Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows won't boot


  • Please log in to reply
22 replies to this topic

#1 WTTT3

WTTT3

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 28 December 2014 - 08:06 PM

I can't get Windows to boot at all. I can press F8 and get that screen to load. I can't get it to boot into Safe Mode, but I can get into Startup Repair. I ran that and it didn't work. I tried every date under System Restore but that didn't work. Right after the BIOS screen it is just a black screen.Thanks for the help



BC AdBot (Login to Remove)

 


#2 kaz20

kaz20

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 29 December 2014 - 11:56 AM

have you tried Last Known Good Configuration



#3 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 29 December 2014 - 07:44 PM

Yes I forgot to add I did that too.



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:21 AM

Posted 30 December 2014 - 08:49 AM

Hi and welcome.
 
Lets give it a try:
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flash drive into the infected PC.
 
If you are using Vista or Windows 7 enter System Recovery Options.
 
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
 
 
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
 
Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
 

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 30 December 2014 - 09:17 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by SYSTEM on MININT-9BDG4G8 on 30-12-2014 02:16:31
Running from f:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-11-29] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [37888 2010-11-19] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2011-03-02] (Avid Technology, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\UpdatusUser\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\UpdatusUser\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\UpdatusUser\...\RunOnce: [spchecker] => "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\WISDOM 2\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\WISDOM 2\...\Run: [AdobeBridge] => [X]
HKU\WISDOM 2\...\Run: [Spotify Web Helper] => C:\Users\WISDOM 2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-11] (Spotify Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
BootExecute: autocheck autochk /r \??\C:autocheck autochk * 
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-07] (SUPERAntiSpyware.com)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros)
S2 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [52896 2010-11-25] (Atheros Commnucations)
S2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2012-11-28] (Fork Ltd.)
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2011-03-02] (Avid Technology, Inc.)
S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-18] (Avid, Inc. All rights reserved.)
S3 DGUSBAP; C:\Windows\System32\DRIVERS\dgmbx2.sys [194864 2011-02-13] (Avid Technology, Inc.)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-07] (Fresco Logic)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBX2DFU; C:\Windows\System32\DRIVERS\dgmbx2fu.sys [32944 2011-02-13] (Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-18] (Avid, Inc. All rights reserved.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 OXYGEN; C:\Windows\System32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
S0 Tpkd; C:\Windows\SysWow64\Drivers\Tpkd.sys [86528 2008-07-02] (PACE Anti-Piracy, Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 swmidi; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 02:16 - 2014-12-30 02:16 - 00000000 ____D () C:\FRST
2014-12-30 02:14 - 2014-12-30 02:14 - 00003446 _____ () C:\Windows\AsRecoveryHD.log
2014-12-30 02:13 - 2014-12-30 02:13 - 00232422 _____ () C:\Windows\AsFac.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 02:14 - 2009-07-28 21:20 - 00000000 ____D () C:\Windows\Log
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 6%
Total physical RAM: 16289.06 MB
Available physical RAM: 15159.64 MB
Total Pagefile: 16287.21 MB
Available Pagefile: 15149.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:174.66 GB) (Free:16.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:502.49 GB) (Free:59.04 GB) NTFS
Drive f: (USB DISK) (Removable) (Total:14.92 GB) (Free:4.88 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=174.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=502.5 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C84264F7)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
 
LastRegBack: 2014-05-09 10:20
 
==================== End Of Log ============================


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:21 AM

Posted 30 December 2014 - 11:39 AM

Is there a blinking cursor on the blank screen. Any Blue Screen with an error on it?
 
Download the enclosed file.
 
Save it in the same location FRST is saved. Open FRST as you did before, except that this time around click on the Fix button and wait.
 
The tool will produce a log, Fixlog.txt. Please post its contents in a reply
 
Restart the computer back to the Recovery Command prompt. (It is very important that the computer be restarted)
 
Once in the Command Prompt:
  • Type in the following and press Enter.

    bcdedit | find "osdevice"

  • Note the osdevice partition letter, then type.

