Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Runs Super Slow and Hangs Up


  • This topic is locked This topic is locked
53 replies to this topic

#1 rwbil

rwbil

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 04 July 2014 - 12:22 PM

When I boot into normal mode the computer is running super slow and the mouse just becomes an hour glass and hangs up

I have a Gateway Laptop running Window7 64 Bit.

Here is a list of what I have already tried,



1) I have run all the following programs:

SuperAntiSpyware
Sbybot
CC Cleaner - Both files and registry cleaners
Malwarebytes

Norton

 

Did not make any difference

 

2) I opened up Msconfig and changed it to Selective startup. I stopped all startup programs and all non microsoft services, but it did not make any difference.

 

3)  Ran the windows Hard Drive Checkdsk

 

4)  Ran both the windows memory test and Memtest86 Test.  Both passed

 

5)  Ran coretemp and the CPU temperature was around 57 - 62 degrees, though when running Memtest86 the temperature during that test showed 90 degrees. 

 

6)  Ran system restore and restored to an earlier time, but made no difference.

 

Not sure what to do next

 

Robert

Attached Files

  • Attached File  dds.txt   17.98KB   5 downloads

Edited by rwbil, 04 July 2014 - 01:32 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 09 July 2014 - 09:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
---

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 rwbil

rwbil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 10 July 2014 - 07:22 AM

My computer is unusable in normal startup, so I had to use selective startup and safe mode to run the programs. I have been using selective startup and slowly adding back services to see if I can tell which one is causing the problem.  I ran all the programs, but still having the same problem.  attached are all the documents. 

 

thanks in advance,

Robert

 

Rogue Killer

 

 

RogueKiller V9.2.1.0 (x64) [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : RB [Admin rights]
Mode : Remove -- Date : 07/09/2014  14:50:18

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PCDSRVC{27046300-D7663439-06020101}_0 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PCDSRVC{A7046300-6973DA3E-06020101}_0 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{27046300-D7663439-06020101}_0 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{A7046300-6973DA3E-06020101}_0 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCDSRVC{27046300-D7663439-06020101}_0 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCDSRVC{A7046300-6973DA3E-06020101}_0 -> DELETED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> REPLACED (1)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> REPLACED (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\DTReg -- C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe -> DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] 63ofpy9v.default-1393541549552 : Better-Surf [12x3q@3244516.com] -> NOT SELECTED
[PUP][CHROME:Addon] Default : DefaultTab [kdidombaedgpfiiedeimiebkmbilgmlc] -> NOT SELECTED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5059GSXP +++++
--- User ---
[MBR] 4369017d36062e7eae4aa30ce7d0b967
[BSP] a2f2306ace70b9104b99c40d7d208980 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 26626048 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 26830848 | Size: 463838 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_07092014_141606.log

 

Adware

 

# AdwCleaner v3.215 - Report created 09/07/2014 at 16:48:29
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : RB - RB-PC
# Running from : C:\Software Downloads\adware cleaner\adwcleaner_3.215.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MocaFlix
Folder Deleted : C:\Program Files (x86)\Playbryte
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Users\Public\util
Folder Deleted : C:\Users\RB\AppData\Local\Conduit
Folder Deleted : C:\Users\RB\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\RB\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\RB\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\RB\AppData\LocalLow\Playbryte
Folder Deleted : C:\Users\RB\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\RB\AppData\LocalLow\SaveAs
Folder Deleted : C:\Users\RB\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\RB\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\RB\AppData\Roaming\Mozilla\Firefox\Profiles\x2akftae.default-1368741130208\CT3309758
Folder Deleted : C:\Users\RB\AppData\Roaming\Mozilla\Firefox\Profiles\x2akftae.default-1368741130208\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\RB\AppData\Roaming\Mozilla\Firefox\Profiles\x2akftae.default-1368741130208\Extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}
Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccgecmdiepkohcmiiceepaajmkgcgmhi
Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfefddgmamhfbnbiflbagmkimkbocmjo
Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikgpfldbniofehgooldbafbgbfjgplb
Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdhphodmcnafnnbfgcamkcjkcbaneab
Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdllbdlkncpcceinlgjaagomifkgcjeo
Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
[!] Folder Deleted : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
File Deleted : C:\END
File Deleted : C:\Windows\System32\Tasks\DTChk

