Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet, no sound, and stuck on windows classic theme


  • This topic is locked This topic is locked
16 replies to this topic

#1 Beserker9

Beserker9

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 29 September 2014 - 08:51 PM

My pc running windows 7 64bit is currently not connecting to the internet, I can't hear any sound, and it's stuck on the windows classic theme. On September 26, I used windows update to update a few things (can't remember what they were) then the computer restarted. After rebooting and logging in, I ran CCleaner to clean the file system to possibly remove any junk files left behind by the updates. I then ran the registry cleaner in CCleaner and it came up with a few errors, so I allowed the program to fix them. I also changed a few things in services.msc because I knew a few programs were operating that I didn't need (can't remember these either). I then continued to do an essay. I shut the computer off and went to bed. The next morning, my mom tried using the computer but it couldn't access the internet and the theme had changed to the windows classic one. I have no idea what happened, but if I were to guess it might have something to do with my changes in services.msc... I've searched around the internet for any solutions but have found none. The only thread I've found that is exactly the same problem as mine is one I found on this site: www.bleepingcomputer.com/forums/t/443155/no-sound-no-internet-windows-classic/

I've tried using MBAM and Windows Repair All in One as suggested on the second page of that thread, since those steps were what worked for the original poster. However, they did not work for me, so I am now creating my own thread as a means to finding a solution. Please find the DDS log below as well as the Attach.txt file. Thanks in advance.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.55.2
Run by Beserker9 at 20:45:42 on 2014-09-29
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uProxyOverride = ;*.local
uWinlogon: Shell = expstart.exe
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\BESERK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7D88CDC3-B879-4620-9B57-4873AC7D075D} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck -
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-SSODL: WebCheck -
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-09-30 00:19:54 -------- d-----w- C:\$WINDOWS.~BT
2014-09-29 22:53:35 -------- d-----w- C:\Windows\System32\catroot2
2014-09-29 21:50:21 -------- d-----w- C:\RegBackup
2014-09-29 21:04:59 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-09-29 20:18:14 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-29 20:15:16 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-29 20:15:16 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-29 20:15:16 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-29 20:15:16 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-29 20:15:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-26 12:31:17 -------- d-----w- C:\Windows\pss
2014-09-26 00:04:48 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2014-09-25 23:55:39 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD1EA9E2-DF1D-4AFF-829D-E7CE6E5A416A}\gapaengine.dll
2014-09-25 23:52:57 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C82BA7C5-BBC4-40A5-BE27-CCA7E8F52853}\mpengine.dll
2014-09-25 23:50:22 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-09-25 23:50:21 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-09-25 23:50:21 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-09-25 23:50:20 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-09-25 03:08:57 -------- d-----r- C:\Program Files (x86)\Skype
2014-09-25 01:19:14 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-25 01:14:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-25 01:14:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-14 00:15:55 -------- d-----w- C:\Program Files\iPod
2014-09-14 00:15:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-14 00:15:53 -------- d-----w- C:\Program Files\iTunes
2014-09-14 00:15:53 -------- d-----w- C:\Program Files (x86)\iTunes
2014-09-12 11:05:53 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2014-09-11 03:36:59 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-11 03:12:12 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 03:12:12 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 21:17:51 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 21:17:51 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 21:17:24 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 21:17:23 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 21:17:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 21:17:00 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 21:16:58 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 21:16:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 21:16:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 21:16:51 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-10 21:16:50 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M ====================
.
2014-09-22 06:42:39 278152 ----a-w- C:\Windows\System32\MpSigStub.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-06 14:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-07-28 18:52:00 6112072 ----a-w- C:\Windows\System32\usbaaplrc.dll
2014-07-28 18:52:00 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-22 01:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-17 22:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 22:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 20:47:28.26 ===============

Attached Files

  • Attached File  DDS.TXT   14.13KB   2 downloads

Edited by Beserker9, 29 September 2014 - 09:00 PM.


BC AdBot (Login to Remove)

 


#2 Beserker9

Beserker9
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 29 September 2014 - 09:13 PM

The attach.txt file isn't showing up in the main post, so I'll add it in this post.