    CHKDSK X: /R

  • Where X is the osdevice letter, and press Enter
  • The tool will start to run.
Upon finished, type exit and press Enter. Restart the computer
 
Let us know if that helps.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 30 December 2014 - 12:22 PM

There was no blinking curson on blank screen.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by SYSTEM at 2014-12-30 02:54:29 Run:1
Running from f:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKU\WISDOM 2\...\Run: [AdobeBridge] => [X]
BootExecute: autocheck autochk /r \??\C:autocheck autochk * 
 
 
 
 
 
 
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => value deleted successfully.
HKU\WISDOM 2\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKLM\System\ControlSet001\Control\Session Manager\\BootExecute => Value was restored successfully.
 
==== End of Fixlog 02:54:31 ====
 
 
I am currently running the CHKDSK in command prompt now. I will update after it is finished...


#8 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 30 December 2014 - 01:20 PM

After the check disk ran it said:

 

1 of 5 :

 

1294 large file records processed

0 bad file records processed

0 EA records processed.

76 reparse records processed.

 

2 of 5:

 

669208 index entries processed

0 unindexed files scanned/recovered

 

3 of 5:

532992 file SDs/SIDs processed.

68109 data files processed.

36584152 USN bytes processed.

 

4 of 5:

532976 files processed.

 

5 of 5:

4275323 free clusters processed.

 

Windows has checked the file system and found no problems.

 

0 KB in bad sectors.

 

Failed to transfer logged messages to the event log with status 50.



#9 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 30 December 2014 - 01:33 PM

I restarted the computer and it gave me the option to "launch startup repair" or "start windows normally" (which was unusual for not going straight to black). I didn't know what to press and after 5 seconds it went in to startup repair and then said it couldn't fix it.

 

So i went back to the window where I clicked for command prompt, etc. and clicked finish and the computer shut down. It then restarted and didn't give me the launch startup repair/start normally option and it went to black screen for a bit.. then gray screen with mouse cursor.. and then finally to my Windows login! Everything appears to be running normal, but I am not sure. What should I do as precaution, etc. to make sure all is going to be well?

 

Thank you so much!



#10 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 30 December 2014 - 01:40 PM

Such as, do I need to update any specific software first? or download any specific software and run scans? etc. I have Malwarebytes, Microsoft Secuirty Essentials, Super AntiSpyware, and Spybot.. It is also asking me to update my Java



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:21 AM

Posted 30 December 2014 - 01:47 PM

Lets run FRST in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 30 December 2014 - 02:18 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by WISDOM 2 (administrator) on WISDOM2-PC on 30-12-2014 13:09:27
Running from C:\Users\WISDOM 2\Desktop
Loaded Profiles: WISDOM 2 &  (Available profiles: UpdatusUser & WISDOM 2 & GuestUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avid Technology, Inc.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
(Avid) C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
(Avid) C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(Spotify Ltd) C:\Users\WISDOM 2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbam.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [37888 2010-11-19] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2011-03-02] (Avid Technology, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-352697349-997216535-3591686812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-352697349-997216535-3591686812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-352697349-997216535-3591686812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [spchecker] => "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\S-1-5-21-352697349-997216535-3591686812-1002\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\S-1-5-21-352697349-997216535-3591686812-1002\...\Run: [Spotify Web Helper] => C:\Users\WISDOM 2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-11] (Spotify Ltd)
HKU\S-1-5-21-352697349-997216535-3591686812-1002\...\MountPoints2: {1aade00e-2448-11e2-a337-485d60f3f675} - F:\LaunchU3.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002\...\MountPoints2: {25d990e0-5467-11e2-8087-485d60f3f675} - G:\setup.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002\...\MountPoints2: {2cd48acc-9854-11e0-9236-485d60f3f675} - G:\LaunchU3.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002\...\MountPoints2: {5b273aaa-e169-11e0-97fc-485d60f3f675} - F:\setup.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002\...\MountPoints2: {c940b318-2f91-11e2-b36e-485d60f3f675} - F:\setup.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002\...\MountPoints2: {df6540bf-e586-11e0-a544-485d60f3f675} - F:\setup.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002\...\MountPoints2: {f991e918-ddce-11e1-8354-485d60f3f675} - F:\setup.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002\...\MountPoints2: {fbc0a6b3-e40b-11e2-8eae-485d60f3f675} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\WISDOM 2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-11] (Spotify Ltd)
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1aade00e-2448-11e2-a337-485d60f3f675} - F:\LaunchU3.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {25d990e0-5467-11e2-8087-485d60f3f675} - G:\setup.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2cd48acc-9854-11e0-9236-485d60f3f675} - G:\LaunchU3.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5b273aaa-e169-11e0-97fc-485d60f3f675} - F:\setup.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c940b318-2f91-11e2-b36e-485d60f3f675} - F:\setup.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {df6540bf-e586-11e0-a544-485d60f3f675} - F:\setup.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f991e918-ddce-11e1-8354-485d60f3f675} - F:\setup.exe -a
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fbc0a6b3-e40b-11e2-8eae-485d60f3f675} - F:\VZW_Software_upgrade_assistant.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-352697349-997216535-3591686812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKU\S-1-5-21-352697349-997216535-3591686812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Somoto Toolbar -> {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -> C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF ProfilePath: C:\Users\WISDOM 2\AppData\Roaming\Mozilla\Firefox\Profiles\mkt9tbxd.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-352697349-997216535-3591686812-1002: @tools.google.com/Google Update;version=3 -> C:\Users\WISDOM 2\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-352697349-997216535-3591686812-1002: @tools.google.com/Google Update;version=9 -> C:\Users\WISDOM 2\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-352697349-997216535-3591686812-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\WISDOM 2\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\WISDOM 2\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\WISDOM 2\AppData\Roaming\Mozilla\Firefox\Profiles\mkt9tbxd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-13]
 