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\RB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gikgpfldbniofehgooldbafbgbfjgplb
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil
Key Deleted : HKCU\Software\Google\Chrome\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\loemjcdefhdidbjiflmobkpjohbfefee
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Jing]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\b1.org
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\b1.org
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Playbryte
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E513E8F5-24BC-4F37-B3CA-D41E84960E99}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : [x64] HKLM\SOFTWARE\b1.org
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\mocaflix\sprote~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\RB\AppData\Roaming\Mozilla\Firefox\Profiles\63ofpy9v.default-1393541549552\prefs.js ]


[ File : C:\Users\RB\AppData\Roaming\Mozilla\Firefox\Profiles\x2akftae.default-1368741130208\prefs.js ]

Line Deleted : user_pref("CT3309758.FF19Solved", "true");
Line Deleted : user_pref("CT3309758.UserID", "UN10187559169319105");
Line Deleted : user_pref("CT3309758.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3309758.autoDisableScopes", -1);
Line Deleted : user_pref("CT3309758.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3309758.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3309758.fullUserID", "UN10187559169319105.IN.20130731020435");
Line Deleted : user_pref("CT3309758.installDate", "31/07/2013 02:04:35");
Line Deleted : user_pref("CT3309758.installSessionId", "{930C78F3-6050-496B-A8C1-02CA1168BB05}");
Line Deleted : user_pref("CT3309758.installSp", "TRUE");
Line Deleted : user_pref("CT3309758.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3309758.keyword", "true");
Line Deleted : user_pref("CT3309758.originalHomepage", "www.gmail.com");
Line Deleted : user_pref("CT3309758.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3309758.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3309758.originalSearchEngineName", "");
Line Deleted : user_pref("CT3309758.searchRevert", "true");
Line Deleted : user_pref("CT3309758.searchUserMode", "2");
Line Deleted : user_pref("CT3309758.smartbar.homepage", "true");
Line Deleted : user_pref("CT3309758.startPageXPETakeover", "true");
Line Deleted : user_pref("CT3309758.versionFromInstaller", "10.16.70.5");
Line Deleted : user_pref("CT3309758.xpeMode", "3");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309758&octid=CT3309758&SearchSource=61&CUI=UN10187559169319105&UM=2&UP=SP892200D1-5E18-4241-B9B7-6C0FC396C608");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "TrustWorthy Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "TrustWorthy Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "TrustWorthy Customized Web Search");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3309758");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3309758&CUI=UN10187559169319105&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3309758&octid=CT3309758&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN10187559169319105&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3309758");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3309758");
Line Deleted : user_pref("smartbar.machineId", "8M2U6CE7IWZRZXTT+SZGZU3KTBCMNTCFTPEYPSQSBRI2DWJMWW7UNOVLADUAGEY0W2DRGOARI43A+DYC2IDB6W");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=US&uderid=27924d5d-4eed-43e3-a727-0383d6ad3c78&searchtype=ds&q={searchTerms}&installDate=18/02/2013
Deleted [Search Provider] : hxxp://websearch.good-results.info/?l=1&q={searchTerms}&pid=499&r=2013/02/18&hid=1276213131&lg=EN&cc=US
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN34304023842348743&ctid=CT3309758&UM=2
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [20505 octets] - [09/07/2014 16:43:07]
AdwCleaner[R1].txt - [20507 octets] - [09/07/2014 16:43:50]
AdwCleaner[S0].txt - [17397 octets] - [09/07/2014 16:48:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17458 octets] ##########

 

 

