Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't boot, System Repair won't fix


  • This topic is locked This topic is locked
32 replies to this topic

#1 spikespikespike

spikespikespike

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 12 July 2014 - 03:47 PM

My problem is very similar to this one, with this being the same signature I recieved, with all the same symptoms:

 

The Windows Repair Problem Signature
Problem Event Name: Startup Repair Offline
Problem Signature 1: 6.1.7600.16385
Problem Signature 2: 6.1.7600.16385
Problem Signature 3: Unknown
Problem Signature 4: 21200770
Problem Signature 5: AutoFailover
Problem Signature 6: 4
Problem Signature 7: BadDriver
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

 

There are a few differences though, which is why I am having trouble fixing the problem. Initially I was given no warning and my computer just reset while I was using the internet. I had no chance to run an antivirius or anything like that and the looping restarts began from there. I have tried most of the things that this previous user has tried with similar results; boot in safemode, chkdsk, sfc/scannow etc. all do nothing. I ran Farbar and found the difference to be that I have no At*.job files anywhere, which seemed to be at the root of this other person's problem. I don't know where to go from here. I've backed up all my files and will await instructions.

 

Here are my Farbar scan results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by SYSTEM on MININT-4IUPNBK on 12-07-2014 13:34:39
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-15] (Synaptics)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] ()
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-06-03] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-06-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2012-06-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-11] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-03] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Spike\...\Run: [Google Update] => C:\Users\Spike\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-20] (Google Inc.)
HKU\Spike\...\Run: [F.lux] => C:\Users\Spike\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\Spike\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17879216 2012-11-09] (Skype Technologies S.A.)
HKU\Spike\...\Run: [SearchProtection] => C:\Users\Spike\AppData\Roaming\Search Protection\SearchProtection.EXE [846696 2014-05-21] (Spigot, Inc.)
HKU\Spike\...\Run: [uTorrent] => C:\Users\Spike\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.)
HKU\Spike\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\Spike\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-14] (Adobe Systems Incorporated)
HKU\Spike\...\Policies\system: [Shell] %windir%\lock.exe
HKU\Spike\...\Policies\Explorer: []
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-02-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-22] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File
ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} =>  No File
AlternateShell: lockcmd.exe

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-12 01:38 - 2014-07-12 13:34 - 00000000 ____D () C:\FRST
2014-07-03 15:09 - 2014-07-03 20:30 - 00000000 ____D () C:\Users\Spike\Desktop\Castles
2014-06-29 22:01 - 2014-06-29 22:01 - 35648512 _____ () C:\Users\Spike\Downloads\PhysX-9.12.0613-SystemSoftware.msi
2014-06-29 19:48 - 2014-06-29 19:48 - 00000000 ____D () C:\ProgramData\Steam
2014-06-29 19:33 - 2014-06-29 19:33 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Hive Cluster
2014-06-24 16:38 - 2014-07-04 14:22 - 00000000 ____D () C:\Users\Spike\Desktop\Grad School
2014-06-23 15:35 - 2014-06-26 14:20 - 00000000 ____D () C:\Users\Spike\Desktop\Emily's Room
2014-06-22 17:00 - 2014-06-22 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-21 12:37 - 2014-06-21 12:37 - 00000000 ____D () C:\ProgramData\RELOADED
2014-06-18 15:04 - 2014-06-18 15:04 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\L.A.Noire

==================== One Month Modified Files and Folders =======

2014-07-12 13:34 - 2014-07-12 01:38 - 00000000 ____D () C:\FRST
2014-07-12 03:22 - 2012-09-13 09:10 - 00000000 ____D () C:\users\Spike
2014-07-07 14:12 - 2012-09-14 08:39 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\uTorrent
2014-07-07 14:10 - 2012-12-06 14:11 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-07-07 14:10 - 2012-10-15 15:11 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001UA.job
2014-07-07 14:05 - 2012-06-03 03:48 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-07 13:30 - 2013-01-25 14:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 12:15 - 2012-06-03 03:21 - 01421746 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 12:10 - 2012-09-13 09:10 - 02743625 _____ () C:\FaceProv.log
2014-07-07 12:10 - 2012-06-03 03:47 - 00000000 ____D () C:\ProgramData\VeriFace
2014-07-06 15:10 - 2012-10-15 15:11 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001Core.job
2014-07-06 15:05 - 2012-06-03 03:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 14:22 - 2014-06-24 16:38 - 00000000 ____D () C:\Users\Spike\Desktop\Grad School
2014-07-03 20:30 - 2014-07-03 15:09 - 00000000 ____D () C:\Users\Spike\Desktop\Castles
2014-07-03 02:25 - 2012-09-13 09:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-01 18:07 - 2014-05-06 12:32 - 00000000 ____D () C:\Users\Spike\Desktop\Art projects
2014-07-01 01:14 - 2009-07-13 20:51 - 00090304 _____ () C:\Windows\setupact.log
2014-06-29 22:02 - 2012-06-03 03:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-29 22:01 - 2014-06-29 22:01 - 35648512 _____ () C:\Users\Spike\Downloads\PhysX-9.12.0613-SystemSoftware.msi
2014-06-29 19:48 - 2014-06-29 19:48 - 00000000 ____D () C:\ProgramData\Steam
2014-06-29 19:48 - 2013-12-13 22:35 - 00000000 ____D () C:\Users\Spike\Documents\My Games
2014-06-29 19:33 - 2014-06-29 19:33 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Hive Cluster
2014-06-27 02:30 - 2012-09-13 15:20 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\vlc
2014-06-26 14:20 - 2014-06-23 15:35 - 00000000 ____D () C:\Users\Spike\Desktop\Emily's Room
2014-06-25 13:59 - 2012-09-13 09:31 - 00000000 ____D () C:\Users\Spike\Documents\Youcam
2014-06-24 14:29 - 2014-03-17 16:46 - 00000000 ____D () C:\Users\Spike\Desktop\Recent tabs
2014-06-23 15:46 - 2012-10-11 20:49 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Audacity
2014-06-22 17:00 - 2014-06-22 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 15:05 - 2012-10-15 15:11 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001UA
2014-06-22 15:05 - 2012-10-15 15:11 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001Core
2014-06-21 12:37 - 2014-06-21 12:37 - 00000000 ____D () C:\ProgramData\RELOADED
2014-06-18 15:04 - 2014-06-18 15:04 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\L.A.Noire
2014-06-18 14:13 - 2013-12-13 22:20 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-06-16 15:00 - 2012-06-03 03:48 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-16 15:00 - 2012-06-03 03:48 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Spike\AppData\Local\Temp\5998nua.exe
C:\Users\Spike\AppData\Local\Temp\AcDeltree.exe
C:\Users\Spike\AppData\Local\Temp\dreamsceneseveninstall.exe
C:\Users\Spike\AppData\Local\Temp\drm_dyndata_7350007.dll
C:\Users\Spike\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Spike\AppData\Local\Temp\MotoCast_Installer_2.0304.exe
C:\Users\Spike\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Spike\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Spike\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Spike\AppData\Local\Temp\tmp199B.exe
C:\Users\Spike\AppData\Local\Temp\tmp520B.exe
C:\Users\Spike\AppData\Local\Temp\tmp8567.exe
C:\Users\Spike\AppData\Local\Temp\tmpDDFD.exe
C:\Users\Spike\AppData\Local\Temp\tmpDF59.exe
C:\Users\Spike\AppData\Local\Temp\tmpF60B.exe
C:\Users\Spike\AppData\Local\Temp\ubiE8F.tmp.exe
C:\Users\Spike\AppData\Local\Temp\Uninstall.exe
C:\Users\Spike\AppData\Local\Temp\utt1E0D.tmp.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-06-06 00:27:00
Restore point made on: 2014-06-09 22:45:18
Restore point made on: 2014-06-13 12:43:36
Restore point made on: 2014-06-16 23:50:21
Restore point made on: 2014-06-20 08:27:40
Restore point made on: 2014-06-23 10:11:37
Restore point made on: 2014-06-26 11:45:06
Restore point made on: 2014-06-29 18:18:35
Restore point made on: 2014-06-29 22:02:06
Restore point made on: 2014-07-03 02:00:16
Restore point made on: 2014-07-06 19:02:03