Chrome: 
=======
CHR Profile: C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-06-04]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-06-04]
CHR Extension: (Google Docs) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-04]
CHR Extension: (Google Drive) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-04]
CHR Extension: (WOT) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-06-04]
CHR Extension: (YouTube) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-04]
CHR Extension: (Adblock Plus) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-04]
CHR Extension: (Webpage Screenshot) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-03-11]
CHR Extension: (Google Search) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-04]
CHR Extension: (Google Calendar) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-04]
CHR Extension: (HTTPS Everywhere) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-06-04]
CHR Extension: (Mail Checker Plus for Google Mail™) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe [2013-06-04]
CHR Extension: (AdBlock) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-04]
CHR Extension: (Google Play Music) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-06-04]
CHR Extension: (Disconnect) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-06-04]
CHR Extension: (Downloads) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2013-06-04]
CHR Extension: (Speed Dial 2) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2014-02-23]
CHR Extension: (Google Voice (by Google)) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-06-04]
CHR Extension: (Download Master) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2013-06-04]
CHR Extension: (Google Mail Checker) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-06-04]
CHR Extension: (AutoPager Chrome) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2013-06-04]
CHR Extension: (Google Wallet) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2013-06-04]
CHR Extension: (Click&Clean App) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-02-01]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-06-04]
CHR Extension: (Evernote Web Clipper) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-06-04]
CHR Extension: (Gmail) - C:\Users\WISDOM 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-07] (SUPERAntiSpyware.com) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-24] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [52896 2010-11-25] (Atheros Commnucations) [File not signed]
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2012-11-28] (Fork Ltd.) [File not signed]
R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2011-03-02] (Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2011-03-02] (Avid Technology, Inc.) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-18] (Avid, Inc. All rights reserved.)
S3 DGUSBAP; C:\Windows\System32\DRIVERS\dgmbx2.sys [194864 2011-02-13] (Avid Technology, Inc.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\dgmbx2fu.sys [32944 2011-02-13] (Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-18] (Avid, Inc. All rights reserved.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 OXYGEN; C:\Windows\System32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R0 Tpkd; C:\Windows\SysWow64\Drivers\Tpkd.sys [86528 2008-07-02] (PACE Anti-Piracy, Inc.) [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U3 swmidi; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 13:09 - 2014-12-30 13:10 - 00031988 _____ () C:\Users\WISDOM 2\Desktop\FRST.txt
2014-12-30 12:58 - 2014-12-30 12:59 - 02123264 _____ (Farbar) C:\Users\WISDOM 2\Desktop\FRST64.exe
2014-12-30 12:58 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-30 12:58 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-30 12:58 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-12-30 12:58 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-30 12:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-30 12:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-12-30 12:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-30 12:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-12-30 04:16 - 2014-12-30 13:09 - 00000000 ____D () C:\FRST
2014-12-30 04:14 - 2014-12-30 04:14 - 00003446 _____ () C:\Windows\AsRecoveryHD.log
2014-12-30 04:13 - 2014-12-30 04:13 - 00232422 _____ () C:\Windows\AsFac.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 13:00 - 2011-02-21 19:15 - 00045230 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 12:48 - 2012-06-08 23:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-30 12:48 - 2012-06-08 23:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-30 12:48 - 2012-06-08 23:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 12:48 - 2011-06-19 21:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 12:47 - 2012-10-26 20:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 12:45 - 2013-01-18 00:40 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-12-30 12:44 - 2012-12-06 11:27 - 00000000 ____D () C:\Prey
2014-12-30 12:42 - 2012-10-26 20:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-30 12:42 - 2012-10-26 20:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-30 12:42 - 2012-10-26 20:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 12:42 - 2011-11-05 12:34 - 00000000 ____D () C:\Users\WISDOM 2\AppData\Local\Adobe
2014-12-30 12:41 - 2014-04-21 03:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 12:40 - 2014-04-21 03:15 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-30 12:40 - 2014-04-21 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 12:40 - 2011-10-02 05:54 - 00000000 ____D () C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2014-12-30 12:40 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 12:40 - 2009-07-13 22:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 12:36 - 2011-09-10 22:00 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352697349-997216535-3591686812-1002UA.job
2014-12-30 12:32 - 2013-08-31 20:40 - 00798780 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 04:14 - 2009-07-28 23:20 - 00000000 ____D () C:\Windows\Log
2014-12-30 03:28 - 2013-05-03 09:54 - 00000406 _____ () C:\Windows\Tasks\ROC_SYS_TASK.job
2014-12-30 03:28 - 2012-11-10 15:42 - 00000000 ____D () C:\Temp
2014-12-30 03:26 - 2014-05-03 14:04 - 00001568 _____ () C:\Windows\setupact.log
2014-12-30 03:26 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
 