Edited by Beserker9, 29 September 2014 - 09:14 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 04 October 2014 - 09:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I suggest you try restoring the Last Good Configuration.

Follow the instructions on this page.

http://windows.microsoft.com/en-CA/windows7/Using-Last-Known-Good-Configuration
<<<>>>

Successful or not in getting back you computer please run this tool and post the logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#4 Beserker9

Beserker9
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 04 October 2014 - 12:45 PM

Hello nasdaq and thanks for your help. I tried Last Good Configuration but it did not work. Please find the FRST log below.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
Ran by Beserker9 (administrator) on THAYAKARAN on 04-10-2014 13:38:49
Running from C:\Users\Beserker9\Desktop
Loaded Profiles: Beserker9 &amp;amp; Thayakaran &amp;amp; UpdatusUser (Available profiles: Beserker9 &amp;amp; Thayakaran &amp;amp; UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] =&amp;gt; c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Fences] =&amp;gt; C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM-x32\...\Run: [] =&amp;gt; [X]
HKLM-x32\...\Run: [APSDaemon] =&amp;gt; C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] =&amp;gt; C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] =&amp;gt; C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\Run: [iCloudServices] =&amp;gt; C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\Run: [Xvid] =&amp;gt; C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\Run: [IDMan] =&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3878480 2014-09-18] (Tonec Inc.)
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\Run: [Skype] =&amp;gt; C:\Program Files (x86)\Skype\Phone\Skype.exe [22040168 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\MountPoints2: F - F:\InnoTabSetup.exe
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\MountPoints2: {5394bf96-007b-11e4-a379-00226806d21d} - F:\InnoTabSetup.exe
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-02-28] () C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Run: [msnmsgr] =&amp;gt; "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Run: [Device Doctor] =&amp;gt; C:\Program Files (x86)\Device Doctor\DDLauncher.exe [80016 2012-09-20] (Device Doctor Software Inc.)
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Run: [AdobeBridge] =&amp;gt; [X]
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Run: [xd_info.exe] =&amp;gt; C:\Users\Thayakaran\Desktop\Black Ops 2 Revolution Codes\xd_info.exe
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Run: [March 2013 - Updated Version.exe] =&amp;gt; C:\Users\Thayakaran\Desktop\March 2013 - Updated Version.exe
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Run: [AVG-Secure-Search-Update_1113a] =&amp;gt; C:\Users\Thayakaran\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=d20bbf301dd147d392edd16b2ee23bee-ceeec3ad5cc8c29bb0dfd2c480b0e51a7b64e837 /CMPID=1113a
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Run: [Lync] =&amp;gt; C:\Program Files\Microsoft Office\Office15\lync.exe [22691488 2014-08-12] (Microsoft Corporation)
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-02-28] () "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Run: [LightScribe Control Panel] =&amp;gt; C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Run: [Device Doctor] =&amp;gt; C:\Program Files (x86)\Device Doctor\DDLauncher.exe [80016 2012-09-20] (Device Doctor Software Inc.)
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Run: [AdobeBridge] =&amp;gt; [X]
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Run: [xd_info.exe] =&amp;gt; C:\Users\UpdatusUser\Desktop\Black Ops 2 Revolution Codes\xd_info.exe
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Run: [IDMan] =&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3878480 2014-09-18] (Tonec Inc.)
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Run: [March 2013 - Updated Version.exe] =&amp;gt; C:\Users\UpdatusUser\Desktop\March 2013 - Updated Version.exe