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8094.36 MB
Available physical RAM: 7196.59 MB
Total Pagefile: 8092.55 MB
Available Pagefile: 7181.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:714.12 GB) (Free:390.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (LENOVO) (Fixed) (Total:24.41 GB) (Free:20.62 GB) NTFS
Drive g: () (Removable) (Total:1.84 GB) (Free:1.84 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 758 GB) (Disk ID: B61A8184)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=714 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 GB) - (Type=12)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-06-29 18:19

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 12 July 2014 - 06:33 PM

:welcome:
 
Download the enclosed file. 
 
Save it in the same location FRST64 is saved.
 
Run FRST64, except that this time around click on the Fix button.
 
The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
 
Attempt to start the computer in Normal Mode. If successful, follow these steps:
 

Please download ComboFix from Here to your Desktop.
 
**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
 

-----------------------------------------------------------

  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     

    -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
     
  • **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 spikespikespike

spikespikespike
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 12 July 2014 - 07:07 PM

So I ran it the first time and I got a fixlog that said it moved a lot of the stuff and deleted some other things. I rebooted but the problem is still the same and I cannot get any further. I tried to run FRST64 again and this is the fixlog I got back. It's clear what was moved/deleted but I still cannot access my desktop to download Combofix or complete any of the other steps.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
Ran by SYSTEM at 2014-07-12 16:59:12 Run:3
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
HKU\Spike\...\Policies\system: [Shell] %windir%\lock.exe
HKU\Spike\...\Policies\Explorer: []
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-02-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-22] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File
ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} =>  No File
AlternateShell: lockcmd.exe
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
C:\Users\Spike\AppData\Local\Temp\5998nua.exe
C:\Users\Spike\AppData\Local\Temp\AcDeltree.exe
C:\Users\Spike\AppData\Local\Temp\dreamsceneseveninstall.exe
C:\Users\Spike\AppData\Local\Temp\drm_dyndata_7350007.dll
C:\Users\Spike\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Spike\AppData\Local\Temp\MotoCast_Installer_2.0304.exe
C:\Users\Spike\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Spike\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Spike\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Spike\AppData\Local\Temp\tmp199B.exe
C:\Users\Spike\AppData\Local\Temp\tmp520B.exe
C:\Users\Spike\AppData\Local\Temp\tmp8567.exe
C:\Users\Spike\AppData\Local\Temp\tmpDDFD.exe
C:\Users\Spike\AppData\Local\Temp\tmpDF59.exe
C:\Users\Spike\AppData\Local\Temp\tmpF60B.exe
C:\Users\Spike\AppData\Local\Temp\ubiE8F.tmp.exe
C:\Users\Spike\AppData\Local\Temp\Uninstall.exe
C:\Users\Spike\AppData\Local\Temp\utt1E0D.tmp.exe
End










*****************

HKU\Spike\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell => Value not found.
HKU\Spike\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value not found.
"C:\Windows\system32\nvinitx.dll" => Value Data not found.
"C:\Windows\SysWOW64\nvinit.dll" => Value Data not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1'=> Key not found.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2'=> Key not found.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3'=> Key not found.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4'=> Key not found.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell'=> Key not found.
'HKLM\Software\Wow6432Node\Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate'=> Key not found.
'HKLM\Software\Wow6432Node\Classes\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}'=> Key not found.
hklm\System\ControlSet001\Control\SafeBoot\\AlternateShell => Value was restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value not found.
"C:\Users\Spike\AppData\Local\Temp\5998nua.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\AcDeltree.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\dreamsceneseveninstall.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\drm_dyndata_7350007.dll" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\fp_pl_pfs_installer.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\MotoCast_Installer_2.0304.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\SearchProtectionSetup.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\SpotifyUninstall.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\tmp199B.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\tmp520B.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\tmp8567.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\tmpDDFD.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\tmpDF59.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\tmpF60B.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\ubiE8F.tmp.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\Uninstall.exe" => File/Directory not found.
"C:\Users\Spike\AppData\Local\Temp\utt1E0D.tmp.exe" => File/Directory not found.

