Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen Keeps Shutting down my computer


  • This topic is locked This topic is locked
28 replies to this topic

#1 Trey 7854

Trey 7854

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 09 August 2014 - 02:27 PM

Blue Screen of Death keeps shutting down my computer.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by Trey.Coleman at 23:28:53 on 2014-08-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8047.4045 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\agent_x64.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\huubx.exe
C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
"svchost.exe"
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza\ettil.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\rundll32.exe
"C:\Windows\SysWOW64\svchost.exe"
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Trey.Coleman\AppData\Local\browser_dir\browser.exe
C:\Users\Trey.Coleman\AppData\Local\browser_dir\browser.exe
C:\Users\Trey.Coleman\AppData\Local\browser_dir\browser.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Trey.Coleman\AppData\Local\browser_dir\browser.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza\ettil.exe
C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza\ettil.exe
C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza\ettil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [GoogleChromeAutoLaunch_30168E37E4D2C97B56C74AA690234F38] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [1193123993] C:\Windows\System32\rundll32.exe "c:\users\trey.coleman\appdata\roaming\2548802063\gpuactivex.dll",DllRegisterServer
uRun: [Ubarmubayg] C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza\ettil.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Clearwire Connection Manager] "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [{0367d822-de48-442e-ef4d-8e45513b2308}] "C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe"
mRun: [Ubarmubayg] C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza\ettil.exe
mExplorerRun: [{0367d822-de48-442e-ef4d-8e45513b2308}] "C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe"
StartupFolder: C:\Users\TREY~1.COL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\TREY~1.COL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{273FF072-1E53-448A-AB7C-EA6FB5F64EE8} : DHCPNameServer = 64.13.74.12
TCP: Interfaces\{89E570F4-E59A-44F0-93C8-8DE1B3BDEA45} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AF70A887-D053-4EA4-B1A9-DCC9BEE0047D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AF70A887-D053-4EA4-B1A9-DCC9BEE0047D}\14E64627F69646455647865627 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{AF70A887-D053-4EA4-B1A9-DCC9BEE0047D}\2455E4B4542523 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AF70A887-D053-4EA4-B1A9-DCC9BEE0047D}\34641484F4D454 : DHCPNameServer = 10.20.10.54
TCP: Interfaces\{AF70A887-D053-4EA4-B1A9-DCC9BEE0047D}\3516E64697 : DHCPNameServer = 192.168.2.1 68.94.156.1 68.94.157.1
TCP: Interfaces\{AF70A887-D053-4EA4-B1A9-DCC9BEE0047D}\45275697 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [Ubarmubayg] "C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza\ettil.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Firefox\Profiles\96ibxu1m.default\
FF - prefs.js: browser.search.selectedEngine - WebSearch+
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\EpicPlay\npEpicHost.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-18 55280]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-18 89600]
R2 Agent;Agent;C:\Windows\agent_x64.exe [2012-1-28 102912]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2011-3-29 407552]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-4 137144]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-8-23 103992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-5-13 270624]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-8 1809720]
R2 SecurityCenterServer1335632240;Security Center Server - 1335632240;C:\Windows\SysWOW64\huubx.exe [2014-8-9 305283]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2011-11-22 108376]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-11-25 5087584]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-18 2320920]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-6-18 35104]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-6-18 227896]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-5-5 340656]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-18 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-7-23 158976]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-22 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-8 122584]
R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2011-6-18 59008]
S0 cvuoulo;cvuoulo;C:\Windows\System32\drivers\yalv.sys [2014-8-9 79064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-8 860472]
S3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2011-10-17 382848]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2011-10-17 60416]
S3 CACLEARWIRE;Clearwire Con App Svc;C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2011-11-22 124760]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2011-11-22 120664]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-14 111616]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-8 63704]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-10-25 7680512]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-8-5 43032]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-13 1120752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-18 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-18 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-08-10 04:12:17 79064 ----a-w- C:\Windows\System32\drivers\yalv.sys
2014-08-10 00:10:21 305283 ----a-w- C:\Windows\SysWow64\huubx.exe
2014-08-10 00:10:20 -------- d-----w- C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza
2014-08-09 21:41:01 -------- d-----w- C:\Users\Trey.Coleman\AppData\Roaming\3238963549
2014-08-09 20:50:49 -------- d-----w- C:\Users\Trey.Coleman\AppData\Roaming\907686967
2014-08-09 20:50:38 -------- d-----w- C:\Users\Trey.Coleman\AppData\Local\browser_dir
2014-08-09 20:50:02 -------- d-----w- C:\Users\Trey.Coleman\AppData\Roaming\2548802063
2014-08-09 19:34:23 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6A9065E-2576-4CAE-A4B9-AE90BDAFEF7F}\offreg.dll
2014-08-08 19:03:01 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6A9065E-2576-4CAE-A4B9-AE90BDAFEF7F}\mpengine.dll
2014-07-30 17:46:59 -------- d-----w- C:\Users\Trey.Coleman\AppData\Roaming\c8a1da
2014-07-30 17:46:58 -------- d-----w- C:\Users\Trey.Coleman\AppData\Local\c8a1da
2014-07-30 17:46:26 -------- d-----w- C:\Users\Trey.Coleman\AppData\Local\3097384522
2014-07-14 16:31:50 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-14 16:31:50 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-14 16:31:50 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-14 16:31:48 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-14 16:31:47 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-14 16:30:09 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-14 16:30:09 10240 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-07-14 16:30:08 544768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-14 16:30:08 348672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-14 16:30:08 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-07-14 16:30:08 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-14 16:30:08 110592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-14 16:30:07 692736 ----a-w- C:\Windows\System32\osk.exe
2014-07-14 16:30:07 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-07-14 16:30:07 503296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-14 16:30:07 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-14 16:29:14 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-07-14 16:29:14 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-07-14 16:27:58 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-14 16:27:58 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-14 16:27:25 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-14 16:27:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-14 16:27:23 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-11 17:10:20 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-07-11 17:10:19 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-11 16:55:54 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
==================== Find3M  ====================
.
2014-08-10 04:20:18 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-12 12:26:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 12:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 12:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 23:30:06.76 ===============

