Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

all browsers crash or dont open even in "safe mode with networking"


  • This topic is locked This topic is locked
76 replies to this topic

#1 Kalador5

Kalador5

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:12:24 AM

Posted 20 July 2014 - 07:39 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17207
Run by Eric at 19:29:57 on 2014-07-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3581.2840 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Splashtop Connect SearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
mWinlogon: Userinit = userinit.exe
BHO: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1F754D08-B5AA-43E5-A1A0-FEEF44AF1B11} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amdide64;amdide64;C:\Windows\System32\drivers\amdide64.sys [2010-6-29 11832]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-7-18 46136]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-20 122584]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-7-19 565352]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-7-18 47232]
S1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2014-7-18 21616]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-28 204288]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-20 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-20 860472]
S2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2014-7-19 32544]
S2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-23 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
S3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-3-12 52280]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2014-7-19 30528]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-19 111616]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-7-20 91352]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-20 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-20 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-19 19456]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2014-7-19 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2014-7-19 32360]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2014-7-19 48416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-19 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-19 1255736]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-07-21 00:24:27 -------- d-----w- C:\Users\Eric\AppData\Local\Unity
2014-07-20 20:33:39 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-07-20 20:33:38 -------- d--h--w- C:\ProgramData\Common Files
2014-07-20 20:33:38 -------- d-----w- C:\ProgramData\TuneUp Software
2014-07-20 19:27:32 -------- d-----w- C:\Users\Eric\AppData\Roaming\ParetoLogic
2014-07-20 19:27:32 -------- d-----w- C:\Users\Eric\AppData\Roaming\DriverCure
2014-07-20 19:27:25 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2014-07-20 19:27:22 -------- d-----w- C:\ProgramData\ParetoLogic
2014-07-20 19:27:22 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2014-07-20 16:31:21 -------- d-----w- C:\Program Files\CCleaner
2014-07-20 16:31:05 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-20 16:30:51 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-20 16:30:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-20 16:30:51 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-20 16:30:51 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-20 16:30:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 16:30:33 -------- d-----w- C:\Users\Eric\AppData\Local\Programs
2014-07-20 06:09:34 -------- d-----w- C:\Users\Eric\AppData\Roaming\Opera Software
2014-07-20 06:09:34 -------- d-----w- C:\Users\Eric\AppData\Local\Opera Software
2014-07-20 06:03:33 -------- d-----w- C:\Users\Eric\AppData\Local\Google
2014-07-19 23:33:06 2871808 ----a-w- C:\Windows\explorer.exe
2014-07-19 23:33:06 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-07-19 23:33:05 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-19 23:33:00 67072 ----a-w- C:\Windows\splwow64.exe
2014-07-19 23:33:00 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-07-19 20:53:11 -------- d-----w- C:\Users\Eric\AppData\Local\ElevatedDiagnostics
2014-07-19 20:24:49 -------- d-sh--w- C:\Users\Eric\AppData\Local\EmieUserList
2014-07-19 20:24:49 -------- d-sh--w- C:\Users\Eric\AppData\Local\EmieSiteList
2014-07-19 19:46:10 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-07-19 19:46:10 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-07-19 19:46:10 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-07-19 19:46:09 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-07-19 19:40:54 -------- d-----w- C:\Windows\System32\appmgmt
2014-07-19 19:39:07 -------- d-----w- C:\Windows\Migration
2014-07-19 19:28:05 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-07-19 19:28:05 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-07-19 19:28:03 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-07-19 19:28:03 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-07-19 19:28:02 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-07-19 19:28:02 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-07-19 19:27:29 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-07-19 19:27:29 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-07-19 19:26:13 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-07-19 19:26:13 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-07-19 18:15:56 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-07-19 18:12:16 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-07-19 18:11:56 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-07-19 18:10:54 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-07-19 18:09:58 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-07-19 18:07:33 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-19 17:57:00 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-07-19 17:57:00 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-07-19 17:57:00 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-07-19 17:57:00 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-07-19 17:57:00 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-07-19 17:56:59 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-07-19 17:05:12 -------- d-----w- C:\Windows\System32\SPReview