Farbar

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by RB (administrator) on RB-PC on 10-07-2014 07:59:17
Running from C:\Software Downloads\FARBAR
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-10-17] (FileOpen Systems Inc.)
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [AutosetFrequency] => C:\Windows\AutosetFrequency.exe [51712 2010-01-26] ( )
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-01] (Dritek System Inc.)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files (x86)\Video Web Camera\traybar.exe [600688 2010-07-15] (Chicony)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [258304 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3705890872-3799918270-1620284396-1000\...\Run: [Gadwin PrintScreen Pro] => C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [1869552 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-3705890872-3799918270-1620284396-1000\...\Run: [TinyGrab] => C:\Program Files (x86)\Keyone Productions\TinyGrab\TinyGrab.exe [1574400 2011-03-30] (Keyone Productions)
HKU\S-1-5-21-3705890872-3799918270-1620284396-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3705890872-3799918270-1620284396-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3705890872-3799918270-1620284396-1000\...\Run: [WorkForce 520(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3705890872-3799918270-1620284396-1000\...\Run: [Wisdom-soft ScreenHunter 6.0 Free] => 0
HKU\S-1-5-21-3705890872-3799918270-1620284396-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-21] (Google Inc.)
HKU\S-1-5-21-3705890872-3799918270-1620284396-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3705890872-3799918270-1620284396-1000\...\MountPoints2: {4e9f041f-b529-11e1-8b76-206a8a2f3794} - E:\LaunchU3.exe
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll [85304 2013-03-07] (Zemana Ltd.)
AppInit_DLLs-x32: c:\progra~2\keycry~1\ke50fd~1.dll => c:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll [78136 2013-03-07] (Zemana Ltd.)
AppInit_DLLs-x32: , c:\progra~3\turbonet\turbonet.dll => "c:\progra~3\turbonet\turbonet.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\Users\RB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk
ShortcutTarget: Check for TWS Updates.lnk -> C:\Jts\WiseUpdt.exe ()
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 0GenieTimeLine-BackedUp -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers: 0GenieTimeLine-Excluded -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers: 0GenieTimeLine-Folder -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers: 0GenieTimeLine-NotBackedUp -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers: 0GenieTimeLine-Pending  -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: 0GenieTimeLine-BackedUp -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers-x32: 0GenieTimeLine-Excluded -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers-x32: 0GenieTimeLine-Folder -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers-x32: 0GenieTimeLine-NotBackedUp -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl ()
ShellIconOverlayIdentifiers-x32: 0GenieTimeLine-Pending  -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\x86\GSTimelineIconOverlay.gtl ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {DA8E3B88-737F-4999-9867-05EB5C153061} URL = http://www.mysearchresults.com/search?c=4002&t=01&q={searchTerms}
SearchScopes: HKCU - {E98F8829-29ED-4BDC-B943-F4255750F134} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309758&CUI=UN12987900502051030&UM=2
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\RB\AppData\Roaming\Mozilla\Firefox\Profiles\63ofpy9v.default-1393541549552
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: www.gmail.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\RB\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-30]

Chrome:
=======
CHR Extension: (PlayBryte) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdamdknpkefdhhmmgkldiopiffhcomg [2014-01-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-27]
CHR Extension: (Webexp Enhanced) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglblameccgldkbdmokgmkglebggddoi [2014-01-09]
CHR Extension: (YouTube) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-29]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccgecmdiepkohcmiiceepaajmkgcgmhi [2013-02-18]
CHR Extension: (Google Search) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-29]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfefddgmamhfbnbiflbagmkimkbocmjo [2013-02-18]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikgpfldbniofehgooldbafbgbfjgplb [2012-11-30]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdhphodmcnafnnbfgcamkcjkcbaneab [2013-02-18]
CHR Extension: (Video Player) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgmnmmlogdainimddemdlfjgfifpgcc [2014-01-09]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdllbdlkncpcceinlgjaagomifkgcjeo [2013-02-18]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2014-01-09]
CHR Extension: (Norton Identity Protection) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR Extension: (Gmail) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [agdamdknpkefdhhmmgkldiopiffhcomg] - C:\Users\RB\AppData\LocalLow\Playbryte\Chrome.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [bglblameccgldkbdmokgmkglebggddoi] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha267\ch\WebexpEnhancedV1alpha267.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [jdgmnmmlogdainimddemdlfjgfifpgcc] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta800\ch\VideoPlayerV3beta800.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 DCSLoader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHALDCS.EXE [20480 2007-05-29] (Oki Data Corporation) [File not signed]
S2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-10-17] (FileOpen Systems Inc.)
S2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [672272 2013-09-02] (Genie9)
S2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
S2 wuauserv; C:\Windows\system32\wuaueng.dll [2428952 2012-06-02] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