Attached Files


Edited by Trey 7854, 09 August 2014 - 11:36 PM.


BC AdBot (Login to Remove)

 


#2 Trey 7854

Trey 7854
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 09 August 2014 - 11:37 PM

Logs finally worked and both the DDS and Attach txt's were added.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 14 August 2014 - 09:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#4 Trey 7854

Trey 7854
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 15 August 2014 - 11:58 AM

Rogue Killer Log:

 

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Trey.Coleman [Admin rights]
Mode : Remove -- Date : 08/15/2014  11:39:00
 
¤¤¤ Bad processes : 5 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[x] -> [NoKill]
[Suspicious.Path] (SVC) Agent -- C:\Windows\agent_x64.exe[-] -> STOPPED
 
¤¤¤ Registry Entries : 39 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | {0367d822-de48-442e-ef4d-8e45513b2308} : "C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe" [x] -> DELETED
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Windows\CurrentVersion\Run | Ubarmubayg : C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza\ettil.exe [x] -> DELETED
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Windows\CurrentVersion\Run | Ubarmubayg : C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza\ettil.exe  -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{273FF072-1E53-448A-AB7C-EA6FB5F64EE8} | DhcpNameServer : 64.13.74.12  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{273FF072-1E53-448A-AB7C-EA6FB5F64EE8} | DhcpNameServer : 64.13.74.12  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{273FF072-1E53-448A-AB7C-EA6FB5F64EE8} | DhcpNameServer : 64.13.74.12  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NOT SELECTED
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> NOT SELECTED
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/  -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/  -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> NOT SELECTED
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NOT SELECTED
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NOT SELECTED
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NOT SELECTED
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3479338614-148093371-1206300522-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NOT SELECTED
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NOT SELECTED
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 96ibxu1m.default : user_pref("browser.startup.homepage", "http://www.yahoo.com/"); -> NOT SELECTED
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKT-60PVMT0 +++++
--- User ---
[MBR] 94836daf61a7bf4c3365352b48a5e49a
[BSP] dd294d2b7e04b0fb391b1d54d1c81ebc : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305142 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Ricoh SD Disk Device +++++
--- User ---
[MBR] 954bcc78526a87a35a290f25013206e8
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 129 | Size: 952 MB
Error reading LL1 MBR! ([32] The request is not supported. )
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_08152014_113848.log
 
 
 
Adware Cleaner Log:
 
