files\HP
2014-01-28 16:09 - 2014-01-28 16:15 - 00000000 ____D () C:\Users\the cook\AppData\Local\HP

==================== One Month Modified Files and Folders =======

2014-02-19 18:02 - 2014-02-19 18:02 - 00000000 ____D () C:\FRST
2014-02-18 07:45 - 2011-01-29 18:27 - 00289978 _____ () C:\Windows\PFRO.log
2014-02-18 07:20 - 2013-10-01 19:25 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-02-18 07:20 - 2013-10-01 19:25 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-02-18 07:16 - 2012-01-21 06:21 - 00000000 ____D () C:\Program Files (x86)\Dogpile Bundle Toolbar
2014-02-15 19:21 - 2014-02-15 19:21 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-15 19:21 - 2014-02-15 19:21 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-15 19:21 - 2014-02-15 19:21 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-02-15 19:21 - 2014-02-15 19:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 19:15 - 2014-02-15 19:15 - 00001294 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-15 19:14 - 2014-02-15 19:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-15 19:08 - 2014-02-15 19:08 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\the cook\Downloads\spybot-2.2.exe
2014-02-15 18:47 - 2014-02-15 18:47 - 00034880 _____ () C:\Users\the cook\Desktop\attach.txt
2014-02-15 18:47 - 2014-02-15 18:47 - 00021941 _____ () C:\Users\the cook\Desktop\dds.txt
2014-02-15 18:44 - 2014-02-15 18:43 - 00688992 ____R (Swearware) C:\Users\the cook\Downloads\dds.com
2014-02-15 18:42 - 2014-02-15 18:42 - 00543016 _____ (Fusion Install ) C:\Users\the cook\Downloads\Setup.exe
2014-02-15 18:42 - 2014-02-15 18:27 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-02-15 18:24 - 2014-02-15 18:23 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\the cook\Downloads\cbSetup.exe
2014-02-14 18:46 - 2014-02-14 18:46 - 00018270 _____ () C:\Users\the cook\Downloads\hijackthis.log
2014-02-14 18:44 - 2014-02-14 18:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\the cook\Downloads\HijackThis.exe
2014-02-14 18:36 - 2014-02-14 18:36 - 01402880 _____ () C:\Users\the cook\Downloads\HijackThis.msi
2014-02-14 18:34 - 2014-02-14 18:34 - 00001062 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-14 18:34 - 2014-02-14 18:34 - 00000000 ____D () C:\Users\the cook\AppData\Local\Mozilla
2014-02-14 18:34 - 2014-02-14 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 18:33 - 2014-02-14 18:33 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-14 18:33 - 2014-02-14 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 18:23 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 18:23 - 2009-07-13 20:51 - 00049560 _____ () C:\Windows\setupact.log
2014-02-14 17:55 - 2009-07-13 21:13 - 00779306 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-14 17:48 - 2011-01-25 19:03 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 17:45 - 2010-10-18 14:53 - 02093526 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 17:17 - 2011-01-10 03:47 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-14 17:13 - 2011-01-25 19:02 - 00000000 ____D () C:\Users\the cook\AppData\Roaming\Skype
2014-02-14 17:05 - 2013-09-25 14:17 - 00000280 _____ () C:\Windows\Tasks\ArcadeFrontier.job
2014-02-14 17:01 - 2013-11-03 08:55 - 00001902 _____ () C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job
2014-02-14 17:01 - 2013-11-03 08:55 - 00001358 _____ () C:\Windows\Tasks\SuperLyrics-16-updater.job
2014-02-14 17:01 - 2013-11-03 08:55 - 00001264 _____ () C:\Windows\Tasks\SuperLyrics-16-codedownloader.job
2014-02-14 17:01 - 2013-11-03 08:55 - 00001164 _____ () C:\Windows\Tasks\SuperLyrics-16-enabler.job
2014-02-14 17:01 - 2012-05-13 12:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-14 17:01 - 2011-01-25 19:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 12:23 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 12:18 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 08:20 - 2014-02-13 21:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-02-13 22:27 - 2014-02-13 22:27 - 00000000 ____D () C:\Users\the cook\AppData\Roaming\Malwarebytes
2014-02-13 22:26 - 2014-02-13 22:26 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-13 22:26 - 2014-02-13 22:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 22:07 - 2014-02-13 21:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 22:07 - 2014-02-13 21:46 - 00000000 ____D () C:\Users\the cook\Desktop\mbar
2014-02-13 22:07 - 2011-01-26 09:05 - 00000000 ____D () C:\Program Files (x86)\PlaySushi
2014-02-13 21:47 - 2014-02-13 21:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 06:50 - 2013-10-01 19:26 - 00000000 ____D () C:\Users\the cook\AppData\Local\AVG Secure Search
2014-02-11 23:04 - 2014-02-11 23:04 - 00003288 ____N () C:\bootsqm.dat
2014-02-11 21:25 - 2014-01-28 16:13 - 00000000 ____D () C:\Users\the cook\AppData\Roaming\HpUpdate
2014-02-11 14:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-02-10 18:03 - 2011-08-31 19:47 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8B486438-C005-424D-A925-B845B4C90839}
2014-02-06 15:08 - 2012-01-28 18:44 - 00000000 ____D () C:\Users\the cook\AppData\Local\CrashDumps
2014-02-05 06:42 - 2012-05-13 12:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 06:42 - 2012-05-13 12:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 06:42 - 2012-01-28 13:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 16:20 - 2013-07-16 09:15 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-01-28 16:15 - 2014-01-28 16:09 - 00000000 ____D () C:\Users\the cook\AppData\Local\HP
2014-01-28 16:13 - 2014-01-28 16:13 - 00003612 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP ENVY 4500 series
2014-01-28 16:13 - 2014-01-28 16:13 - 00002002 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-28 16:13 - 2014-01-28 16:13 - 00000000 ____D () C:\ProgramData\Visan
2014-01-28 16:13 - 2014-01-28 16:13 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-01-28 16:13 - 2014-01-28 16:13 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-01-28 16:13 - 2014-01-28 16:13 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-28 16:13 - 2014-01-28 16:11 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-28 16:12 - 2014-01-28 16:12 - 00002183 _____ () C:\Users\Public\Desktop\HP ENVY 4500 series.lnk
2014-01-28 16:12 - 2014-01-28 16:12 - 00001145 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 4500 series.lnk
2014-01-28 16:11 - 2014-01-28 16:11 - 00000000 ____D () C:\ProgramData\HP
2014-01-28 16:10 - 2014-01-28 16:10 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-01-28 16:10 - 2014-01-28 16:10 - 00000000 ____D () C:\Program Files\HP