2014-07-19 17:05:02 -------- d-----w- C:\Windows\System32\EventProviders
2014-07-19 16:52:59 695808 ----a-w- C:\Windows\System32\netlogon.dll
2014-07-19 16:51:38 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2014-07-19 16:51:38 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2014-07-19 16:50:21 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2014-07-19 16:30:04 2565632 ----a-w- C:\Windows\System32\esent.dll
2014-07-19 16:30:04 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2014-07-19 16:30:03 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-07-19 16:30:03 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2014-07-19 16:30:03 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-07-19 16:30:03 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-07-19 16:30:03 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-07-19 16:30:03 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-07-19 16:30:03 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-07-19 16:23:30 -------- d-----w- C:\Windows\SysWow64\Wat
2014-07-19 16:23:30 -------- d-----w- C:\Windows\System32\Wat
2014-07-19 16:05:46 -------- d-s---w- C:\Windows\System32\CompatTel
2014-07-19 15:09:01 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-07-19 15:09:00 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-07-19 15:09:00 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-07-19 15:02:06 -------- d-----w- C:\Windows\System32\MRT
2014-07-19 14:39:14 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-07-19 14:39:14 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-07-19 14:39:14 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-07-19 14:39:14 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-07-19 14:39:14 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-07-19 14:39:14 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-07-19 14:39:14 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-07-19 14:33:49 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-07-19 14:33:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-07-19 14:33:48 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-07-19 14:28:27 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2014-07-19 14:28:27 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2014-07-19 14:28:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2014-07-19 14:28:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2014-07-19 14:28:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-07-19 14:26:47 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2014-07-19 14:25:58 33792 ----a-w- C:\Windows\System32\profprov.dll
2014-07-19 14:17:29 642944 ----a-w- C:\Windows\System32\winload.efi
2014-07-19 14:17:29 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-07-19 14:17:29 605552 ----a-w- C:\Windows\System32\winload.exe
2014-07-19 14:17:29 566208 ----a-w- C:\Windows\System32\winresume.efi
2014-07-19 14:17:29 518672 ----a-w- C:\Windows\System32\winresume.exe
2014-07-19 14:17:29 20352 ----a-w- C:\Windows\System32\kdusb.dll
2014-07-19 14:17:29 19328 ----a-w- C:\Windows\System32\kd1394.dll
2014-07-19 14:17:29 17792 ----a-w- C:\Windows\System32\kdcom.dll
2014-07-19 14:17:01 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-07-19 14:17:01 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-07-19 14:12:53 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-07-19 14:12:52 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-07-19 14:12:52 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-07-19 14:09:02 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-07-19 14:08:56 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-07-19 14:08:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-07-19 14:08:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-07-19 14:07:49 30528 ----a-w- C:\Windows\GVTDrv64.sys
2014-07-19 14:07:40 25640 ----a-w- C:\Windows\gdrv.sys
2014-07-19 14:01:00 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-07-19 14:00:59 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-07-19 14:00:59 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-07-19 13:59:21 48416 ----a-r- C:\Windows\System32\drivers\RtTeam60.sys
2014-07-19 13:59:17 32360 ----a-r- C:\Windows\System32\drivers\RtVlan620.sys
2014-07-19 13:59:10 32544 ----a-r- C:\Windows\System32\drivers\RtNdPt60.sys
2014-07-19 06:23:09 -------- d-----w- C:\Windows\Panther
2014-07-19 03:53:39 -------- d-----w- C:\Program Files (x86)\AMD
2014-07-19 03:47:09 -------- d-----w- C:\Users\Eric\AppData\Local\Diagnostics
2014-07-19 03:46:43 -------- d-----w- C:\Users\Eric\AppData\Local\AMD
2014-07-19 03:46:34 -------- d-----w- C:\Users\Eric\AppData\Local\ATI
2014-07-19 03:46:11 -------- d-----w- C:\ProgramData\Splashtop
2014-07-19 03:46:00 0 ----a-w- C:\Windows\ativpsrm.bin
2014-07-19 03:45:09 -------- d-----w- C:\Windows\SysWow64\RTCOM
2014-07-19 03:45:09 -------- d-----w- C:\Program Files\Realtek
2014-07-19 03:43:38 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2014-07-19 03:43:38 -------- d-----w- C:\ProgramData\AMD
2014-07-19 03:43:37 -------- d-----w- C:\Program Files\ATI Technologies
2014-07-19 03:43:29 58880 ----a-w- C:\Windows\System32\coinst.dll
2014-07-19 03:43:28 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2014-07-19 03:43:13 -------- d-----w- C:\Program Files\ATI
2014-07-19 03:43:10 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-07-19 03:41:27 -------- d--h--w- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2014-07-19 03:41:25 -------- d-----w- C:\Users\Eric\AppData\Roaming\Splashtop
2014-07-19 03:41:15 -------- d-----w- C:\Program Files (x86)\Splashtop
2014-07-19 03:41:04 -------- d-sh--w- C:\Windows\Installer
2014-07-19 03:31:18 -------- d-----w- C:\Users\Eric\AppData\Local\VirtualStore
2014-07-19 03:29:40 -------- d-sh--w- C:\Recovery
.
==================== Find3M  ====================
.
2014-07-19 17:36:08 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-07-19 17:36:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 19:31:02.60 ===============