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-02-28] () C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\Thayakaran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -&amp;gt; C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -&amp;gt; {8BA85C75-763B-4103-94EB-9470F12FE0F7} =&amp;gt; C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -&amp;gt; {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =&amp;gt; C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -&amp;gt; {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =&amp;gt; C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -&amp;gt; {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} =&amp;gt; C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -&amp;gt; {CDC95B92-E27C-4745-A8C5-64A52A78855D} =&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -&amp;gt; {8BA85C75-763B-4103-94EB-9470F12FE0F7} =&amp;gt; C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -&amp;gt; {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =&amp;gt; C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -&amp;gt; {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =&amp;gt; C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -&amp;gt; {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} =&amp;gt; C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
GroupPolicyUsers\S-1-5-21-848144811-3870377793-3321164327-1003\User: Group Policy restriction detected {0055C089-8582-441B-A0BF-17B458C2A3A8} -&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -&amp;gt; {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -&amp;gt; C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -&amp;gt; {9030D464-4C02-4ABF-8ECC-5164760863C6} -&amp;gt; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -&amp;gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} -&amp;gt; C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -&amp;gt; {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -&amp;gt; C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -&amp;gt; {0055C089-8582-441B-A0BF-17B458C2A3A8} -&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -&amp;gt; {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -&amp;gt; C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -&amp;gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -&amp;gt; C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IEExtension.VDownloaderBHO -&amp;gt; {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -&amp;gt; C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -&amp;gt; {9030D464-4C02-4ABF-8ECC-5164760863C6} -&amp;gt; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -&amp;gt; {AE7CD045-E861-484f-8273-0445EE161910} -&amp;gt; C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -&amp;gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} -&amp;gt; C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -&amp;gt; {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -&amp;gt; C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -&amp;gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} -&amp;gt; C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -&amp;gt; {F4971EE7-DAA0-4053-9964-665D8EE6A077} -&amp;gt; C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -&amp;gt; C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE -&amp;gt; disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -&amp;gt; C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -&amp;gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -&amp;gt; C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -&amp;gt; C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -&amp;gt; C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -&amp;gt; C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -&amp;gt; C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -&amp;gt; disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -&amp;gt; C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -&amp;gt; C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -&amp;gt; C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -&amp;gt; C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -&amp;gt; C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -&amp;gt; C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -&amp;gt; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -&amp;gt; C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: vitzo.com/VDownloader -&amp;gt; C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-04]
FF HKLM-x32\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Beserker9\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Beserker9\AppData\Roaming\IDM\idmmzcc5 [2014-09-18]