Some content of TEMP:
====================
C:\Users\WISDOM 2\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-09 12:20
 
==================== End Of Log ============================
 
Attached File  Addition.txt   56.49KB   3 downloads
Attached File  Shortcut.txt   164.02KB   0 downloads


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:21 AM

Posted 30 December 2014 - 02:34 PM

Download the enclosed file. 
 
Save it in the same location FRST is saved. Open FRST as you did before, except that this time around click on the Fix button and wait.
 
The tool will produce a log, Fixlog.txt. Please post its contents in a reply.

A few scans wont hurt:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Download AdwCleaner from here. Save the file to the desktop.


    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    AdwScan.jpg?
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be deleted.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Scan with Malwarebytes AntiMalware and post its report.


Edited by JSntgRvr, 30 December 2014 - 02:35 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 WTTT3

WTTT3
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 30 December 2014 - 02:38 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by WISDOM 2 at 2014-12-30 13:37:11 Run:2
Running from C:\Users\WISDOM 2\Desktop
Loaded Profiles: WISDOM 2 &  (Available profiles: UpdatusUser & WISDOM 2 & GuestUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-352697349-997216535-3591686812-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
AlternateDataStreams: C:\ProgramData\Microsoft:6kW02uWMduzUaF7EI
AlternateDataStreams: C:\ProgramData\Microsoft:8UxjSujPLF4ue68xjL4RNIC
AlternateDataStreams: C:\ProgramData\Microsoft:azDIzPmVVHqA2oArFVQdFgRV4ic6R
AlternateDataStreams: C:\ProgramData\Microsoft:bgEupkxOCYCQvGqcRlWiSI8v0Y
AlternateDataStreams: C:\ProgramData\Microsoft:BHTmxppWyA4eJkg2U
AlternateDataStreams: C:\ProgramData\Microsoft:F4Bo1T5APf5onA9BFR5h97WNs3
AlternateDataStreams: C:\ProgramData\Microsoft:fWAmjM7400G0dIIuFgIZf
AlternateDataStreams: C:\ProgramData\Microsoft:HoT4tYS3tKQTYdyGDCop
AlternateDataStreams: C:\Users\WISDOM 2\Cookies:5Ll10cu2Od6yQ9CHtBVtFLRTa
AlternateDataStreams: C:\Users\WISDOM 2\Cookies:B9DNXX1G5XPJczEeMLWwB
AlternateDataStreams: C:\Users\WISDOM 2\Cookies:hHF7bSaJZoZOENNtqOne
AlternateDataStreams: C:\Users\WISDOM 2\Cookies:jxbl4CIepPYtbP1SGDVjepEIfzPNxT
AlternateDataStreams: C:\Users\WISDOM 2\Cookies:qBIJYS0gqZ8eMH4gJWBvjS
AlternateDataStreams: C:\Users\WISDOM 2\Cookies:RVwh9d2xZpc1ottbawp
AlternateDataStreams: C:\Users\WISDOM 2\Local Settings:SHxkjQQN0zF0zVH9l
AlternateDataStreams: C:\Users\WISDOM 2\AppData\Local:SHxkjQQN0zF0zVH9l
AlternateDataStreams: C:\Users\WISDOM 2\AppData\Local\1HEyVVm8JLk:V80wEtxAyksatk2JxqZRR0gwCJ
AlternateDataStreams: C:\Users\WISDOM 2\AppData\Local\Application Data:SHxkjQQN0zF0zVH9l
AlternateDataStreams: C:\Users\WISDOM 2\AppData\Local\HBfoaNyM7yXdqxT:19MtYAbjmITAV1lPNJmkQcJ
AlternateDataStreams: C:\Users\WISDOM 2\AppData\Local\Temp:tt0B1mnCn9UGaNN4btPengY36M
AlternateDataStreams: C:\Users\WISDOM 2\AppData\Local\Temporary Internet Files:EwcDXwpZ6WEF5uNPIF
AlternateDataStreams: C:\Users\WISDOM 2\AppData\Local\yEXFZD0SS:ECwu87dDJmNdaHEfmSubhAd
 