A# AdwCleaner v3.305 - Report created 15/08/2014 at 11:44:05
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Trey.Coleman - TREYCOLEMAN-PC
# Running from : C:\Users\Trey.Coleman\Downloads\adwcleaner_3.305.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\Users\Trey.Coleman\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Trey.Coleman\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Firefox\Profiles\96ibxu1m.default\FCTB
File Deleted : C:\END
File Deleted : C:\Windows\System32\GroupPolicy\Machine\Registry.pol
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKLM\Software\speedypc software
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Firefox\Profiles\96ibxu1m.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch+");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch+");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.DNSCatch", false);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.FirstLaunchShown", true);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.LastDate", 15);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.customNewTab", false);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.CaptureType", 3);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20111114.connection_error", 0);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20111114.invalid_cert", 0);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20111114.server_error", 0);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20111114.success", 0);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20111115.connection_error", 0);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20111115.invalid_cert", 0);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20111115.server_error", 0);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20111115.success", 0);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.currentOffset", -101);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.dcaConfigInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.enableVoicebox", false);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.epochTimeInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.eulaVersion", 20110301);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSSerpInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSShoppingcartInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigModification", "");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigTime", "1321297293640");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigUrl", "hxxps://dcs-config.consumerinput.com/configs/dca_config/FCZ3F9Lfox/9392?userId=FCZ3F9L51196995");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaStatus", 1);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEpochTime", "1321297303710");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEpochTimeUrl", "hxxps://dcs.consumerinput.com/cgi-bin/EpochReturn.py");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEventSendAttemptDate", "20111114");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEventSendSuccessDate", "20111114");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSModification", "Fri, 30 Sep 2011 16:45:10 GMT");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSSerpModification", "Fri, 04 Nov 2011 18:45:13 GMT");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSSerpTime", "1321297293150");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSSerpUrl", "hxxps://dcs-files.consumerinput.com/xml/modules/serp/config-serp.xml");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSShoppingcartModification", "Fri, 04 Nov 2011 18:45:12 GMT");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSShoppingcartTime", "1321297293150");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSShoppingcartUrl", "hxxps://dcs-files.consumerinput.com/xml/modules/tld/config-tld.xml");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSTime", "1321297293149");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSUrl", "hxxps://dcs-files.consumerinput.com/xml/modules/core/config-core.xml");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPingTime", "1321297351654");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPrivacyRulesModification", "Tue, 18 Oct 2011 17:45:16 GMT");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPrivacyRulesTime", "1321297293149");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPrivacyRulesUrl", "hxxps://dcs-files.consumerinput.com/xml/privacy_rules/privacy_rules.xml");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastWhitelistModification", "Thu, 10 Nov 2011 22:15:10 GMT");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastWhitelistTime", "1321297293151");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastWhitelistUrl", "hxxps://dcs-files.consumerinput.com/xml/ajax_whitelist/ajax_whitelist.xml");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.panelID", "FCZ3F9Lfox");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.pingInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyFailures", 0);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyFailuresThreshold", 15);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyRulesInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.probationLength", 14400);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.rulesVersion", "1403");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.userID", "FCZ3F9L51196995");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.version", "1.7.0.9392");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.whitelistInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dcaConfigInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.epochTimeInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.eulaVersion", 20110301);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.externalJSInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.externalJSSerpInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.externalJSShoppingcartInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.installDate", "11082011");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastDcaConfigModification", "");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastDcaConfigTime", "1320725580967");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastDcaConfigUrl", "hxxps://dcs-config.consumerinput.com/configs/dca_config/FCZ3F9Lfox/8823?userId=FCZ3F9L51196995");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastEpochTime", "1320725580975");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSModification", "Fri, 30 Sep 2011 16:45:10 GMT");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSSerpModification", "Fri, 04 Nov 2011 18:45:13 GMT");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSSerpTime", "1320725580708");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSSerpUrl", "hxxps://dcs-files.consumerinput.com/xml/modules/serp/config-serp.xml");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSShoppingcartModification", "Fri, 04 Nov 2011 18:45:12 GMT");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSShoppingcartTime", "1320725580888");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSShoppingcartUrl", "hxxps://dcs-files.consumerinput.com/xml/modules/tld/config-tld.xml");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSTime", "1320725580702");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSUrl", "hxxps://dcs-files.consumerinput.com/xml/modules/core/config-core.xml");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPingTime", "1320725639731");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPrivacyRulesModification", "Tue, 18 Oct 2011 17:45:16 GMT");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPrivacyRulesTime", "1320725580701");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPrivacyRulesUrl", "hxxps://dcs-files.consumerinput.com/xml/privacy_rules/privacy_rules.xml");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastWhitelistModification", "Fri, 28 Oct 2011 20:45:07 GMT");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastWhitelistTime", "1320725580702");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastWhitelistUrl", "hxxps://dcs-files.consumerinput.com/xml/ajax_whitelist/ajax_whitelist.xml");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.pingInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.privacyFailures", 0);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.privacyFailuresThreshold", 15);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.privacyRulesInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.probationLength", 14400);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.rulesVersion", "1403");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.version", "1.0.29");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.whitelistInterval", "1440");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.processAddrBar", false);
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.session", "7078FB72C873D9051F81FE95BDDFFCA694666CA1B68CB2FE796620B69861931DDA57F49643136E574673B8A0F8BFBD7857261E05002EBED8EBFA662E3C4029F8020D1AC4[...]
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.tb_lang", "en");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.user_id", "51196995");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.dcaAlertShown", "1");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.disablecuidinject", "1");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.lastcheck", "Tue%20Nov%2015%202011%2009%3A58%3A19%20GMT-0600%20%28Central%20Standard%20Time%29");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.version", "0");
Line Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.yahooSearch", false);
Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "tr.startnow.com");
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Trey.Coleman\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [14897 octets] - [15/08/2014 11:41:56]
AdwCleaner[S0].txt - [15109 octets] - [15/08/2014 11:44:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15170 octets] ##########
 
 
 