Attached Files


Edited by Queen-Evie, 20 July 2014 - 07:50 PM.
moved from Windows 7 to the appropriate forum. DDS logs are allowed only in Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:24 AM

Posted 21 July 2014 - 09:21 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:12:24 AM

Posted 21 July 2014 - 01:34 PM

as requested ...the files are attached

 

Attached Files



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:24 AM

Posted 21 July 2014 - 01:41 PM

Boot Mode: Safe Mode (with Networking)

Why are you in SafeMode?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:12:24 AM

Posted 21 July 2014 - 01:45 PM

the only way to get online to get on here for help 

was to boot in safe mode with networking 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:24 AM

Posted 21 July 2014 - 01:48 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:12:24 AM

Posted 21 July 2014 - 02:02 PM

# AdwCleaner v3.216 - Report created 21/07/2014 at 13:54:51
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Eric - MAINCOMPUTER
# Running from : C:\Users\Eric\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : SCBackService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Users\Eric\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Eric\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
File Deleted : C:\Windows\Tasks\paretologic registration3.job
File Deleted : C:\Windows\Tasks\paretologic update version3.job
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4232 octets] - [21/07/2014 13:52:04]
AdwCleaner[R1].txt - [4292 octets] - [21/07/2014 13:52:43]
AdwCleaner[S0].txt - [4416 octets] - [21/07/2014 13:54:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4476 octets] ##########


#8 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:12:24 AM

Posted 21 July 2014 - 02:05 PM

malwarebytes encounters a problem and needs to close ...tried to scan 3 times and the same thing happened 



#9 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:12:24 AM

Posted 21 July 2014 - 02:09 PM

malwarebytes encounters a problem and needs to close ...tried to scan 3 times and the same thing happened 

also on the other a window opens like the command shell ...is that normal on the junkware removal tool?



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:24 AM

Posted 21 July 2014 - 02:20 PM

Yes, it's normal for JRT. Skip the MBAM Step for now.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:12:24 AM

Posted 21 July 2014 - 02:33 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Eric on Mon 07/21/2014 at 14:21:34.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] wcuservice_stc_ie 
Successfully deleted: [Service] wcuservice_stc_ie 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
junkware logs
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/21/2014 at 14:27:58.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mab still will not run...


Yes, it's normal for JRT. Skip the MBAM Step for now.

mbam still will not run..



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:24 AM

Posted 21 July 2014 - 02:37 PM

Yes , I know. Go to Step 4 please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:12:24 AM

Posted 21 July 2014 - 02:41 PM

ok here's the FRST log 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Eric at 2014-07-21 14:41:05
Running from C:\Users\Eric\Desktop\New folder
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
AMD APP SDK Runtime (Version: 2.5.709.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{AE196FD4-5109-21C4-6B2D-C8B60E188EC7}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0728.1755.30366 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0728.1756.30366 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Easy Tune 6 B11.1209.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.1209.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.5.0 - ParetoLogic, Inc.)
Splashtop Connect for Firefox (HKLM-x32\...\{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}) (Version: 1.1.8.4 - Splashtop Inc.)
Splashtop Connect IE (HKLM-x32\...\{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}) (Version: 1.1.13.1 - Splashtop Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
 
==================== Restore Points  =========================
 
19-07-2014 23:33:24 Windows Update
19-07-2014 23:54:34 Windows Update
20-07-2014 21:20:24 Windows Update
21-07-2014 03:27:59 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1405836569.job => C:\Program Files (x86)\Opera\launcher.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\Windows\Tasks\RegCure Pro Startup.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_E1185F85-1043-11E4-91AA-902B34207525.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-20 18:15 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Eric\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-20 18:15 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Eric\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-07-20 01:04 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-20 01:04 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-20 01:04 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (07/21/2014 02:38:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/21/2014 02:38:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/21/2014 02:38:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/21/2014 02:38:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/21/2014 02:38:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/21/2014 02:38:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/21/2014 02:38:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/21/2014 02:38:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/21/2014 02:38:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/21/2014 02:36:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 22%
Total physical RAM: 3581.43 MB
Available physical RAM: 2781.97 MB
Total Pagefile: 7161.04 MB
Available Pagefile: 6365.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:433.25 GB) NTFS
Drive d: (GIGABYTE) (CDROM) (Total:3.54 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 29352526)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:24 AM

Posted 21 July 2014 - 02:44 PM

FRST.txt is missing.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Kalador5

Kalador5
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dayton Texas
  • Local time:12:24 AM

Posted 21 July 2014 - 02:58 PM

it will not let me post the file...it keeps saying too large to post and to big to upload when trying to attach it 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users