S1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-05-17] (Zemana Ltd.)
S3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2013-02-14] (Windows ® Codename Longhorn DDK provider)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-03] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140709.001\IDSvia64.sys [525016 2014-07-03] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25784 2013-03-07] (Zemana Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [152344 2013-05-20] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140709.034\ENG64.SYS [126040 2014-07-03] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140709.034\EX64.SYS [2099288 2014-07-03] (Symantec Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 t2usb64; C:\Windows\System32\drivers\t2usb64.sys [428664 2013-03-29] (Magic Control Technology Corp.)
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 07:58 - 2014-07-10 07:59 - 00000000 ____D () C:\FRST
2014-07-09 16:43 - 2014-07-09 16:50 - 00000000 ____D () C:\AdwCleaner
2014-07-09 16:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-09 15:03 - 2014-07-10 07:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 15:03 - 2014-07-09 15:03 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-09 15:03 - 2014-07-09 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-09 15:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-09 15:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-09 15:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-09 14:08 - 2014-07-09 14:08 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-09 14:08 - 2014-07-09 14:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-04 14:22 - 2014-07-04 14:23 - 00032055 _____ () C:\Users\RB\Desktop\attach.txt
2014-07-04 14:22 - 2014-07-04 14:23 - 00018409 _____ () C:\Users\RB\Desktop\dds.txt
2014-07-04 10:28 - 2014-07-04 10:31 - 00000000 ____D () C:\Program Files\Core Temp
2014-07-04 10:28 - 2014-07-04 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2014-07-04 10:23 - 2014-07-04 10:23 - 00000017 _____ () C:\Users\RB\AppData\Local\resmon.resmoncfg
2014-07-03 10:47 - 2014-07-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 10:47 - 2014-07-03 10:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 20:03 - 2014-06-25 20:03 - 00000000 ____D () C:\Users\RB\Documents\Pictures 6 25 14
2014-06-18 09:06 - 2014-07-10 07:43 - 00393398 _____ () C:\Windows\PFRO.log
2014-06-18 03:10 - 2014-06-20 00:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 15:02 - 2014-07-10 07:43 - 00001882 _____ () C:\Windows\setupact.log
2014-06-15 15:02 - 2014-06-15 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 14:46 - 2014-06-15 14:46 - 00000096 _____ () C:\Windows\wininit.ini
2014-06-11 01:57 - 2014-06-11 01:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite

==================== One Month Modified Files and Folders =======

2014-07-10 07:59 - 2014-07-10 07:58 - 00000000 ____D () C:\FRST
2014-07-10 07:47 - 2014-07-09 15:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 07:47 - 2012-05-23 13:19 - 00000000 ____D () C:\Users\RB\AppData\Roaming\ID Vault
2014-07-10 07:44 - 2013-08-11 08:28 - 00002813 _____ () C:\Windows\system32\GManager.ini
2014-07-10 07:44 - 2013-03-20 17:04 - 00000000 ____D () C:\Brother Printer Scans
2014-07-10 07:44 - 2013-03-01 17:26 - 00000031 _____ () C:\Windows\system32\bbcap.err
2014-07-10 07:43 - 2014-06-18 09:06 - 00393398 _____ () C:\Windows\PFRO.log
2014-07-10 07:43 - 2014-06-15 15:02 - 00001882 _____ () C:\Windows\setupact.log
2014-07-10 07:43 - 2012-08-21 11:02 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 07:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 07:41 - 2014-01-25 09:10 - 00000000 ____D () C:\Windows\pss
2014-07-10 07:33 - 2014-03-02 00:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-10 07:25 - 2014-02-04 21:48 - 00000532 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3705890872-3799918270-1620284396-1000.job
2014-07-10 06:59 - 2012-08-21 11:02 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 06:00 - 2014-01-28 01:48 - 00000504 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 31a0920d-5777-41f8-8c72-0c4b69fb031b.job
2014-07-10 03:02 - 2012-05-23 13:19 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-07-10 00:45 - 2014-01-28 01:50 - 00000504 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1c65bd54-1c36-4c57-bc02-4a40c9f3c3ab.job
2014-07-09 17:01 - 2009-07-14 00:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 17:01 - 2009-07-14 00:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 16:50 - 2014-07-09 16:43 - 00000000 ____D () C:\AdwCleaner
2014-07-09 16:50 - 2013-03-17 13:56 - 00001111 _____ () C:\Users\RB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-09 16:06 - 2012-06-30 13:48 - 00000000 ____D () C:\Users\RB\AppData\Local\CrashDumps
2014-07-09 15:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2014-07-09 15:03 - 2014-07-09 15:03 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-09 15:03 - 2014-07-09 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-09 15:03 - 2014-07-03 10:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-09 14:59 - 2011-12-24 16:52 - 01702490 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 14:08 - 2014-07-09 14:08 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-09 14:08 - 2014-07-09 14:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-08 23:33 - 2014-03-02 00:38 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 23:33 - 2014-03-02 00:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 23:33 - 2014-03-02 00:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-06 19:39 - 2012-05-23 13:20 - 00000000 ____D () C:\Users\RB\AppData\Local\ID Vault
2014-07-05 12:26 - 2014-02-04 21:48 - 00003550 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3705890872-3799918270-1620284396-1000
2014-07-04 14:23 - 2014-07-04 14:22 - 00032055 _____ () C:\Users\RB\Desktop\attach.txt
2014-07-04 14:23 - 2014-07-04 14:22 - 00018409 _____ () C:\Users\RB\Desktop\dds.txt
2014-07-04 11:38 - 2011-12-24 16:52 - 00000682 _____ () C:\Windows\AutoSetFrequency.ini
2014-07-04 10:31 - 2014-07-04 10:28 - 00000000 ____D () C:\Program Files\Core Temp
2014-07-04 10:28 - 2014-07-04 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2014-07-04 10:23 - 2014-07-04 10:23 - 00000017 _____ () C:\Users\RB\AppData\Local\resmon.resmoncfg
2014-07-04 08:36 - 2012-02-21 21:11 - 00000000 ____D () C:\Users\RB
2014-07-04 08:34 - 2013-03-31 16:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-04 08:34 - 2013-01-09 12:53 - 00000000 ____D () C:\Users\RB\AppData\Local\Keyone_Productions
2014-07-04 08:34 - 2012-08-21 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-04 08:34 - 2010-09-18 22:00 - 00000000 ____D () C:\ProgramData\oem
2014-07-04 08:34 - 2010-09-18 21:53 - 00000000 ____D () C:\ProgramData\Norton
2014-07-04 08:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-04 08:33 - 2013-12-11 23:45 - 00000000 ____D () C:\Users\RB\AppData\Roaming\Skype
2014-07-04 08:33 - 2012-05-23 17:56 - 00000000 __RHD () C:\MSOCache
2014-07-04 08:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-07-03 10:47 - 2014-07-03 10:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 05:51 - 2010-09-18 22:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-25 20:03 - 2014-06-25 20:03 - 00000000 ____D () C:\Users\RB\Documents\Pictures 6 25 14
2014-06-20 08:51 - 2012-11-28 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-20 00:49 - 2014-06-18 03:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 08:27 - 2012-12-04 21:15 - 00000000 ____D () C:\Jts
2014-06-15 15:02 - 2014-06-15 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-15 14:46 - 2014-06-15 14:46 - 00000096 _____ () C:\Windows\wininit.ini
2014-06-15 13:10 - 2013-04-22 13:12 - 00001199 _____ () C:\Users\RB\Desktop\Emails used for 10 off.docx - Shortcut.lnk
2014-06-15 12:56 - 2014-01-16 22:27 - 00000000 ____D () C:\SUPERDelete
2014-06-12 03:08 - 2013-08-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:03 - 2012-05-23 17:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 03:03 - 2012-05-23 12:51 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 07:33 - 2013-03-31 18:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-11 01:57 - 2014-06-11 01:57 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-06-11 01:51 - 2013-11-30 11:45 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-06-11 01:51 - 2013-11-26 01:32 - 00002447 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-06-11 01:51 - 2013-02-13 09:24 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-11 01:51 - 2012-05-23 17:37 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 19:16

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 10 July 2014 - 08:20 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