Chrome:
=======
CHR Profile: C:\Users\Beserker9\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (IDM Integration Module) - C:\Users\Beserker9\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-09-26]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [73728 2007-06-29] () [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2006-11-02] (Samsung Electronics)
R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-01-26] (http://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 13:38 - 2014-10-04 13:39 - 00021898 _____ () C:\Users\Beserker9\Desktop\FRST.txt
2014-10-04 13:38 - 2014-10-04 13:38 - 00000000 ____D () C:\FRST
2014-10-04 13:37 - 2014-10-04 13:33 - 02109440 _____ (Farbar) C:\Users\Beserker9\Desktop\FRST64.exe
2014-09-29 20:47 - 2014-09-29 20:47 - 00014469 _____ () C:\Users\Beserker9\Desktop\dds.txt
2014-09-29 20:47 - 2014-09-29 20:47 - 00008530 _____ () C:\Users\Beserker9\Desktop\attach.txt
2014-09-29 20:43 - 2014-09-29 20:43 - 00688992 ____R (Swearware) C:\Users\Beserker9\Desktop\dds.com
2014-09-29 20:19 - 2014-09-29 20:20 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-09-29 20:19 - 2014-09-29 20:20 - 00001908 _____ () C:\Windows\diagerr.xml
2014-09-29 20:19 - 2014-09-29 20:19 - 00000000 ____D () C:\$WINDOWS.~BT
2014-09-29 17:50 - 2014-09-29 17:50 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THAYAKARAN--(64-bit).dat
2014-09-29 17:50 - 2014-09-29 17:50 - 00000000 ____D () C:\RegBackup
2014-09-29 17:20 - 2014-09-29 17:20 - 00005120 _____ () C:\bootex.log
2014-09-29 17:20 - 2014-09-29 17:20 - 00003424 _____ () C:\bootsqm.dat
2014-09-29 17:05 - 2014-09-29 17:05 - 00002159 _____ () C:\Users\Beserker9\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-29 17:05 - 2014-09-29 17:05 - 00000000 ____D () C:\Users\Beserker9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-29 17:04 - 2014-09-29 17:04 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-29 16:18 - 2014-09-29 18:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 16:15 - 2014-09-29 16:15 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-29 16:15 - 2014-09-29 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-29 16:15 - 2014-09-29 16:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 16:15 - 2014-09-29 16:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-29 16:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 16:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 16:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-29 16:12 - 2014-09-24 17:56 - 09690792 _____ () C:\Users\Beserker9\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-09-29 16:12 - 2014-05-20 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Beserker9\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-26 23:50 - 2014-10-04 13:35 - 00175629 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 08:31 - 2014-09-26 08:31 - 00000000 ____D () C:\Windows\pss
2014-09-25 20:06 - 2014-09-25 20:06 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-09-25 20:06 - 2014-09-25 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-09-25 20:04 - 2014-09-25 20:05 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-09-25 19:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-25 19:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-25 19:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-25 19:50 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-25 19:50 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-25 19:50 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-25 19:50 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-25 19:50 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-25 19:50 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-25 19:50 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-25 19:50 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-25 19:50 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-24 23:08 - 2014-09-24 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-24 23:08 - 2014-09-24 23:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-24 23:04 - 2014-09-28 22:57 - 00008794 _____ () C:\Users\Thayakaran\Documents\Book1.xlsx
2014-09-24 21:14 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 21:14 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-18 21:25 - 2014-09-18 21:25 - 00000000 ____D () C:\Users\Beserker9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-09-18 21:25 - 2014-09-18 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-09-17 22:50 - 2014-09-17 22:50 - 00032367 _____ () C:\Users\Thayakaran\Desktop\l_465_454_0A3CADF7-A105-4226-80C7-B6E050CFDEF3.jpeg
2014-09-17 22:48 - 2014-09-28 20:12 - 00815804 _____ () C:\Users\Thayakaran\Desktop\SIR JOHN THOMPSON.pptx
2014-09-17 19:01 - 2014-09-17 19:08 - 00000000 ____D () C:\Users\Beserker9\Desktop\2014-09-17 iPhone Pics before ios update
2014-09-13 20:17 - 2014-09-13 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-13 20:15 - 2014-09-13 20:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 20:15 - 2014-09-13 20:17 - 00000000 ____D () C:\Program Files\iTunes
2014-09-13 20:15 - 2014-09-13 20:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-13 20:15 - 2014-09-13 20:15 - 00000000 ____D () C:\Program Files\iPod
2014-09-12 07:05 - 2014-06-09 04:41 - 00180136 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-09-10 23:37 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 23:37 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 23:37 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 23:37 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 23:37 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 23:37 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 23:37 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 23:37 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 23:37 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 23:37 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 23:37 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 23:37 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 23:37 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 23:37 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 23:37 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 23:37 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 23:37 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 23:37 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 23:37 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 23:37 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 23:37 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 23:37 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 23:37 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 23:37 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 23:37 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 23:37 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 23:37 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 23:37 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 23:37 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 23:37 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 23:37 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 23:37 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 23:36 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 23:36 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 23:36 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 23:36 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 23:36 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 23:36 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 23:36 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 23:36 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 23:36 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 23:36 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 23:36 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 23:36 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 23:36 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 23:36 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 23:36 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 23:36 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 23:36 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 23:36 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 23:36 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 23:36 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 23:36 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 23:36 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 23:36 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 23:36 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 23:12 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 23:12 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 17:17 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 17:17 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 17:17 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 17:17 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 17:17 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 17:17 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 17:16 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 17:16 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 17:16 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 17:16 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 17:16 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-08 20:52 - 2014-09-08 20:52 - 00000000 ____D () C:\Users\Beserker9\Desktop\Books