==== End of Fixlog ====



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 12 July 2014 - 07:24 PM

Re-scan with FRST and post its report.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 spikespikespike

spikespikespike
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 12 July 2014 - 10:13 PM

Rescan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by SYSTEM on MININT-B1RCG0V on 12-07-2014 20:11:29
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-15] (Synaptics)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] ()
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-06-03] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-06-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2012-06-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-11] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-03] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Spike\...\Run: [Google Update] => C:\Users\Spike\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-20] (Google Inc.)
HKU\Spike\...\Run: [F.lux] => C:\Users\Spike\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\Spike\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17879216 2012-11-09] (Skype Technologies S.A.)
HKU\Spike\...\Run: [SearchProtection] => C:\Users\Spike\AppData\Roaming\Search Protection\SearchProtection.EXE [846696 2014-05-21] (Spigot, Inc.)
HKU\Spike\...\Run: [uTorrent] => C:\Users\Spike\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.)
HKU\Spike\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\Spike\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-14] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-12 01:38 - 2014-07-12 20:11 - 00000000 ____D () C:\FRST
2014-07-03 15:09 - 2014-07-03 20:30 - 00000000 ____D () C:\Users\Spike\Desktop\Castles
2014-06-29 22:01 - 2014-06-29 22:01 - 35648512 _____ () C:\Users\Spike\Downloads\PhysX-9.12.0613-SystemSoftware.msi
2014-06-29 19:48 - 2014-06-29 19:48 - 00000000 ____D () C:\ProgramData\Steam
2014-06-29 19:33 - 2014-06-29 19:33 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Hive Cluster
2014-06-24 16:38 - 2014-07-04 14:22 - 00000000 ____D () C:\Users\Spike\Desktop\Grad School
2014-06-23 15:35 - 2014-06-26 14:20 - 00000000 ____D () C:\Users\Spike\Desktop\Emily's Room
2014-06-22 17:00 - 2014-06-22 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-21 12:37 - 2014-06-21 12:37 - 00000000 ____D () C:\ProgramData\RELOADED
2014-06-18 15:04 - 2014-06-18 15:04 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\L.A.Noire

==================== One Month Modified Files and Folders =======

2014-07-12 20:11 - 2014-07-12 01:38 - 00000000 ____D () C:\FRST
2014-07-12 03:22 - 2012-09-13 09:10 - 00000000 ____D () C:\users\Spike
2014-07-07 14:12 - 2012-09-14 08:39 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\uTorrent
2014-07-07 14:10 - 2012-12-06 14:11 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-07-07 14:10 - 2012-10-15 15:11 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001UA.job
2014-07-07 14:05 - 2012-06-03 03:48 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-07 13:30 - 2013-01-25 14:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 12:15 - 2012-06-03 03:21 - 01421746 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 12:10 - 2012-09-13 09:10 - 02743625 _____ () C:\FaceProv.log
2014-07-07 12:10 - 2012-06-03 03:47 - 00000000 ____D () C:\ProgramData\VeriFace
2014-07-06 15:10 - 2012-10-15 15:11 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001Core.job
2014-07-06 15:05 - 2012-06-03 03:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 14:22 - 2014-06-24 16:38 - 00000000 ____D () C:\Users\Spike\Desktop\Grad School
2014-07-03 20:30 - 2014-07-03 15:09 - 00000000 ____D () C:\Users\Spike\Desktop\Castles
2014-07-03 02:25 - 2012-09-13 09:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-01 18:07 - 2014-05-06 12:32 - 00000000 ____D () C:\Users\Spike\Desktop\Art projects
2014-07-01 01:14 - 2009-07-13 20:51 - 00090304 _____ () C:\Windows\setupact.log
2014-06-29 22:02 - 2012-06-03 03:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-29 22:01 - 2014-06-29 22:01 - 35648512 _____ () C:\Users\Spike\Downloads\PhysX-9.12.0613-SystemSoftware.msi
2014-06-29 19:48 - 2014-06-29 19:48 - 00000000 ____D () C:\ProgramData\Steam
2014-06-29 19:48 - 2013-12-13 22:35 - 00000000 ____D () C:\Users\Spike\Documents\My Games
2014-06-29 19:33 - 2014-06-29 19:33 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Hive Cluster
2014-06-27 02:30 - 2012-09-13 15:20 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\vlc
2014-06-26 14:20 - 2014-06-23 15:35 - 00000000 ____D () C:\Users\Spike\Desktop\Emily's Room
2014-06-25 13:59 - 2012-09-13 09:31 - 00000000 ____D () C:\Users\Spike\Documents\Youcam
2014-06-24 14:29 - 2014-03-17 16:46 - 00000000 ____D () C:\Users\Spike\Desktop\Recent tabs
2014-06-23 15:46 - 2012-10-11 20:49 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Audacity
2014-06-22 17:00 - 2014-06-22 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 15:05 - 2012-10-15 15:11 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001UA
2014-06-22 15:05 - 2012-10-15 15:11 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001Core
2014-06-21 12:37 - 2014-06-21 12:37 - 00000000 ____D () C:\ProgramData\RELOADED
2014-06-18 15:04 - 2014-06-18 15:04 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\L.A.Noire
2014-06-18 14:13 - 2013-12-13 22:20 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-06-16 15:00 - 2012-06-03 03:48 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-16 15:00 - 2012-06-03 03:48 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-06-06 00:27:00
Restore point made on: 2014-06-09 22:45:18
Restore point made on: 2014-06-13 12:43:36
Restore point made on: 2014-06-16 23:50:21
Restore point made on: 2014-06-20 08:27:40
Restore point made on: 2014-06-23 10:11:37
Restore point made on: 2014-06-26 11:45:06
Restore point made on: 2014-06-29 18:18:35
Restore point made on: 2014-06-29 22:02:06
Restore point made on: 2014-07-03 02:00:16
Restore point made on: 2014-07-06 19:02:03