Farbar FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by Trey.Coleman (administrator) on TREYCOLEMAN-PC on 15-08-2014 11:49:55
Running from C:\Users\Trey.Coleman\Desktop\Farbar
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Windows\agent_x64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Dropbox, Inc.) C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2011-06-18] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-08-23] (Hewlett-Packard Company)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-06-18] (IDT, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1694016 2011-09-07] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4035152 2011-09-22] (ESET)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2011-06-18] ()
HKLM-x32\...\Run: [Clearwire Connection Manager] => C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe [59224 2011-11-22] (ClearwireCM)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [{0367d822-de48-442e-ef4d-8e45513b2308}] => C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe [235570 2014-07-08] ()
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer\Run: [{0367d822-de48-442e-ef4d-8e45513b2308}] => C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe [235570 2014-07-08] ( ())
HKU\S-1-5-21-3479338614-148093371-1206300522-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-11-28] (Apple Inc.)
HKU\S-1-5-21-3479338614-148093371-1206300522-1000\...\Run: [GoogleChromeAutoLaunch_30168E37E4D2C97B56C74AA690234F38] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Trey.Coleman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Trey.Coleman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Trey.Coleman\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Firefox\Profiles\96ibxu1m.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @skyhookwireless.com/LokiPlugin,version=3.1.0.05 -> C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: npEpicPlayDisplayHost -> C:\Program Files (x86)\EpicPlay\npEpicHost.dll ( )
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Extension: EpicPlay Games - C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-10-08]
FF Extension: Default Theme Engine - Personas Interactive - C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Firefox\Profiles\96ibxu1m.default\Extensions\btpersonas@brandthunder.com [2014-08-09]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-04-19]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Trey.Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]
CHR Extension: (Hangouts) - C:\Users\Trey.Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-08-02]
CHR Extension: (Google Wallet) - C:\Users\Trey.Coleman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Agent; C:\Windows\agent_x64.exe [102912 2011-08-24] () [File not signed]
S3 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124760 2011-11-22] (SmithMicro Inc.)
R2 clearwireDeviceDiagnosticsService; C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [407552 2011-03-29] () [File not signed]
S3 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120664 2011-11-22] (SmithMicro Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [974944 2011-09-22] (ESET)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-04-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [108376 2011-11-22] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [382848 2011-10-17] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [60416 2011-10-17] (Beceem communications pvt ltd.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2011-08-04] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
S0 ptumraoy; System32\drivers\rrutrb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 11:49 - 2014-08-15 11:49 - 02100224 _____ (Farbar) C:\Users\Trey.Coleman\Downloads\FRST64.exe
2014-08-15 11:49 - 2014-08-15 11:49 - 00000000 ____D () C:\Users\Trey.Coleman\Desktop\Farbar
2014-08-15 11:48 - 2014-08-15 11:48 - 00015259 _____ () C:\Users\Trey.Coleman\Desktop\AdwCleaner[S0].txt
2014-08-15 11:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-15 11:41 - 2014-08-15 11:44 - 00000000 ____D () C:\AdwCleaner
2014-08-15 11:41 - 2014-08-15 11:41 - 01356107 _____ () C:\Users\Trey.Coleman\Downloads\adwcleaner_3.305.exe
2014-08-15 11:39 - 2014-08-15 11:39 - 00008871 _____ () C:\Users\Trey.Coleman\Desktop\RKreport_DEL_08152014_113900.log
2014-08-15 11:23 - 2014-08-15 11:23 - 00292144 _____ () C:\Windows\Minidump\081514-46488-01.dmp