AppInit_DLLs-x32: , c:\progra~3\turbonet\turbonet.dll => "c:\progra~3\turbonet\turbonet.dll" File Not Found
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {DA8E3B88-737F-4999-9867-05EB5C153061} URL = http://www.mysearchresults.com/search?c=4002&t=01&q={searchTerms}
SearchScopes: HKCU - {E98F8829-29ED-4BDC-B943-F4255750F134} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309758&CUI=UN12987900502051030&UM=2
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Extension: (PlayBryte) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdamdknpkefdhhmmgkldiopiffhcomg [2014-01-09]
CHR Extension: (Webexp Enhanced) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglblameccgldkbdmokgmkglebggddoi [2014-01-09]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccgecmdiepkohcmiiceepaajmkgcgmhi [2013-02-18]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfefddgmamhfbnbiflbagmkimkbocmjo [2013-02-18]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikgpfldbniofehgooldbafbgbfjgplb [2012-11-30]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdhphodmcnafnnbfgcamkcjkcbaneab [2013-02-18]
CHR Extension: (Video Player) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgmnmmlogdainimddemdlfjgfifpgcc [2014-01-09]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdllbdlkncpcceinlgjaagomifkgcjeo [2013-02-18]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [agdamdknpkefdhhmmgkldiopiffhcomg] - C:\Users\RB\AppData\LocalLow\Playbryte\Chrome.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [jdgmnmmlogdainimddemdlfjgfifpgcc] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta800\ch\VideoPlayerV3beta800.crx [2012-08-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 rwbil

rwbil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 14 July 2014 - 09:18 PM

Ran the programs.   The computer still does not function in Normal Startup.  After running these programs the computer became unusable in normal or selective startup and i could not connect to the internet in safe mode.  In fact it would not see my network.  So I had to restore back to an earlier point.  The computer is back to working in selective and startup mode but not in normal mode.

 

 

Not sure if it makes a difference if I run them in Selective Startup or Safe Mode.  I ran FRST in selective startup and  I ran the security program in Safe Mode.

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014 01
Ran by RB at 2014-07-14 21:18:42 Run:1
Running from C:\Software Downloads\FARBAR
Boot Mode: Normal
==============================================

Content of fixlog:
*****************
start

AppInit_DLLs-x32: , c:\progra~3\turbonet\turbonet.dll => "c:\progra~3\turbonet\turbonet.dll" File Not Found
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {DA8E3B88-737F-4999-9867-05EB5C153061} URL = http://www.mysearchresults.com/search?c=4002&t=01&q={searchTerms}
SearchScopes: HKCU - {E98F8829-29ED-4BDC-B943-F4255750F134} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309758&CUI=UN12987900502051030&UM=2
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Extension: (PlayBryte) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdamdknpkefdhhmmgkldiopiffhcomg [2014-01-09]
CHR Extension: (Webexp Enhanced) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglblameccgldkbdmokgmkglebggddoi [2014-01-09]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccgecmdiepkohcmiiceepaajmkgcgmhi [2013-02-18]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfefddgmamhfbnbiflbagmkimkbocmjo [2013-02-18]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikgpfldbniofehgooldbafbgbfjgplb [2012-11-30]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdhphodmcnafnnbfgcamkcjkcbaneab [2013-02-18]
CHR Extension: (Video Player) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgmnmmlogdainimddemdlfjgfifpgcc [2014-01-09]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdllbdlkncpcceinlgjaagomifkgcjeo [2013-02-18]
CHR Extension: (No Name) - C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [agdamdknpkefdhhmmgkldiopiffhcomg] - C:\Users\RB\AppData\LocalLow\Playbryte\Chrome.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [jdgmnmmlogdainimddemdlfjgfifpgcc] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta800\ch\VideoPlayerV3beta800.crx [2012-08-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

End
*****************

", c:\progra~3\turbonet\turbonet.dll" => Value Data not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA8E3B88-737F-4999-9867-05EB5C153061}' => Key deleted successfully.
'HKCR\CLSID\{DA8E3B88-737F-4999-9867-05EB5C153061}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E98F8829-29ED-4BDC-B943-F4255750F134}' => Key deleted successfully.
'HKCR\CLSID\{E98F8829-29ED-4BDC-B943-F4255750F134}'=> Key not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdamdknpkefdhhmmgkldiopiffhcomg => Moved successfully.
C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglblameccgldkbdmokgmkglebggddoi => Moved successfully.
C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccgecmdiepkohcmiiceepaajmkgcgmhi => Moved successfully.
C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfefddgmamhfbnbiflbagmkimkbocmjo => Moved successfully.
C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikgpfldbniofehgooldbafbgbfjgplb => Moved successfully.
C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdhphodmcnafnnbfgcamkcjkcbaneab => Moved successfully.
C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdgmnmmlogdainimddemdlfjgfifpgcc => Moved successfully.
C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdllbdlkncpcceinlgjaagomifkgcjeo => Moved successfully.
C:\Users\RB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\agdamdknpkefdhhmmgkldiopiffhcomg' => Key deleted successfully.
"C:\Users\RB\AppData\LocalLow\Playbryte\Chrome.crx" => File/Directory not found.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jdgmnmmlogdainimddemdlfjgfifpgcc' => Key deleted successfully.
"C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta800\ch\VideoPlayerV3beta800.crx" => File/Directory not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
PcdrNdisuio => Service deleted successfully.