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8094.36 MB
Available physical RAM: 7182.05 MB
Total Pagefile: 8092.55 MB
Available Pagefile: 7170.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:714.12 GB) (Free:390.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (LENOVO) (Fixed) (Total:24.41 GB) (Free:20.62 GB) NTFS
Drive g: () (Removable) (Total:1.84 GB) (Free:1.84 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 758 GB) (Disk ID: B61A8184)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=714 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 GB) - (Type=12)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-06-29 18:19

==================== End Of Log ============================



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 13 July 2014 - 09:36 AM

I want to take a look at the Master Boot record and partition table.

 

Download the enclosed file. 
 
Save it in the same location FRST64 is saved.
 
Run FRST64, except that this time around click on the Fix button.
 

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.
 

 
Attempt to start the computer in Normal Mode as I included secondary commands and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 spikespikespike

spikespikespike
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 13 July 2014 - 06:13 PM

Tried running normally after following instructions. Still no luck.

 

Fixlog Results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
Ran by SYSTEM at 2014-07-13 16:06:00 Run:4
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
SaveMBR: Drive=0
nointegritychecks on:
testsigning on:
End
*****************

MBRDUMP.txt is made successfully.

The operation completed successfully.

The operation completed successfully.

==== End of Fixlog ====

 

Attached File  MBRDUMP.txt   512bytes   6 downloads



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 13 July 2014 - 08:38 PM

The MBR is clear. Lets attempt to restore the Registry from the backup.

 

Download the enclosed file. 
 
Save it in the same location FRST64 is saved.
 
Run FRST64, except that this time around click on the Fix button.

 

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
 
If successful, attempt to start in Normal Mode.
 

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 spikespikespike

spikespikespike
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 13 July 2014 - 08:46 PM

It works! Should I go ahead with the combofix steps posted above?

 

Fixlog Results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
Ran by SYSTEM at 2014-07-13 18:44:24 Run:6
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
LastRegBack: 2014-06-29 18:19
End
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 13 July 2014 - 09:15 PM

It works! Should I go ahead with the combofix steps posted above?

 
Please do. Also follow these steps:
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 spikespikespike

spikespikespike
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 13 July 2014 - 09:27 PM

Well I may have spoken too soon. Apparently I am running in Test Mode Build 7601. I don't have any wifi connections available and I am getting some error messages. I am not a very smart man so I don't know exactly how necessary any of these functions are but have a vague understanding of what programs they are related to.

 

Please install the correct audio driver before using Onekey Theater

The program or feature "\??\C:\programfiles\synaptics\syntp\syntpenh.exe" cannot start or run due to incompatability with 64-bit versions of Windows. Please contact software vendor...

C:\Windows\system32\syntrapi.dll is either not designed to run on Windows or it contains an error. Try installing the program again or using the original installation media or contact your system admin...

The program or feature "\??\C:\programfiles\realtek\audio\hda\ravcpl64.exe" cannot start or run due to incompatability with 64-bit versions of Windows. Please

contact software vendor...

The program or feature "\??\C:\programfiles\realtek\audio\hda\ravbg64.exe" cannot start or run due to incompatability with 64-bit versions of Windows. Please contact software vendor...

C:\Windows\system32\mfc100u.dll is either not designed to run on Windows or it contains an error. Try installing...

 

Aside from that, I will go ahead with transferring Combofix to the other machine and run it from that desktop.



#12 spikespikespike

spikespikespike
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 13 July 2014 - 10:07 PM

Attached File  Addition.txt   41.9KB   4 downloadsAttached File  ComboFixLog.txt   22.3KB   4 downloadsAttached File  Shortcut.txt   45.59KB   0 downloads



FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Spike (administrator) on SPIKE-PC on 13-07-2014 20:01:08
Running from C:\Users\Spike\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-15] ()
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-15] (Synaptics)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] ()
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-06-03] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-06-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2012-06-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-11] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-03] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1656840161-663553595-2279957829-1001\...\Run: [SearchProtection] => C:\Users\Spike\AppData\Roaming\Search Protection\SearchProtection.EXE [846696 2014-05-21] (Spigot, Inc.)
HKU\S-1-5-21-1656840161-663553595-2279957829-1001\...\Run: [uTorrent] => C:\Users\Spike\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-1656840161-663553595-2279957829-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-02-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-22] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {64BC7895-5094-4A24-A895-6F34F5A79B34} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {64BC7895-5094-4A24-A895-6F34F5A79B34} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] ()
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default
FF Homepage: google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Spike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Spike\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Spike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Spike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Spike\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Spike\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\searchplugins\duckduckgo-1.xml
FF SearchPlugin: C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\searchplugins\duckduckgo.xml
FF Extension: Reddit Enhancement Suite - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-09-18]
FF Extension: TinEye Reverse Image Search - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\tineye@ideeinc.com.xpi [2012-09-24]
FF Extension: WikiLook - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\wikilook@testpilot.xpi [2013-01-29]
FF Extension: NoScript - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-03]
FF Extension: LeechBlock - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-05-23]
FF Extension: Adblock Plus - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-13]

Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Spike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-16]
CHR Extension: (Google Wallet) - C:\Users\Spike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]