2014-08-15 11:21 - 2014-08-15 11:24 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-15 11:21 - 2014-08-15 11:21 - 05421656 _____ () C:\Users\Trey.Coleman\Desktop\RogueKillerX64 (1).exe
2014-08-15 11:21 - 2014-08-15 11:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-15 11:20 - 2014-08-15 11:20 - 05421656 _____ () C:\Users\Trey.Coleman\Downloads\RogueKillerX64.exe
2014-08-15 11:14 - 2014-08-15 11:45 - 00007884 _____ () C:\Windows\PFRO.log
2014-08-15 11:14 - 2014-08-15 11:45 - 00000168 _____ () C:\Windows\setupact.log
2014-08-15 11:14 - 2014-08-15 11:23 - 734088731 _____ () C:\Windows\MEMORY.DMP
2014-08-15 11:14 - 2014-08-15 11:14 - 00269104 _____ () C:\Windows\Minidump\081514-20108-01.dmp
2014-08-15 11:14 - 2014-08-15 11:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-09 23:30 - 2014-08-09 23:31 - 00027731 _____ () C:\Users\Trey.Coleman\Desktop\dds.txt
2014-08-09 23:28 - 2014-08-09 23:28 - 00688992 ____R (Swearware) C:\Users\Trey.Coleman\Downloads\dds(2).com
2014-08-09 23:23 - 2014-08-09 23:23 - 04813544 _____ (Piriform Ltd) C:\Users\Trey.Coleman\Downloads\ccsetup416.exe
2014-08-09 19:10 - 2014-08-09 19:10 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza
2014-08-09 15:50 - 2014-08-09 15:51 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Local\browser_dir
2014-08-09 15:50 - 2014-08-09 15:50 - 49308698 _____ () C:\Users\Trey.Coleman\AppData\Roaming\2668554065
2014-08-09 14:19 - 2014-08-09 23:32 - 00012920 _____ () C:\Users\Trey.Coleman\Desktop\attach.txt
2014-08-09 14:19 - 2014-08-09 14:19 - 00688992 ____R (Swearware) C:\Users\Trey.Coleman\Downloads\dds(1).com
2014-08-09 14:04 - 2014-08-09 14:05 - 00688992 ____R (Swearware) C:\Users\Trey.Coleman\Downloads\dds.com
2014-08-01 11:14 - 2014-08-01 11:14 - 00172197 _____ () C:\Users\Trey.Coleman\Downloads\2015-Monthly-Calendar-with-Holidays.xlsx
2014-07-30 12:47 - 2014-08-10 06:34 - 00000004 _____ () C:\Users\Trey.Coleman\AppData\Roaming\3072906547
2014-07-30 12:47 - 2014-08-10 05:30 - 00000032 _____ () C:\Users\Trey.Coleman\AppData\Roaming\2275433852
2014-07-30 12:46 - 2014-08-10 06:34 - 00000004 _____ () C:\Users\Trey.Coleman\AppData\Roaming\1307461947
2014-07-30 12:46 - 2014-08-10 06:34 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Local\c8a1da
2014-07-30 12:46 - 2014-08-09 23:16 - 00000004 _____ () C:\Users\Trey.Coleman\AppData\Roaming\2371791194
2014-07-30 12:46 - 2014-08-02 15:55 - 00000004 _____ () C:\Users\Trey.Coleman\AppData\Roaming\953185068
2014-07-30 12:46 - 2014-08-02 14:16 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Local\3097384522
2014-07-30 12:46 - 2014-07-30 12:46 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Roaming\c8a1da
2014-07-23 10:26 - 2014-07-23 10:26 - 00008852 _____ () C:\Users\Trey.Coleman\Documents\Wedding Gifts.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 11:53 - 2014-07-14 10:14 - 02036187 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 11:49 - 2014-08-15 11:49 - 02100224 _____ (Farbar) C:\Users\Trey.Coleman\Downloads\FRST64.exe
2014-08-15 11:49 - 2014-08-15 11:49 - 00000000 ____D () C:\Users\Trey.Coleman\Desktop\Farbar
2014-08-15 11:49 - 2012-07-18 10:47 - 00000000 ____D () C:\FRST
2014-08-15 11:48 - 2014-08-15 11:48 - 00015259 _____ () C:\Users\Trey.Coleman\Desktop\AdwCleaner[S0].txt
2014-08-15 11:46 - 2013-11-25 16:32 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 11:46 - 2011-08-06 14:06 - 00000000 ___RD () C:\Users\Trey.Coleman\Dropbox
2014-08-15 11:46 - 2011-08-06 14:03 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Roaming\Dropbox
2014-08-15 11:45 - 2014-08-15 11:14 - 00007884 _____ () C:\Windows\PFRO.log
2014-08-15 11:45 - 2014-08-15 11:14 - 00000168 _____ () C:\Windows\setupact.log
2014-08-15 11:45 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 11:44 - 2014-08-15 11:41 - 00000000 ____D () C:\AdwCleaner
2014-08-15 11:41 - 2014-08-15 11:41 - 01356107 _____ () C:\Users\Trey.Coleman\Downloads\adwcleaner_3.305.exe
2014-08-15 11:39 - 2014-08-15 11:39 - 00008871 _____ () C:\Users\Trey.Coleman\Desktop\RKreport_DEL_08152014_113900.log
2014-08-15 11:31 - 2009-07-13 23:45 - 00015856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 11:31 - 2009-07-13 23:45 - 00015856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 11:24 - 2014-08-15 11:21 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-15 11:23 - 2014-08-15 11:23 - 00292144 _____ () C:\Windows\Minidump\081514-46488-01.dmp
2014-08-15 11:23 - 2014-08-15 11:14 - 734088731 _____ () C:\Windows\MEMORY.DMP