==== End of Fixlog ====

 

 

 

Security check

 Results of screen317's Security Check version 0.99.85  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 SlimCleaner     
 JavaFX 2.1.0    
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.154  
 Google Chrome 35.0.1916.153  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 


Edited by rwbil, 14 July 2014 - 10:25 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 15 July 2014 - 08:40 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 45

===

Restart the computer normally.

 

Windows 7 x64 (UAC is enabled)
Out of date service pack!!


For you added security install Windows 7 Service Pack 1 (SP1)
http://windows.microsoft.com/installwindows7sp1

Click the Out of date service pack!! on the SecurityCheck log and update your Service Pack.
===

How is the computer running now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 21 July 2014 - 08:07 AM

Are you still with me?

#8 rwbil

rwbil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 21 July 2014 - 09:13 AM

Yes.  I updated JAVA but I could not update to SP1.  I spent hours trying.  Remember I can not function in normal mode and windows update is not running.  Tried running that service and other methods but nothing worked.  Actually computer is worst now.  It will not access the internet unless I boot in safe mode with networking.  I am starting to think my only option might be a windows re-install.  But up for any other suggestions



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 21 July 2014 - 10:53 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark the following options only.
05
06
13
15
17
21
26

.

01 - Reset Registry Permissions
02 - Reset File Permissions
03 - Reset Service permissions
04 - Register System Files
05 - Repair WMI
06 - Repair Windows Firewall
07 - Repair Internet Explorer
08 - Repair MDAC & MS Jet
09 - Repair Hosts File
10 - Remove Policies Set By Infections
11 - Repair Start menu icons Removed by Infections
12 - Repair Icons
13 - Repair Winsock & DNS Cache
14 - Remove Temp Files
15 - Repair Proxy Settings
16 - Unhide Non System Files
17 - Repair Windows Updates
18 - Repair CD/DVD Missing/Not Working
19 - Repair Volume Shawdow Volume Copy Service
20 - Repair Windows Sidebar / Gadgets
21 - Repair MSI (Windows Installer)
22 - Repair Windows Snipping Tool
23 - Repair File Associatesions
24 - Repair Windows Safe Mode
25 - Repair Print Spooler
26 - Restore Important Windows Services
27 - Set Windows Services to Default Startup
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Keep me posted.

#10 rwbil

rwbil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 21 July 2014 - 02:40 PM

Ran the program.  It made things worst.  The computer was not functional in Normal or Selective Startup.  And in Safe Mode with networking it could not find a network, so no internet.  I am using restore to restore back.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 22 July 2014 - 06:56 AM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#12 rwbil

rwbil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 24 July 2014 - 12:42 PM

Per my previous post I had to restore to an earlier version because nothing was working.  I ran mini tool box in safe mode where my internet connection worked.  After that or the restore, not sure which, I had internet in selective mode.  But the computer still hangs and is unusable in normal startup..  Below is the file:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by RB (administrator) on 22-07-2014 at 16:15:19
Running from "C:\Software Downloads\mini tool box"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : RB-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 20-6A-8A-2F-37-94
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : 74-DE-2B-D8-52-DE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::54da:e706:1bdb:20c%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, July 22, 2014 4:11:37 PM
   Lease Expires . . . . . . . . . . : Wednesday, July 23, 2014 4:11:37 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 192208427
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-87-F3-1E-74-DE-2B-D8-52-DE
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{602AD9D6-CEB1-4990-8112-D7D99BB3D616}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0E2ECEB2-6275-4AD2-97AD-F247074B701D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4008:805::1009
      173.194.37.3
      173.194.37.6
      173.194.37.0
      173.194.37.1
      173.194.37.5
      173.194.37.9
      173.194.37.2
      173.194.37.4
      173.194.37.8
      173.194.37.14
      173.194.37.7