==================== Services (Whitelisted) =================

S2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [659968 2011-12-05] () [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [148752 2011-12-08] () [File not signed]
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [543424 2014-05-29] (Valve Corporation) [File not signed]
S4 wlcrasvc; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] () [File not signed]
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] () [File not signed]
S2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] () [File not signed]
S3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-13] () [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2011-10-10] () [File not signed]
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2011-10-10] () [File not signed]
S3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [211496 2012-02-01] () [File not signed]
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
S3 fssfltr; C:\Windows\System32\DRIVERS\fssfltr.sys [48488 2010-09-23] () [File not signed]
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R1 hybridcfile; C:\Windows\System32\DRIVERS\HybridCFileX64.sys [13920 2010-03-02] (Lenovo.)
R0 HybridDisk; C:\Windows\System32\DRIVERS\HybridDiskX64.sys [38496 2010-03-02] (Lenovo.)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [4730344 2012-01-03] () [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [11417088 2011-12-01] () [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.) [File not signed]
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-26] () [File not signed]
U3 BcmSqlStartupSvc;
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-13 20:01 - 2014-07-13 20:01 - 00022720 _____ () C:\Users\Spike\Desktop\FRST.txt
2014-07-13 19:56 - 2014-07-13 19:56 - 00022839 _____ () C:\ComboFix.txt
2014-07-13 19:48 - 2014-07-13 19:56 - 00000000 ____D () C:\Qoobox
2014-07-13 19:48 - 2014-07-13 19:55 - 00000000 ____D () C:\Windows\erdnt
2014-07-13 19:48 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-13 19:48 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-13 19:48 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-13 19:48 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-13 19:48 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-13 19:48 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-13 19:48 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-13 19:48 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-13 19:44 - 2014-07-13 19:44 - 00000000 ____D () C:\Windows\system32\config\HiveBackup
2014-07-13 19:39 - 2014-07-13 19:39 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Malwarebytes
2014-07-13 19:29 - 2014-07-13 19:26 - 05220073 ____R (Swearware) C:\Users\Spike\Desktop\ComboFix.exe
2014-07-13 19:29 - 2014-07-12 02:11 - 02084864 _____ (Farbar) C:\Users\Spike\Desktop\FRST64.exe
2014-07-13 19:24 - 2014-07-13 19:24 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2014-07-13 19:24 - 2014-07-13 19:24 - 00000000 ____D () C:\Users\TEMP
2014-07-13 19:24 - 2012-10-09 09:58 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-07-13 19:24 - 2012-06-03 04:48 - 00002115 _____ () C:\Users\TEMP\Desktop\OneKey Recovery.lnk
2014-07-13 19:24 - 2012-06-03 04:48 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-07-13 19:24 - 2012-06-03 04:47 - 00001151 _____ () C:\Users\TEMP\Desktop\Cyberlink Power2Go.lnk
2014-07-13 19:24 - 2010-12-18 22:31 - 00000189 _____ () C:\Users\TEMP\Desktop\Lenovo Telephony Start Now.url
2014-07-13 19:24 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-13 19:24 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-12 02:38 - 2014-07-13 20:01 - 00000000 ____D () C:\FRST
2014-07-03 16:09 - 2014-07-03 21:30 - 00000000 ____D () C:\Users\Spike\Desktop\Castles
2014-06-29 23:01 - 2014-06-29 23:01 - 35648512 _____ () C:\Users\Spike\Downloads\PhysX-9.12.0613-SystemSoftware.msi
2014-06-29 20:48 - 2014-06-29 20:48 - 00000000 ____D () C:\ProgramData\Steam
2014-06-29 20:33 - 2014-06-29 20:33 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Hive Cluster
2014-06-29 20:32 - 2014-07-13 19:40 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antichamber
2014-06-24 17:38 - 2014-07-04 15:22 - 00000000 ____D () C:\Users\Spike\Desktop\Grad School
2014-06-23 16:35 - 2014-06-26 15:20 - 00000000 ____D () C:\Users\Spike\Desktop\Emily's Room
2014-06-22 18:00 - 2014-06-22 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-21 13:37 - 2014-07-13 19:16 - 00000000 ____D () C:\ProgramData\RELOADED