2014-08-15 11:23 - 2012-04-22 13:37 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 11:21 - 2014-08-15 11:21 - 05421656 _____ () C:\Users\Trey.Coleman\Desktop\RogueKillerX64 (1).exe
2014-08-15 11:21 - 2014-08-15 11:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-15 11:20 - 2014-08-15 11:20 - 05421656 _____ () C:\Users\Trey.Coleman\Downloads\RogueKillerX64.exe
2014-08-15 11:20 - 2013-11-25 16:32 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 11:20 - 2011-08-06 14:06 - 00001060 _____ () C:\Users\Trey.Coleman\Desktop\Dropbox.lnk
2014-08-15 11:20 - 2011-08-06 14:03 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 11:19 - 2012-12-17 10:17 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Local\0194A862-4714-4689-BFBE-FDEF89C595BD.aplzod
2014-08-15 11:15 - 2011-07-03 16:03 - 00000432 __RSH () C:\ProgramData\ntuser.pol
2014-08-15 11:14 - 2014-08-15 11:14 - 00269104 _____ () C:\Windows\Minidump\081514-20108-01.dmp
2014-08-15 11:14 - 2014-08-15 11:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-10 06:34 - 2014-07-30 12:47 - 00000004 _____ () C:\Users\Trey.Coleman\AppData\Roaming\3072906547
2014-08-10 06:34 - 2014-07-30 12:46 - 00000004 _____ () C:\Users\Trey.Coleman\AppData\Roaming\1307461947
2014-08-10 06:34 - 2014-07-30 12:46 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Local\c8a1da
2014-08-10 05:30 - 2014-07-30 12:47 - 00000032 _____ () C:\Users\Trey.Coleman\AppData\Roaming\2275433852
2014-08-09 23:44 - 2014-07-08 17:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 23:32 - 2014-08-09 14:19 - 00012920 _____ () C:\Users\Trey.Coleman\Desktop\attach.txt
2014-08-09 23:31 - 2014-08-09 23:30 - 00027731 _____ () C:\Users\Trey.Coleman\Desktop\dds.txt
2014-08-09 23:28 - 2014-08-09 23:28 - 00688992 ____R (Swearware) C:\Users\Trey.Coleman\Downloads\dds(2).com
2014-08-09 23:23 - 2014-08-09 23:23 - 04813544 _____ (Piriform Ltd) C:\Users\Trey.Coleman\Downloads\ccsetup416.exe
2014-08-09 23:23 - 2012-05-08 16:29 - 00000837 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-09 23:23 - 2012-04-22 22:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-09 23:16 - 2014-07-30 12:46 - 00000004 _____ () C:\Users\Trey.Coleman\AppData\Roaming\2371791194
2014-08-09 19:10 - 2014-08-09 19:10 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Roaming\Wyzaoza
2014-08-09 16:04 - 2011-06-18 00:11 - 00000000 ____D () C:\swsetup
2014-08-09 15:51 - 2014-08-09 15:50 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Local\browser_dir
2014-08-09 15:50 - 2014-08-09 15:50 - 49308698 _____ () C:\Users\Trey.Coleman\AppData\Roaming\2668554065
2014-08-09 15:45 - 2011-06-25 15:14 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-09 15:44 - 2011-11-05 16:43 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-09 15:25 - 2014-05-19 22:48 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTrey.Coleman
2014-08-09 15:25 - 2014-05-19 22:48 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForTrey.Coleman.job
2014-08-09 14:19 - 2014-08-09 14:19 - 00688992 ____R (Swearware) C:\Users\Trey.Coleman\Downloads\dds(1).com
2014-08-09 14:05 - 2014-08-09 14:04 - 00688992 ____R (Swearware) C:\Users\Trey.Coleman\Downloads\dds.com
2014-08-09 12:38 - 2014-01-10 18:00 - 00000000 ____D () C:\Users\Trey.Coleman\Documents\2014 Reports
2014-08-08 15:01 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\CSC
2014-08-02 15:56 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\addins
2014-08-02 15:55 - 2014-07-30 12:46 - 00000004 _____ () C:\Users\Trey.Coleman\AppData\Roaming\953185068
2014-08-02 14:16 - 2014-07-30 12:46 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Local\3097384522
2014-08-01 11:23 - 2014-05-13 08:21 - 00168002 _____ () C:\Users\Trey.Coleman\Documents\2015 Calendar.xlsx
2014-08-01 11:14 - 2014-08-01 11:14 - 00172197 _____ () C:\Users\Trey.Coleman\Downloads\2015-Monthly-Calendar-with-Holidays.xlsx
2014-07-30 12:46 - 2014-07-30 12:46 - 00000000 ____D () C:\Users\Trey.Coleman\AppData\Roaming\c8a1da
2014-07-29 23:01 - 2011-06-18 00:07 - 00000000 ____D () C:\Users\Trey.Coleman
2014-07-26 12:40 - 2012-05-18 14:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 12:40 - 2012-05-18 14:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 13:51 - 2012-05-18 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 10:26 - 2014-07-23 10:26 - 00008852 _____ () C:\Users\Trey.Coleman\Documents\Wedding Gifts.xlsx
2014-07-19 17:55 - 2013-11-25 16:34 - 00002198 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 17:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
 