Some content of TEMP:
====================
C:\Users\the cook\AppData\Local\Temp\apnpip.exe
C:\Users\the cook\AppData\Local\Temp\atomic-clock.exe
C:\Users\the cook\AppData\Local\Temp\avguidx.dll
C:\Users\the cook\AppData\Local\Temp\BackupSetup.exe
C:\Users\the cook\AppData\Local\Temp\bubblebonanza-510005413-setup.s510005413.c110268333.len.u.dl.exe
C:\Users\the cook\AppData\Local\Temp\COMAP.EXE
C:\Users\the cook\AppData\Local\Temp\install_helper.exe
C:\Users\the cook\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\the cook\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\the cook\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\the cook\AppData\Local\Temp\nsdD6C1.exe
C:\Users\the cook\AppData\Local\Temp\nsi7235.exe
C:\Users\the cook\AppData\Local\Temp\nsiFE12.exe
C:\Users\the cook\AppData\Local\Temp\nss8D5F.exe
C:\Users\the cook\AppData\Local\Temp\nswA3A7.exe
C:\Users\the cook\AppData\Local\Temp\oi_{CD6B3FF9-53F6-4ADB-BB59-E4BC4AB011D1}.exe
C:\Users\the cook\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\the cook\AppData\Local\Temp\SkypeSetup.exe
C:\Users\the cook\AppData\Local\Temp\SPStub.exe
C:\Users\the cook\AppData\Local\Temp\tbappb.dll
C:\Users\the cook\AppData\Local\Temp\tbSea2.dll
C:\Users\the cook\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\the cook\AppData\Local\Temp\vcredist_x64.exe
C:\Users\the cook\AppData\Local\Temp\vcredist_x86.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2806.71 MB
Available physical RAM: 2162.66 MB
Total Pagefile: 2804.86 MB
Available Pagefile: 2158.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:237.09 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.92 GB) NTFS
Drive h: () (Removable) (Total:59.62 GB) (Free:48.37 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 20EA73FE)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 60 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=60 GB) - (Type=07 NTFS)