==================== One Month Modified Files and Folders =======

2014-07-13 20:01 - 2014-07-13 20:01 - 00022720 _____ () C:\Users\Spike\Desktop\FRST.txt
2014-07-13 20:01 - 2014-07-12 02:38 - 00000000 ____D () C:\FRST
2014-07-13 19:56 - 2014-07-13 19:56 - 00022839 _____ () C:\ComboFix.txt
2014-07-13 19:56 - 2014-07-13 19:48 - 00000000 ____D () C:\Qoobox
2014-07-13 19:56 - 2009-07-13 20:20 - 00000000 ___HD () C:\Users\Default
2014-07-13 19:55 - 2014-07-13 19:48 - 00000000 ____D () C:\Windows\erdnt
2014-07-13 19:55 - 2012-06-03 04:21 - 01694981 _____ () C:\Windows\WindowsUpdate.log
2014-07-13 19:54 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-13 19:44 - 2014-07-13 19:44 - 00000000 ____D () C:\Windows\system32\config\HiveBackup
2014-07-13 19:44 - 2012-09-14 09:39 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\uTorrent
2014-07-13 19:40 - 2014-06-29 20:32 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antichamber
2014-07-13 19:39 - 2014-07-13 19:39 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Malwarebytes
2014-07-13 19:31 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-13 19:31 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-13 19:30 - 2013-01-25 15:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-13 19:30 - 2009-07-13 22:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-13 19:26 - 2014-07-13 19:29 - 05220073 ____R (Swearware) C:\Users\Spike\Desktop\ComboFix.exe
2014-07-13 19:25 - 2013-02-05 17:26 - 00000000 ____D () C:\Temp
2014-07-13 19:25 - 2012-06-03 04:47 - 00000000 ____D () C:\ProgramData\VeriFace
2014-07-13 19:24 - 2014-07-13 19:24 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2014-07-13 19:24 - 2014-07-13 19:24 - 00000000 ____D () C:\Users\TEMP
2014-07-13 19:23 - 2012-09-13 10:10 - 02756765 _____ () C:\FaceProv.log
2014-07-13 19:23 - 2012-06-03 04:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 19:23 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 19:23 - 2009-07-13 21:51 - 00090584 _____ () C:\Windows\setupact.log
2014-07-13 19:16 - 2014-06-21 13:37 - 00000000 ____D () C:\ProgramData\RELOADED
2014-07-13 19:16 - 2013-12-13 23:20 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-07-13 19:12 - 2013-10-16 19:58 - 00000000 ____D () C:\Users\Spike\AppData\Local\FluxSoftware
2014-07-13 19:12 - 2012-09-13 11:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-13 19:12 - 2012-09-13 11:05 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Skype
2014-07-13 19:12 - 2012-09-13 11:05 - 00000000 ____D () C:\ProgramData\Skype
2014-07-13 19:10 - 2012-10-15 16:11 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001UA.job
2014-07-13 19:05 - 2012-06-03 04:48 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 18:53 - 2013-08-07 19:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 18:52 - 2012-09-18 18:43 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-13 18:52 - 2012-09-15 13:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 18:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-12 04:22 - 2012-09-13 10:10 - 00000000 ____D () C:\Users\Spike
2014-07-12 02:11 - 2014-07-13 19:29 - 02084864 _____ (Farbar) C:\Users\Spike\Desktop\FRST64.exe
2014-07-07 15:10 - 2012-12-06 15:11 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-07-06 16:10 - 2012-10-15 16:11 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001Core.job
2014-07-04 15:22 - 2014-06-24 17:38 - 00000000 ____D () C:\Users\Spike\Desktop\Grad School
2014-07-03 21:30 - 2014-07-03 16:09 - 00000000 ____D () C:\Users\Spike\Desktop\Castles
2014-07-03 03:25 - 2012-09-13 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-01 19:07 - 2014-05-06 13:32 - 00000000 ____D () C:\Users\Spike\Desktop\Art projects
2014-06-29 23:02 - 2012-06-03 04:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-29 23:01 - 2014-06-29 23:01 - 35648512 _____ () C:\Users\Spike\Downloads\PhysX-9.12.0613-SystemSoftware.msi
2014-06-29 20:48 - 2014-06-29 20:48 - 00000000 ____D () C:\ProgramData\Steam
2014-06-29 20:48 - 2013-12-13 23:35 - 00000000 ____D () C:\Users\Spike\Documents\My Games
2014-06-29 20:33 - 2014-06-29 20:33 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Hive Cluster
2014-06-27 03:30 - 2012-09-13 16:20 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\vlc
2014-06-26 15:20 - 2014-06-23 16:35 - 00000000 ____D () C:\Users\Spike\Desktop\Emily's Room
2014-06-25 14:59 - 2012-09-13 10:31 - 00000000 ____D () C:\Users\Spike\Documents\Youcam
2014-06-24 15:29 - 2014-03-17 17:46 - 00000000 ____D () C:\Users\Spike\Desktop\Recent tabs
2014-06-23 16:46 - 2012-10-11 21:49 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Audacity
2014-06-22 18:00 - 2014-06-22 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 16:05 - 2012-10-15 16:11 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001UA
2014-06-22 16:05 - 2012-10-15 16:11 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001Core
2014-06-16 16:00 - 2012-06-03 04:48 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-16 16:00 - 2012-06-03 04:48 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2014-06-29 19:19

==================== End Of Log ============================

 



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 14 July 2014 - 09:28 AM

Are you attempting to connect wireless or throughout a cable? The wireless adapter seems to be having issues. Downloading the drivers for Audio and Wireless Adapter from the Manufacturer may provide some help.

 

Open an administrator command prompt. (Start, type CMD and press CTRL+SHIFT+ENTER)

 

At the prompt type the following and press Enter:

 

CHKDSK /R

 

Schedule a CHKDSK on your next boot.

 

Download and install Windows Repair: 
 
When Windows Repair opens, click the Start Repairs tab. Click Start. Unselect all the boxes except for the following:
 
- Reset Registry Permissions
- Reset File Permissions
- Repair WMI
- Repair Windows Firewall 
- Repair Windows Updates
 
Re-scan with FRST and post its report. This time around put a checkmark on List BCD.

Edited by JSntgRvr, 14 July 2014 - 09:46 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 spikespikespike

spikespikespike
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 AM

Posted 14 July 2014 - 02:22 PM

Yeah attempting through wireless but not even detecting any networks.Ran chkdsk and Windows Repair as you insructed wih no results. Messages still popping up and no connections found.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Spike (administrator) on SPIKE-PC on 14-07-2014 12:16:03
Running from C:\Users\Spike\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files\Lenovo\Nsd\startup.exe
(Lenovo) C:\Program Files\Lenovo\Nsd\startupSupport.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spigot, Inc.) C:\Users\Spike\AppData\Roaming\Search Protection\SearchProtection.exe
(BitTorrent Inc.) C:\Users\Spike\AppData\Roaming\uTorrent\uTorrent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-15] ()
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-15] (Synaptics)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] ()
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-06-03] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-06-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2012-06-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-11] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-03] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1656840161-663553595-2279957829-1001\...\Run: [SearchProtection] => C:\Users\Spike\AppData\Roaming\Search Protection\SearchProtection.EXE [846696 2014-05-21] (Spigot, Inc.)
HKU\S-1-5-21-1656840161-663553595-2279957829-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-02-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-22] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {64BC7895-5094-4A24-A895-6F34F5A79B34} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {64BC7895-5094-4A24-A895-6F34F5A79B34} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] ()
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default
FF Homepage: google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Spike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Spike\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Spike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Spike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Spike\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Spike\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\searchplugins\duckduckgo-1.xml
FF SearchPlugin: C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\searchplugins\duckduckgo.xml
FF Extension: Reddit Enhancement Suite - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2012-09-18]
FF Extension: TinEye Reverse Image Search - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\tineye@ideeinc.com.xpi [2012-09-24]
FF Extension: WikiLook - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\wikilook@testpilot.xpi [2013-01-29]
FF Extension: NoScript - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-03]
FF Extension: LeechBlock - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-05-23]
FF Extension: Adblock Plus - C:\Users\Spike\AppData\Roaming\Mozilla\Firefox\Profiles\8drr5kn4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-13]

Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Spike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-16]
CHR Extension: (Google Wallet) - C:\Users\Spike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]

==================== Services (Whitelisted) =================

S2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [659968 2011-12-05] () [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [148752 2011-12-08] () [File not signed]
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [543424 2014-05-29] (Valve Corporation) [File not signed]
S4 wlcrasvc; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] () [File not signed]
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] () [File not signed]
S2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] () [File not signed]
S3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-13] () [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2011-10-10] () [File not signed]
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2011-10-10] () [File not signed]
S3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [211496 2012-02-01] () [File not signed]
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [125304 2012-09-10] (Focusrite Audio Engineering Limited.)
S3 fssfltr; C:\Windows\System32\DRIVERS\fssfltr.sys [48488 2010-09-23] () [File not signed]
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R1 hybridcfile; C:\Windows\System32\DRIVERS\HybridCFileX64.sys [13920 2010-03-02] (Lenovo.)
R0 HybridDisk; C:\Windows\System32\DRIVERS\HybridDiskX64.sys [38496 2010-03-02] (Lenovo.)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [4730344 2012-01-03] () [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [11417088 2011-12-01] () [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.) [File not signed]
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-26] () [File not signed]
U3 BcmSqlStartupSvc;
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-14 12:16 - 2014-07-14 12:16 - 00023107 _____ () C:\Users\Spike\Desktop\FRST.txt
2014-07-14 12:11 - 2014-07-14 12:11 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2014-07-14 12:11 - 2014-07-14 12:11 - 00000000 ____D () C:\Users\TEMP
2014-07-14 12:11 - 2012-10-09 09:58 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-07-14 12:11 - 2012-06-03 04:48 - 00002115 _____ () C:\Users\TEMP\Desktop\OneKey Recovery.lnk
2014-07-14 12:11 - 2012-06-03 04:48 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-07-14 12:11 - 2012-06-03 04:47 - 00001151 _____ () C:\Users\TEMP\Desktop\Cyberlink Power2Go.lnk
2014-07-14 12:11 - 2010-12-18 22:31 - 00000189 _____ () C:\Users\TEMP\Desktop\Lenovo Telephony Start Now.url
2014-07-14 12:11 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-14 12:11 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-14 11:51 - 2014-07-14 11:51 - 00000000 ____D () C:\Users\Spike\Desktop\Tweaking.com - Windows Repair
2014-07-14 11:51 - 2014-07-14 11:43 - 08099017 _____ () C:\Users\Spike\Desktop\tweaking.com_windows_repair_aio.zip
2014-07-13 19:56 - 2014-07-13 19:56 - 00022839 _____ () C:\ComboFix.txt
2014-07-13 19:48 - 2014-07-13 19:56 - 00000000 ____D () C:\Qoobox
2014-07-13 19:48 - 2014-07-13 19:55 - 00000000 ____D () C:\Windows\erdnt
2014-07-13 19:48 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-13 19:48 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-13 19:48 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-13 19:48 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-13 19:48 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-13 19:48 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-13 19:48 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-13 19:48 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-13 19:44 - 2014-07-13 19:44 - 00000000 ____D () C:\Windows\system32\config\HiveBackup
2014-07-13 19:39 - 2014-07-13 19:39 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Malwarebytes
2014-07-13 19:29 - 2014-07-13 19:26 - 05220073 ____R (Swearware) C:\Users\Spike\Desktop\ComboFix.exe
2014-07-13 19:29 - 2014-07-12 02:11 - 02084864 _____ (Farbar) C:\Users\Spike\Desktop\FRST64.exe
2014-07-12 02:38 - 2014-07-14 12:16 - 00000000 ____D () C:\FRST
2014-07-03 16:09 - 2014-07-03 21:30 - 00000000 ____D () C:\Users\Spike\Desktop\Castles
2014-06-29 23:01 - 2014-06-29 23:01 - 35648512 _____ () C:\Users\Spike\Downloads\PhysX-9.12.0613-SystemSoftware.msi
2014-06-29 20:48 - 2014-06-29 20:48 - 00000000 ____D () C:\ProgramData\Steam
2014-06-29 20:33 - 2014-06-29 20:33 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Hive Cluster
2014-06-29 20:32 - 2014-07-13 19:40 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antichamber
2014-06-24 17:38 - 2014-07-04 15:22 - 00000000 ____D () C:\Users\Spike\Desktop\Grad School
2014-06-23 16:35 - 2014-06-26 15:20 - 00000000 ____D () C:\Users\Spike\Desktop\Emily's Room
2014-06-22 18:00 - 2014-06-22 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-21 13:37 - 2014-07-13 19:16 - 00000000 ____D () C:\ProgramData\RELOADED