Some content of TEMP:
====================
C:\Users\Trey.Coleman\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Trey.Coleman\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ycfux.dll
C:\Users\Trey.Coleman\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-08 14:17
 
==================== End Of Log ============================

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 15 August 2014 - 12:25 PM

 
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [{0367d822-de48-442e-ef4d-8e45513b2308}] => C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe [235570 2014-07-08] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer\Run: [{0367d822-de48-442e-ef4d-8e45513b2308}] => C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe [235570 2014-07-08] ( ())
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: npEpicPlayDisplayHost -> C:\Program Files (x86)\EpicPlay\npEpicHost.dll ( )
FF Extension: EpicPlay Games - C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-10-08]
S0 ptumraoy; System32\drivers\rrutrb.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:05A9EC70
AlternateDataStreams: C:\ProgramData\TEMP:CF75D88F
C:\Users\Trey.Coleman\AppData\Local\Temp\AtpTimerInfo.dll
C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}
C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
C:\Program Files (x86)\EpicPlay
End
 
Save the files as fixlist.txt into the same folder as FRST
 
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Download Security Check by screen317 from here.
  •  
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
 
If the site is busy or not available use this mirror site:
===
 
How is the computer running now?
 
 
 


#6 Trey 7854

Trey 7854
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 August 2014 - 04:15 PM

Computer is running without shutting down as much. Still saw the blue screen appear after the restart from FRST Fix. 

 

FRST FixLog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by Trey.Coleman at 2014-08-17 15:30:30 Run:1
Running from C:\Users\Trey.Coleman\Desktop\Farbar
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [{0367d822-de48-442e-ef4d-8e45513b2308}] => C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe [235570 2014-07-08] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer\Run: [{0367d822-de48-442e-ef4d-8e45513b2308}] => C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe [235570 2014-07-08] ( ())
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: npEpicPlayDisplayHost -> C:\Program Files (x86)\EpicPlay\npEpicHost.dll ( )
FF Extension: EpicPlay Games - C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-10-08]
S0 ptumraoy; System32\drivers\rrutrb.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:05A9EC70
AlternateDataStreams: C:\ProgramData\TEMP:CF75D88F
C:\Users\Trey.Coleman\AppData\Local\Temp\AtpTimerInfo.dll
C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}
C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
C:\Program Files (x86)\EpicPlay
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{0367d822-de48-442e-ef4d-8e45513b2308} => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{0367d822-de48-442e-ef4d-8e45513b2308} => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\npEpicPlayDisplayHost" => Key deleted successfully.
C:\Program Files (x86)\EpicPlay\npEpicHost.dll => Moved successfully.
C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com => Moved successfully.
ptumraoy => Service deleted successfully.
C:\ProgramData\TEMP => ":05A9EC70" ADS removed successfully.
C:\ProgramData\TEMP => ":CF75D88F" ADS removed successfully.
C:\Users\Trey.Coleman\AppData\Local\Temp\AtpTimerInfo.dll => Moved successfully.
 
"C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}" directory move:
 
Could not move "C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}" directory. => Scheduled to move on reboot.
 
C:\Users\Trey.Coleman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} => Moved successfully.
C:\Program Files (x86)\EpicPlay => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-08-17 15:32:22)<=
 
C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308}\{0367d822-de48-442e-ef4d-8e45513b2308}.exe => Is moved successfully.
C:\ProgramData\Microsoft\{0367d822-de48-442e-ef4d-8e45513b2308} => Is moved successfully.
 
==== End of Fixlog ====

 

Security Check Log:

 

 Results of screen317's Security Check version 0.99.87  
   x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
ESET NOD32 Antivirus 5.0   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Java version out of Date! 
  Adobe Flash Player 11.7.700.224 Flash Player out of Date!  
 Mozilla Firefox (30.0) 
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 18 August 2014 - 07:57 AM

Secure your system by updating 3rd party programs.
 
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.
 
You can manually check your present version and update as recommended.
 
Be careful not to install malware posing as Java update!
Important read this blog.
 
Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
 
How to disable Java in your browsers
 
 
If present remove the old version(s) of Java using the Add/Remove Programs applet.
 
Java 7 Update 60  
 
===
Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.
 
Flash test site:
Install the new version or if you have the latest close the windows.
 
Flash Player Help / Find version
===
 
Please download MiniToolBox to Desktop and run it.
 
Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 


#8 Trey 7854

Trey 7854
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 19 August 2014 - 09:58 AM

Sorry for the delay, had a period of the blue screen continuing to cycle through with restarts. Couldn't open the computer up for more than  a few minutes at a time when it didn't restart.

 

Java and Adobe updated.

 

Minitoolbox result:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Trey.Coleman (administrator) on 19-08-2014 at 09:56:38
Running from "C:\Users\Trey.Coleman\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname TreyColeman-PC.local already in use; will try TreyColeman-PC-2.local instead
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 TreyColeman-PC.local. Addr 192.168.0.100
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.101:5353    4 TreyColeman-PC.local. Addr 192.168.0.101
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 TreyColeman-PC.local. AAAA FE80:0000:0000:0000:6D4E:B7C3:7B85:F1F2
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.101:5353    4 TreyColeman-PC.local. Addr 192.168.0.101
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 TreyColeman-PC.local. Addr 192.168.0.100
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.101:5353    4 TreyColeman-PC.local. Addr 192.168.0.101
 
Error: (08/17/2014 04:01:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x53d22ad9
Faulting module name: mshtml.dll, version: 11.0.9600.17239, time stamp: 0x53d26d9d
Exception code: 0xc0000005
Fault offset: 0x00000000000ce5c9
Faulting process id: 0x1630
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (08/17/2014 03:46:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004751d
Faulting process id: 0xdc8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (08/17/2014 03:40:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x53d22ad9
Faulting module name: Flash64_11_9_900_152.ocx, version: 11.9.900.152, time stamp: 0x526effd4
Exception code: 0xc0000005
Fault offset: 0x00000000002717bc
Faulting process id: 0x1b24
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
 
System errors:
=============
Error: (08/19/2014 09:40:58 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ptumraoy
 
Error: (08/19/2014 09:40:56 AM) (Source: NetBT) (User: )
Description: The name "TREYCOLEMAN-PC :20" could not be registered on the interface with IP address 192.168.0.102.
The computer with the IP address 192.168.0.101 did not allow the name to be claimed by
this computer.
 