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-04 13:38 - 2013-10-02 22:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-04 13:30 - 2009-07-14 00:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 13:30 - 2009-07-14 00:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 00:20 - 2013-02-28 17:30 - 00000000 ____D () C:\Users\Beserker9\AppData\Roaming\Skype
2014-10-01 21:22 - 2013-11-10 17:29 - 00000000 ____D () C:\Users\Beserker9\Desktop\GAMES
2014-10-01 21:16 - 2013-09-14 13:24 - 00000000 ____D () C:\Users\Beserker9\Desktop\Apple
2014-09-29 21:14 - 2013-02-28 18:07 - 00000000 ____D () C:\Program Files (x86)\i-Funbox DevTeam
2014-09-29 18:56 - 2009-07-14 00:45 - 05065376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-29 18:54 - 2013-02-28 17:19 - 00114696 _____ () C:\Users\Beserker9\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-29 16:59 - 2009-07-14 03:46 - 00000000 ____D () C:\Windows\ShellNew
2014-09-26 09:13 - 2014-03-31 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-26 08:19 - 2013-03-04 18:15 - 00000000 ____D () C:\Users\Beserker9\AppData\Roaming\DMCache
2014-09-26 07:26 - 2013-03-05 22:09 - 00000000 ____D () C:\Users\Thayakaran\AppData\Roaming\Skype
2014-09-26 02:00 - 2013-03-04 17:28 - 00000000 ____D () C:\Users\Beserker9\AppData\Local\Adobe
2014-09-25 22:35 - 2013-02-28 17:24 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 21:25 - 2014-07-14 16:08 - 00004984 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Thayakaran-Thayakaran Thayakaran
2014-09-25 20:52 - 2013-08-22 12:03 - 00004980 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Thayakaran-Beserker9 Thayakaran
2014-09-25 20:39 - 2013-03-04 18:15 - 00000000 ____D () C:\Users\Beserker9\AppData\Roaming\IDM
2014-09-25 20:39 - 2013-02-28 18:15 - 00000000 ____D () C:\Users\Beserker9\AppData\Roaming\uTorrent
2014-09-25 20:38 - 2013-02-28 20:06 - 00000000 ____D () C:\Windows\Panther
2014-09-25 20:37 - 2013-05-03 19:29 - 00000000 ____D () C:\Users\Beserker9\AppData\Local\CrashDumps
2014-09-25 20:25 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 20:12 - 2014-04-16 16:33 - 00000000 ____D () C:\Users\Beserker9\Desktop\Quotes
2014-09-25 20:07 - 2013-03-04 17:13 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-09-25 20:07 - 2013-03-04 17:13 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-09-25 20:06 - 2013-03-04 17:13 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-09-25 20:06 - 2013-03-04 17:13 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-09-25 19:56 - 2013-03-29 17:48 - 00000000 ____D () C:\Users\Beserker9\Desktop\Files
2014-09-25 19:43 - 2014-04-25 18:27 - 00000000 ____D () C:\Users\Beserker9\Desktop\Movies
2014-09-25 19:38 - 2014-07-17 16:59 - 00000000 ____D () C:\Users\Beserker9\AppData\Local\Ubisoft Game Launcher
2014-09-25 19:38 - 2014-07-17 16:59 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-09-24 23:09 - 2013-02-28 17:30 - 00000000 ____D () C:\ProgramData\Skype
2014-09-23 20:55 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 23:34 - 2014-06-13 20:51 - 00000000 ____D () C:\Users\Thayakaran\Desktop\Yalini
2014-09-22 02:42 - 2013-02-28 17:38 - 00278152 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 18:25 - 2014-08-28 17:31 - 00000000 ____D () C:\Users\Beserker9\AppData\Local\GVSE
2014-09-21 18:20 - 2014-08-28 17:31 - 00000000 ____D () C:\Users\Beserker9\Desktop\GTA 5 Save Editor
2014-09-21 17:18 - 2013-03-04 18:15 - 00000000 ____D () C:\Users\Beserker9\Downloads\Compressed
2014-09-18 21:25 - 2013-03-04 18:15 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-09-17 22:57 - 2013-02-28 19:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-17 22:56 - 2013-03-26 13:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-17 16:02 - 2013-03-21 20:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 00:57 - 2014-06-28 14:25 - 00000000 ____D () C:\Users\Beserker9\AppData\Local\pangu
2014-09-16 16:21 - 2014-07-11 14:55 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-12 18:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 23:30 - 2013-02-28 17:47 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 23:27 - 2013-05-02 22:02 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 23:27 - 2013-05-02 22:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 23:27 - 2013-05-02 22:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 23:27 - 2013-02-28 17:33 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-10 23:26 - 2013-08-14 08:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 23:14 - 2013-03-04 15:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 23:12 - 2014-05-06 16:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-08 20:39 - 2013-09-14 12:42 - 00000000 ____D () C:\Users\Beserker9\Desktop\School
2014-09-08 20:38 - 2013-02-28 17:39 - 00000000 ____D () C:\Users\Beserker9\AppData\Local\Windows Live
2014-09-06 17:19 - 2013-12-27 19:54 - 00000000 ____D () C:\Users\Thayakaran\Desktop\Other