Pinging google.com [173.194.37.103] with 32 bytes of data:
Reply from 173.194.37.103: bytes=32 time=27ms TTL=55
Reply from 173.194.37.103: bytes=32 time=26ms TTL=55

Ping statistics for 173.194.37.103:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 27ms, Average = 26ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=54ms TTL=50
Reply from 98.139.183.24: bytes=32 time=55ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 54ms, Maximum = 55ms, Average = 54ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...20 6a 8a 2f 37 94 ......Broadcom NetLink ™ Gigabit Ethernet
 11...74 de 2b d8 52 de ......Atheros AR5B97 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    281
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::54da:e706:1bdb:20c/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/22/2014 03:58:07 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\wuaueng.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\wuaueng.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (07/22/2014 03:58:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000006
Fault offset: 0x00000000000158e5
Faulting process id: 0x3c4
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (07/22/2014 00:32:44 PM) (Source: IDVault) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (07/22/2014 00:32:44 PM) (Source: IDVault) (User: )
Description: Display Flag Error Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error: (07/21/2014 10:01:15 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\wuaueng.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\wuaueng.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (07/21/2014 10:01:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000006
Fault offset: 0x00000000000158e5
Faulting process id: 0x20ec
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (07/21/2014 08:05:26 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\wuaueng.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\wuaueng.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (07/21/2014 08:05:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc0000006
Fault offset: 0x00000000000158e5
Faulting process id: 0x3d4
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (07/21/2014 06:53:52 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (07/21/2014 06:11:19 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/22/2014 04:13:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 04:13:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 04:13:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 04:13:42 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (07/22/2014 04:13:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 04:13:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 04:13:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 04:13:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 04:13:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/22/2014 04:13:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/22/2014 03:58:07 PM) (Source: Application Error)(User: )
Description: C:\Windows\System32\wuaueng.dllHost Process for Windows ServicesC00001853

Error: (07/22/2014 03:58:07 PM) (Source: Application Error)(User: )
Description: svchost.exe_wuauserv6.1.7600.163854a5bc3c1ntdll.dll6.1.7600.169154ec4b137c000000600000000000158e53c401cfa5d47578e4c3C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll7f99de60-11da-11e4-afaa-206a8a2f3794

Error: (07/22/2014 00:32:44 PM) (Source: IDVault)(User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (07/22/2014 00:32:44 PM) (Source: IDVault)(User: )
Description: Display Flag Error Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error: (07/21/2014 10:01:15 PM) (Source: Application Error)(User: )
Description: C:\Windows\System32\wuaueng.dllHost Process for Windows ServicesC00001853

Error: (07/21/2014 10:01:15 PM) (Source: Application Error)(User: )
Description: svchost.exe_wuauserv6.1.7600.163854a5bc3c1ntdll.dll6.1.7600.169154ec4b137c000000600000000000158e520ec01cfa540a4c90186C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll0fb6f493-1144-11e4-ab4a-206a8a2f3794

Error: (07/21/2014 08:05:26 PM) (Source: Application Error)(User: )
Description: C:\Windows\System32\wuaueng.dllHost Process for Windows ServicesC00001853

Error: (07/21/2014 08:05:26 PM) (Source: Application Error)(User: )
Description: svchost.exe_wuauserv6.1.7600.163854a5bc3c1ntdll.dll6.1.7600.169154ec4b137c000000600000000000158e53d401cfa530a0d415bdC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlle1649e73-1133-11e4-ab4a-206a8a2f3794

Error: (07/21/2014 06:53:52 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (07/21/2014 06:11:19 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


**** End of log ****
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 24 July 2014 - 01:40 PM


Looking at your erro log I suggest the following for now.

Run the SFC.EXE tool.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

When complete run CHKDSK as suggested in the error log.

Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

Keep me posted.

#14 rwbil

rwbil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 25 July 2014 - 06:55 PM

"When I run SFC /Scannow it stops at verification 50% complete and then states Window Resource Protection could not perform the requested operation

 

Robert



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 26 July 2014 - 06:19 AM

Run the CHKDSK as suggested.

Then Try SFC.EXE one more time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users