Error: (08/19/2014 09:40:56 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AF70A887-D053-4EA4-B1A9-DCC9BEE0047D} because another computer on the network has the same name.  The server could not start.
 
Error: (08/19/2014 09:40:42 AM) (Source: NetBT) (User: )
Description: The name "TREYCOLEMAN-PC :0" could not be registered on the interface with IP address 192.168.0.102.
The computer with the IP address 192.168.0.101 did not allow the name to be claimed by
this computer.
 
Error: (08/19/2014 09:40:33 AM) (Source: BugCheck) (User: )
Description: 0x000000a5 (0x0000000000001000, 0x0000000000000000, 0x00000000bf6bb918, 0x000000000000043b)C:\Windows\MEMORY.DMP081914-28095-01
 
Error: (08/18/2014 02:06:49 PM) (Source: NetBT) (User: )
Description: The name "TREYCOLEMAN-PC :20" could not be registered on the interface with IP address 192.168.0.100.
The computer with the IP address 192.168.0.101 did not allow the name to be claimed by
this computer.
 
Error: (08/18/2014 02:06:49 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AF70A887-D053-4EA4-B1A9-DCC9BEE0047D} because another computer on the network has the same name.  The server could not start.
 
Error: (08/18/2014 02:06:43 PM) (Source: NetBT) (User: )
Description: The name "TREYCOLEMAN-PC :0" could not be registered on the interface with IP address 192.168.0.100.
The computer with the IP address 192.168.0.101 did not allow the name to be claimed by
this computer.
 
Error: (08/18/2014 02:06:35 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP081814-31247-01
 
Error: (08/18/2014 02:06:28 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:03:35 PM on ‎8/‎18/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname TreyColeman-PC.local already in use; will try TreyColeman-PC-2.local instead
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 TreyColeman-PC.local. Addr 192.168.0.100
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.101:5353    4 TreyColeman-PC.local. Addr 192.168.0.101
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 TreyColeman-PC.local. AAAA FE80:0000:0000:0000:6D4E:B7C3:7B85:F1F2
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.101:5353    4 TreyColeman-PC.local. Addr 192.168.0.101
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 TreyColeman-PC.local. Addr 192.168.0.100
 
Error: (08/18/2014 02:07:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.101:5353    4 TreyColeman-PC.local. Addr 192.168.0.101
 
Error: (08/17/2014 04:01:36 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.1723953d22ad9mshtml.dll11.0.9600.1723953d26d9dc000000500000000000ce5c9163001cfba5e144b921dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\System32\mshtml.dllaca911e3-2651-11e4-9e99-e02a8236936a
 
Error: (08/17/2014 03:46:57 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000005000000000004751ddc801cfba5a549bc9c9C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dlla09000f1-264f-11e4-9e99-e02a8236936a
 
Error: (08/17/2014 03:40:11 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.1723953d22ad9Flash64_11_9_900_152.ocx11.9.900.152526effd4c000000500000000002717bc1b2401cfba5a977b6505C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\Flash64_11_9_900_152.ocxae4109c1-264e-11e4-9e99-e02a8236936a
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-07-20 07:59:45.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TREY~1.COL\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-20 07:59:45.343
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TREY~1.COL\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-18 14:25:43.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-18 14:25:42.981
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 12:28:02.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-22 12:28:02.232
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
**** End of log ****


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 19 August 2014 - 01:08 PM

Run the SFC.EXE and check to see if you have some bad drivers.

 

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7



#10 Trey 7854

Trey 7854
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 19 August 2014 - 09:49 PM

No Integrity violations found for SFC Check 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 20 August 2014 - 09:26 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
 
 
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
 
When completed it will create a log. Please post the content on your next reply.


#12 Trey 7854

Trey 7854
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 20 August 2014 - 12:57 PM

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/20/2014 12:52:32 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/20/2014 12:55:19 PM
Execution time: 0 hours(s), 2 minute(s), and 46 seconds(s)
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 21 August 2014 - 07:16 AM

Try this.
 
If still some BSOD
 
With this clean Startup you may be able to find out why/what is causing your BSOD.
 
Perform a Clean Startup
Follow the instructions on this page.
 
+++


#14 Trey 7854

Trey 7854
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 22 August 2014 - 11:04 AM

I performed the last good configuration and haven't had a BSOD yet.

 

Started going through the Clean Startup and think I may have found something.

 

Still trying to single out what the cause of it is, but I went through half of the services at a time with no issues. Then I went back to normal startup and was having a Norton Pop-up come up every time I opened the Mozilla browser.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:17 PM

Posted 22 August 2014 - 01:21 PM

Run the Farbar tool one more time and post a fresh log.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users