ZeroAccess:
C:\Windows\Installer\{c1f30a78-166f-e891-92ab-4238de7ab23d}

Files to move or delete:
====================
C:\ProgramData\mazuki.dll


Some content of TEMP:
====================
C:\Users\Thayakaran\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital &amp;amp; volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe =&amp;gt; File is digitally signed
C:\Windows\System32\wininit.exe =&amp;gt; File is digitally signed
C:\Windows\SysWOW64\wininit.exe =&amp;gt; File is digitally signed
C:\Windows\explorer.exe =&amp;gt; File is digitally signed
C:\Windows\SysWOW64\explorer.exe =&amp;gt; File is digitally signed
C:\Windows\System32\svchost.exe =&amp;gt; File is digitally signed
C:\Windows\SysWOW64\svchost.exe =&amp;gt; File is digitally signed
C:\Windows\System32\services.exe =&amp;gt; File is digitally signed
C:\Windows\System32\User32.dll =&amp;gt; File is digitally signed
C:\Windows\SysWOW64\User32.dll =&amp;gt; File is digitally signed
C:\Windows\System32\userinit.exe =&amp;gt; File is digitally signed
C:\Windows\SysWOW64\userinit.exe =&amp;gt; File is digitally signed
C:\Windows\System32\rpcss.dll =&amp;gt; File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys =&amp;gt; File is digitally signed


LastRegBack: 2014-08-27 12:56

==================== End Of Log ============================

Edited by Beserker9, 04 October 2014 - 12:48 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 04 October 2014 - 01:40 PM


After this fix your computer should be operating better.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM-x32\...\Run: [] =&amp;gt; [X]
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-02-28] () 
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Run: [AdobeBridge] =&amp;gt; [X]
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-02-28] () "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Run: [AdobeBridge] =&amp;gt; [X]
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-02-28] () C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -&amp;gt; {CDC95B92-E27C-4745-A8C5-64A52A78855D} =&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
GroupPolicyUsers\S-1-5-21-848144811-3870377793-3321164327-1003\User: Group Policy restriction detected {0055C089-8582-441B-A0BF-17B458C2A3A8} -&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @microsoft.com/GENUINE -&amp;gt; disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -&amp;gt; disabled No File
FF Plugin HKCU: vitzo.com/VDownloader -&amp;gt; C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
CHR Extension: (IDM Integration Module) - C:\Users\Beserker9\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-09-26]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2014-09-12]
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\mazuki.dll
C:\Windows\Installer\{c1f30a78-166f-e891-92ab-4238de7ab23d}

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Let me know what problem persists.

#6 Beserker9

Beserker9
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 04 October 2014 - 07:56 PM

Thanks, I did what you told me. Please find the fixlog below.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-10-2014 01
Ran by Beserker9 at 2014-10-04 20:44:00 Run:1
Running from C:\Users\Beserker9\Desktop\FRST
Loaded Profiles: Beserker9 &amp; Thayakaran &amp; UpdatusUser (Available profiles: Beserker9 &amp; Thayakaran &amp; UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [] =&amp;gt; [X]
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-02-28] ()
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Run: [AdobeBridge] =&amp;gt; [X]
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-02-28] () "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Run: [AdobeBridge] =&amp;gt; [X]
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2013-02-28] () C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -&amp;gt; {CDC95B92-E27C-4745-A8C5-64A52A78855D} =&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
GroupPolicyUsers\S-1-5-21-848144811-3870377793-3321164327-1003\User: Group Policy restriction detected {0055C089-8582-441B-A0BF-17B458C2A3A8} -&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @microsoft.com/GENUINE -&amp;gt; disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -&amp;gt; disabled No File
FF Plugin HKCU: vitzo.com/VDownloader -&amp;gt; C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
CHR Extension: (IDM Integration Module) - C:\Users\Beserker9\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-09-26]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2014-09-12]
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\mazuki.dll
C:\Windows\Installer\{c1f30a78-166f-e891-92ab-4238de7ab23d}