LastRegBack: 2014-02-11 22:53

==================== End Of Log ============================



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 20 February 2014 - 08:05 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM-x32\...\Run: [MyFunCardsbarIE Browser Plugin Loader] - C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8brmon.exe [20480 2011-03-20] (MyFunCards)
    HKLM-x32\...\Run: [My Web Search Bar Search Scope Monitor] - C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE [34336 2011-07-02] (MyWebSearch.com)
    HKLM-x32\...\Run: [MyWebSearch Email Plugin] - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE [38408 2011-07-02] (MyWebSearch.com)
    HKLM-x32\...\Run: [WeatherBlink Browser Plugin Loader] - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbrmon.exe [30096 2011-08-27] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [TotalRecipeSearch Search Scope Monitor] - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe [38440 2011-10-18] (MindSpark)
    HKLM-x32\...\Run: [TotalRecipeSearch_14 Browser Plugin Loader] - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe [30096 2011-10-18] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [MapsGalaxy Search Scope Monitor] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [42536 2012-11-03] (MindSpark)
    HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe [30096 2012-11-03] (VER_COMPANY_NAME)
    HKU\the cook\...\Run: [MyWebSearch Email Plugin] - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE [38408 2011-07-02] (MyWebSearch.com)
    HKU\the cook\...\Run: [DW7] - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-07-18] (The Weather Channel)
    
    S2 MapsGalaxy_39Service
    S2 MyFunCardsbarIEService
    S2 MyWebSearchService
    S2 TotalRecipeSearch_14Service
    S2 WeatherBlinkService
    S0 rjaty
    
    C:\Program Files (x86)\Dogpile Bundle Toolbar
    C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job
    C:\Windows\Tasks\SuperLyrics-16-updater.job
    C:\Windows\Tasks\SuperLyrics-16-codedownloader.job
    C:\Windows\Tasks\SuperLyrics-16-enabler.job
    C:\Program Files (x86)\MapsGalaxy_39
    C:\Program Files (x86)\MyFunCardsbarIE
    C:\Program Files (x86)\MyWebSearch
    C:\Program Files (x86)\TotalRecipeSearch_14
    C:\Program Files (x86)\WeatherBlink
    C:\windowsßSystem32\drivers\imofugc.sys
    C:\Program Files (x86)\The Weather Channel
    C:\Program Files (x86)\TotalRecipeSearch_14

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 ZcarEnthusiast5

ZcarEnthusiast5
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 20 February 2014 - 10:54 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by SYSTEM at 2014-02-20 09:53:10 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [MyFunCardsbarIE Browser Plugin Loader] - C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8brmon.exe [20480 2011-03-20] (MyFunCards)
HKLM-x32\...\Run: [My Web Search Bar Search Scope Monitor] - C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE [34336 2011-07-02] (MyWebSearch.com)
HKLM-x32\...\Run: [MyWebSearch Email Plugin] - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE [38408 2011-07-02] (MyWebSearch.com)
HKLM-x32\...\Run: [WeatherBlink Browser Plugin Loader] - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbrmon.exe [30096 2011-08-27] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [TotalRecipeSearch Search Scope Monitor] - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe [38440 2011-10-18] (MindSpark)
HKLM-x32\...\Run: [TotalRecipeSearch_14 Browser Plugin Loader] - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe [30096 2011-10-18] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [MapsGalaxy Search Scope Monitor] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [42536 2012-11-03] (MindSpark)
HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe [30096 2012-11-03] (VER_COMPANY_NAME)
HKU\the cook\...\Run: [MyWebSearch Email Plugin] - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE [38408 2011-07-02] (MyWebSearch.com)
HKU\the cook\...\Run: [DW7] - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13103104 2013-07-18] (The Weather Channel)

S2 MapsGalaxy_39Service
S2 MyFunCardsbarIEService
S2 MyWebSearchService
S2 TotalRecipeSearch_14Service
S2 WeatherBlinkService
S0 rjaty