==================== One Month Modified Files and Folders =======

2014-07-14 12:16 - 2014-07-14 12:16 - 00023107 _____ () C:\Users\Spike\Desktop\FRST.txt
2014-07-14 12:16 - 2014-07-12 02:38 - 00000000 ____D () C:\FRST
2014-07-14 12:15 - 2012-09-14 09:39 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\uTorrent
2014-07-14 12:15 - 2009-07-13 22:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-14 12:14 - 2012-09-13 10:11 - 00098376 _____ () C:\Users\Spike\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-14 12:13 - 2012-06-03 04:47 - 00000000 ____D () C:\ProgramData\VeriFace
2014-07-14 12:12 - 2012-06-03 04:21 - 01839790 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 12:11 - 2014-07-14 12:11 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2014-07-14 12:11 - 2014-07-14 12:11 - 00000000 ____D () C:\Users\TEMP
2014-07-14 12:11 - 2013-02-05 17:26 - 00000000 ____D () C:\Temp
2014-07-14 12:10 - 2012-09-13 10:10 - 02769055 _____ () C:\FaceProv.log
2014-07-14 12:10 - 2012-06-03 04:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 12:10 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-14 12:10 - 2009-07-13 21:51 - 00090808 _____ () C:\Windows\setupact.log
2014-07-14 12:10 - 2009-07-13 21:45 - 00402080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 12:09 - 2010-11-20 20:47 - 00016342 _____ () C:\Windows\PFRO.log
2014-07-14 12:06 - 2012-06-03 04:28 - 00778834 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-14 12:05 - 2012-06-03 04:48 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 11:54 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 11:54 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 11:51 - 2014-07-14 11:51 - 00000000 ____D () C:\Users\Spike\Desktop\Tweaking.com - Windows Repair
2014-07-14 11:43 - 2014-07-14 11:51 - 08099017 _____ () C:\Users\Spike\Desktop\tweaking.com_windows_repair_aio.zip
2014-07-13 21:11 - 2012-10-15 16:11 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001UA.job
2014-07-13 21:11 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-13 20:30 - 2013-01-25 15:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-13 19:56 - 2014-07-13 19:56 - 00022839 _____ () C:\ComboFix.txt
2014-07-13 19:56 - 2014-07-13 19:48 - 00000000 ____D () C:\Qoobox
2014-07-13 19:56 - 2009-07-13 20:20 - 00000000 ___HD () C:\Users\Default
2014-07-13 19:55 - 2014-07-13 19:48 - 00000000 ____D () C:\Windows\erdnt
2014-07-13 19:54 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-13 19:44 - 2014-07-13 19:44 - 00000000 ____D () C:\Windows\system32\config\HiveBackup
2014-07-13 19:40 - 2014-06-29 20:32 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antichamber
2014-07-13 19:39 - 2014-07-13 19:39 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Malwarebytes
2014-07-13 19:26 - 2014-07-13 19:29 - 05220073 ____R (Swearware) C:\Users\Spike\Desktop\ComboFix.exe
2014-07-13 19:16 - 2014-06-21 13:37 - 00000000 ____D () C:\ProgramData\RELOADED
2014-07-13 19:16 - 2013-12-13 23:20 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-07-13 19:12 - 2013-10-16 19:58 - 00000000 ____D () C:\Users\Spike\AppData\Local\FluxSoftware
2014-07-13 19:12 - 2012-09-13 11:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-13 19:12 - 2012-09-13 11:05 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Skype
2014-07-13 19:12 - 2012-09-13 11:05 - 00000000 ____D () C:\ProgramData\Skype
2014-07-13 18:53 - 2013-08-07 19:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 18:52 - 2012-09-18 18:43 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-13 18:52 - 2012-09-15 13:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 04:22 - 2012-09-13 10:10 - 00000000 ____D () C:\Users\Spike
2014-07-12 02:11 - 2014-07-13 19:29 - 02084864 _____ (Farbar) C:\Users\Spike\Desktop\FRST64.exe
2014-07-07 15:10 - 2012-12-06 15:11 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-07-06 16:10 - 2012-10-15 16:11 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001Core.job
2014-07-04 15:22 - 2014-06-24 17:38 - 00000000 ____D () C:\Users\Spike\Desktop\Grad School
2014-07-03 21:30 - 2014-07-03 16:09 - 00000000 ____D () C:\Users\Spike\Desktop\Castles
2014-07-03 03:25 - 2012-09-13 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-01 19:07 - 2014-05-06 13:32 - 00000000 ____D () C:\Users\Spike\Desktop\Art projects
2014-06-29 23:02 - 2012-06-03 04:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-29 23:01 - 2014-06-29 23:01 - 35648512 _____ () C:\Users\Spike\Downloads\PhysX-9.12.0613-SystemSoftware.msi
2014-06-29 20:48 - 2014-06-29 20:48 - 00000000 ____D () C:\ProgramData\Steam
2014-06-29 20:48 - 2013-12-13 23:35 - 00000000 ____D () C:\Users\Spike\Documents\My Games
2014-06-29 20:33 - 2014-06-29 20:33 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Hive Cluster
2014-06-27 03:30 - 2012-09-13 16:20 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\vlc
2014-06-26 15:20 - 2014-06-23 16:35 - 00000000 ____D () C:\Users\Spike\Desktop\Emily's Room
2014-06-25 14:59 - 2012-09-13 10:31 - 00000000 ____D () C:\Users\Spike\Documents\Youcam
2014-06-24 15:29 - 2014-03-17 17:46 - 00000000 ____D () C:\Users\Spike\Desktop\Recent tabs
2014-06-23 16:46 - 2012-10-11 21:49 - 00000000 ____D () C:\Users\Spike\AppData\Roaming\Audacity
2014-06-22 18:00 - 2014-06-22 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 16:05 - 2012-10-15 16:11 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001UA
2014-06-22 16:05 - 2012-10-15 16:11 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1656840161-663553595-2279957829-1001Core
2014-06-16 16:00 - 2012-06-03 04:48 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-16 16:00 - 2012-06-03 04:48 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {b9602997-ace4-11e1-9828-dc0ea1f05905}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {ea664e2c-fdc5-11e1-9488-08edb9d6da5e}
recoveryenabled         Yes
nointegritychecks       Yes
testsigning             Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {b9602997-ace4-11e1-9828-dc0ea1f05905}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {ea664e2c-fdc5-11e1-9488-08edb9d6da5e}
device                  ramdisk=[C:]\Recovery\ea664e2c-fdc5-11e1-9488-08edb9d6da5e\Winre.wim,{ea664e2d-fdc5-11e1-9488-08edb9d6da5e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\ea664e2c-fdc5-11e1-9488-08edb9d6da5e\Winre.wim,{ea664e2d-fdc5-11e1-9488-08edb9d6da5e}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {b9602997-ace4-11e1-9828-dc0ea1f05905}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi

Device options
--------------
identifier              {ea664e2d-fdc5-11e1-9488-08edb9d6da5e}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\ea664e2c-fdc5-11e1-9488-08edb9d6da5e\boot.sdi



LastRegBack: 2014-07-13 20:41

==================== End Of Log ============================



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,929 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 14 July 2014 - 07:25 PM

Is this a known brand computer?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users