End

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HKLM-x32\...\Run: [] =&amp;gt; [X] =&gt; Value not found.
HKU\S-1-5-21-848144811-3870377793-3321164327-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell =&gt; value deleted successfully.
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-848144811-3870377793-3321164327-1003\...\Run: [AdobeBridge] =&amp;gt; [X] =&gt; Value not found.
HKU\S-1-5-21-848144811-3870377793-3321164327-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell =&gt; value deleted successfully.
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-848144811-3870377793-3321164327-1004\...\Run: [AdobeBridge] =&amp;gt; [X] =&gt; Value not found.
HKU\S-1-5-21-848144811-3870377793-3321164327-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell =&gt; value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [IDM Shell Extension] -&amp;gt; {CDC95B92-E27C-4745-A8C5-64A52A78855D} =&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)" =&gt; Key not found.
"HKCR\CLSID\ShellIconOverlayIdentifiers: [IDM Shell Extension] -&amp;gt; {CDC95B92-E27C-4745-A8C5-64A52A78855D} =&amp;gt; C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)" =&gt; Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-848144811-3870377793-3321164327-1003\User =&gt; Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini =&gt; Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} =&gt; value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" =&gt; Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000007\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000007\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE -&amp;gt; disabled No File" =&gt; Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE -&amp;gt; disabled No File" =&gt; Key not found.
"HKCU\Software\MozillaPlugins\FF Plugin HKCU: vitzo.com/VDownloader -&amp;gt; C:\Program Files\VDownloader\Addons\npVDownloader.dll No File" =&gt; Key not found.
FF Plugin HKCU: vitzo.com/VDownloader -&amp;gt; C:\Program Files\VDownloader\Addons\npVDownloader.dll No File not found.
C:\Users\Beserker9\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn =&gt; Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" =&gt; Key deleted successfully.
C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx =&gt; Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" =&gt; Key deleted successfully.
"C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx" =&gt; File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\palpbfjgianahgbbeodmcohjdmaelbeo" =&gt; Key deleted successfully.
"C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx" =&gt; File/Directory not found.
SBUpdd =&gt; Service deleted successfully.
Synth3dVsc =&gt; Service deleted successfully.
tsusbhub =&gt; Service deleted successfully.
VGPU =&gt; Service deleted successfully.
C:\ProgramData\mazuki.dll =&gt; Moved successfully.
C:\Windows\Installer\{c1f30a78-166f-e891-92ab-4238de7ab23d} =&gt; Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Edited by Beserker9, 04 October 2014 - 07:57 PM.


#7 Beserker9

Beserker9
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 04 October 2014 - 08:07 PM

I ran RogueKiller and did everything you told me to, but all the problems still perist. Please find the RogueKiller log below.

RogueKiller V9.2.13.0 (x64) [Sep 25 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Beserker9 [Admin rights]
Mode : Remove -- Date : 10/04/2014 21:00:32

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnsignedThemes (C:\Windows\UnsignedThemesSvc.exe) -&gt; NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UnsignedThemes (C:\Windows\UnsignedThemesSvc.exe) -&gt; NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UnsignedThemes (C:\Windows\UnsignedThemesSvc.exe) -&gt; NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UnsignedThemes (C:\Windows\UnsignedThemesSvc.exe) -&gt; NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -&gt; NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -&gt; NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -&gt; NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -&gt; NOT SELECTED

¤¤¤ Scheduled tasks : 2 ¤¤¤
[Suspicious.Path] 0414bUpdateInfo.job -- C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=0414b /INFORETRY=3) -&gt; DELETED
[Suspicious.Path] 0814avUpdateInfo.job -- C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=0814av /INFORETRY=3) -&gt; DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\drivers\1394ohci.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 0911dc290443da093fd3e937e9eb073b
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 293269 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 600823440 | Size: 11871 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_10042014_205956.log

Edited by Beserker9, 04 October 2014 - 08:08 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 05 October 2014 - 07:48 AM

Let see if we can get your internet service going.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

How is it now?