C:\Program Files (x86)\Dogpile Bundle Toolbar
C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job
C:\Windows\Tasks\SuperLyrics-16-updater.job
C:\Windows\Tasks\SuperLyrics-16-codedownloader.job
C:\Windows\Tasks\SuperLyrics-16-enabler.job
C:\Program Files (x86)\MapsGalaxy_39
C:\Program Files (x86)\MyFunCardsbarIE
C:\Program Files (x86)\MyWebSearch
C:\Program Files (x86)\TotalRecipeSearch_14
C:\Program Files (x86)\WeatherBlink
C:\windowsßSystem32\drivers\imofugc.sys
C:\Program Files (x86)\The Weather Channel
C:\Program Files (x86)\TotalRecipeSearch_14
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MyFunCardsbarIE Browser Plugin Loader => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WeatherBlink Browser Plugin Loader => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch Search Scope Monitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch_14 Browser Plugin Loader => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy Search Scope Monitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy_39 Browser Plugin Loader => Value deleted successfully.
HKU\the cook\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin => Value deleted successfully.
HKU\the cook\Software\Microsoft\Windows\CurrentVersion\Run\\DW7 => Value deleted successfully.
C:\Program Files (x86)\Dogpile Bundle Toolbar => Moved successfully.
C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job => Moved successfully.
C:\Windows\Tasks\SuperLyrics-16-updater.job => Moved successfully.
C:\Windows\Tasks\SuperLyrics-16-codedownloader.job => Moved successfully.
C:\Windows\Tasks\SuperLyrics-16-enabler.job => Moved successfully.
C:\Program Files (x86)\MapsGalaxy_39 => Moved successfully.
C:\Program Files (x86)\MyFunCardsbarIE => Moved successfully.
C:\Program Files (x86)\MyWebSearch => Moved successfully.
C:\Program Files (x86)\TotalRecipeSearch_14 => Moved successfully.
C:\Program Files (x86)\WeatherBlink => Moved successfully.
"C:\windowsßSystem32\drivers\imofugc.sys" => File/Directory not found.
C:\Program Files (x86)\The Weather Channel => Moved successfully.
"C:\Program Files (x86)\TotalRecipeSearch_14" => File/Directory not found.

==== End of Fixlog ====



#10 ZcarEnthusiast5

ZcarEnthusiast5
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 22 February 2014 - 09:57 AM

Any luck?

#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 24 February 2014 - 04:39 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    S2 MapsGalaxy_39Service; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [42504 2012-11-03] (COMPANYVERS_NAME)
    S2 MyFunCardsbarIEService; C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8barsvc.exe [28766 2011-03-20] (MyFunCards)
    S2 MyWebSearchService; C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE [34320 2011-07-02] (MyWebSearch.com)
    S2 TotalRecipeSearch_14Service; C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe [42504 2011-10-18] (COMPANYVERS_NAME)
    S2 WeatherBlinkService; C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbarsvc.exe [42504 2011-08-27] (COMPANYVERS_NAME)
    S0 rjaty; System32\drivers\imofugc.sys [X]
    
    C:\windows\System32\drivers\imofugc.sys

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Try to boot into windows now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 ZcarEnthusiast5

ZcarEnthusiast5
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 25 February 2014 - 07:23 PM

Sorry for the late response. Ive been moving this weekend and dont have internet yet. Im going to do this tonight and post the log.

#13 ZcarEnthusiast5

ZcarEnthusiast5
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 26 February 2014 - 12:08 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by SYSTEM at 2014-02-25 23:04:17 Run:2
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************

S2 MapsGalaxy_39Service; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [42504 2012-11-03] (COMPANYVERS_NAME) S2 MyFunCardsbarIEService; C:\Program Files (x86)\MyFunCardsbarIE\bar\1.bin\c8barsvc.exe [28766 2011-03-20] (MyFunCards) S2 MyWebSearchService; C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE [34320 2011-07-02] (MyWebSearch.com) S2 TotalRecipeSearch_14Service; C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe [42504 2011-10-18] (COMPANYVERS_NAME) S2 WeatherBlinkService; C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbarsvc.exe [42504 2011-08-27] (COMPANYVERS_NAME) S0 rjaty; System32\drivers\imofugc.sys [X] C:\windows\System32\drivers\imofugc.sys
*****************

MapsGalaxy_39Service => Service deleted successfully.

==== End of Fixlog ====

#14 ZcarEnthusiast5

ZcarEnthusiast5
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 26 February 2014 - 12:12 AM

I tried to boot in safe mode and regularly. It will still not boot. It just sits at the starting windows screen or at the screen where it loads files in safe mode

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 26 February 2014 - 07:02 AM

You did it wrong - please download and use the attached fixlist.txt.

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users