#9 Beserker9

Beserker9
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 05 October 2014 - 10:16 AM

I ran Command Prompt as Administrator and did the above steps, but they did not work. Please find the results below.

C:\Windows\system32>ipconfig /flushdns

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

C:\Windows\system32>ipconfig /release

Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

C:\Windows\system32>ipconfig /renew

Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Edited by Beserker9, 05 October 2014 - 10:18 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 05 October 2014 - 10:43 AM

MiniToolBox
http://www.spywareinfoforum.com/index.php?/topic/131884-minitoolbox-by-farbar/page__p__766332&#entry766332


Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • List last 10 Event Viwer errors.
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#11 Beserker9

Beserker9
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 05 October 2014 - 11:06 AM

I did not find the option, List last 10 Event Viewer log. Please find the log below.

MiniToolBox by Farbar Version: 21-07-2014
Ran by Beserker9 (administrator) on 05-10-2014 at 12:00:01
Running from "C:\Users\Beserker9\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Thayakaran
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : vlan1.phub.net.cable.rogers.com
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-22-68-06-D2-1D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Unable to contact IP driver. General failure.
===========================================================================
Interface List
10...00 22 68 06 d2 1d ......NVIDIA nForce 10/100 Mbps Ethernet
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/05/2014 11:43:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (10/05/2014 11:43:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (10/05/2014 11:43:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (10/05/2014 11:43:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (10/05/2014 11:43:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (10/05/2014 11:43:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (10/05/2014 00:49:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (10/05/2014 00:49:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (10/05/2014 00:49:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (10/05/2014 00:49:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server


System errors:
=============
Error: (10/05/2014 11:35:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 113.3.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/05/2014 11:35:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.185.1191.0

Update Source: %NT AUTHORITY51

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/05/2014 11:35:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.185.1191.0

Update Source: %NT AUTHORITY51

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/05/2014 11:35:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.185.1191.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/05/2014 11:15:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 113.3.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/05/2014 11:15:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.185.1191.0

Update Source: %NT AUTHORITY51

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/05/2014 11:15:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.185.1191.0

Update Source: %NT AUTHORITY51

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/05/2014 11:15:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.185.1191.0

Update Source: %NT AUTHORITY59

Update Stage: 4.6.0305.00

Source Path: 4.6.0305.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/05/2014 11:08:30 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1058

Error: (10/05/2014 11:08:20 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (10/05/2014 11:43:59 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/05/2014 11:43:59 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/05/2014 11:43:59 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/05/2014 11:43:59 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/05/2014 11:43:59 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/05/2014 11:43:59 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/05/2014 00:49:05 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/05/2014 00:49:05 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/05/2014 00:49:05 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (10/05/2014 00:49:05 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server


**** End of log ****

Edited by Beserker9, 05 October 2014 - 11:07 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 05 October 2014 - 12:47 PM



Refer to this page,
https://www.raymond.cc/blog/fix-could-not-flush-the-dns-resolved-cache-function-failed-during-execution-when-flushing-dns/

Follow the instructions to check if the service is running.

If this fails to correct the situation please start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/forum21.html

Post the content of the (Result.txt) from the Minibox. An expert should be able to help your better than I can.
This is not my forte.

I will keep this topic open if you need to return please do.

#13 Beserker9

Beserker9
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 05 October 2014 - 01:09 PM

It did not work. Thanks, I appreciate the help that you have given me. What can be done about the sound, and the theme being stuck on windows classic?

Edited by Beserker9, 05 October 2014 - 01:12 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 06 October 2014 - 07:18 AM

You may have some good restore point saved in Windows 7.

Check it out and if you have restore the computer to a date prior to the start of you problems.


Windows 7 SYSTEM RESTORE
http://www.technospot.net/blogs/how-to-do-a-system-restore-in-windows-vista-and-windows-7/

Keep me posted.

#15 Beserker9

Beserker9
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 06 October 2014 - 03:50 PM

System restore has not worked on my computer for quite some time now, so I don't have any restore points.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users