 
 
 
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Key not found. 
HKU\S-1-5-21-352697349-997216535-3591686812-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-352697349-997216535-3591686812-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-352697349-997216535-3591686812-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKU\S-1-5-21-352697349-997216535-3591686812-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. 
C:\ProgramData\Microsoft => ":6kW02uWMduzUaF7EI" ADS removed successfully.
C:\ProgramData\Microsoft => ":8UxjSujPLF4ue68xjL4RNIC" ADS removed successfully.
C:\ProgramData\Microsoft => ":azDIzPmVVHqA2oArFVQdFgRV4ic6R" ADS removed successfully.
C:\ProgramData\Microsoft => ":bgEupkxOCYCQvGqcRlWiSI8v0Y" ADS removed successfully.
C:\ProgramData\Microsoft => ":BHTmxppWyA4eJkg2U" ADS removed successfully.
C:\ProgramData\Microsoft => ":F4Bo1T5APf5onA9BFR5h97WNs3" ADS removed successfully.
C:\ProgramData\Microsoft => ":fWAmjM7400G0dIIuFgIZf" ADS removed successfully.
C:\ProgramData\Microsoft => ":HoT4tYS3tKQTYdyGDCop" ADS removed successfully.
"C:\Users\WISDOM 2\Cookies" => ":5Ll10cu2Od6yQ9CHtBVtFLRTa" ADS not found.
"C:\Users\WISDOM 2\Cookies" => ":B9DNXX1G5XPJczEeMLWwB" ADS not found.
"C:\Users\WISDOM 2\Cookies" => ":hHF7bSaJZoZOENNtqOne" ADS not found.
"C:\Users\WISDOM 2\Cookies" => ":jxbl4CIepPYtbP1SGDVjepEIfzPNxT" ADS not found.
"C:\Users\WISDOM 2\Cookies" => ":qBIJYS0gqZ8eMH4gJWBvjS" ADS not found.
"C:\Users\WISDOM 2\Cookies" => ":RVwh9d2xZpc1ottbawp" ADS not found.
"C:\Users\WISDOM 2\Local Settings" => ":SHxkjQQN0zF0zVH9l" ADS not found.
C:\Users\WISDOM 2\AppData\Local => ":SHxkjQQN0zF0zVH9l" ADS removed successfully.
C:\Users\WISDOM 2\AppData\Local\1HEyVVm8JLk => ":V80wEtxAyksatk2JxqZRR0gwCJ" ADS removed successfully.
"C:\Users\WISDOM 2\AppData\Local\Application Data" => ":SHxkjQQN0zF0zVH9l" ADS not found.
C:\Users\WISDOM 2\AppData\Local\HBfoaNyM7yXdqxT => ":19MtYAbjmITAV1lPNJmkQcJ" ADS removed successfully.
C:\Users\WISDOM 2\AppData\Local\Temp => ":tt0B1mnCn9UGaNN4btPengY36M" ADS removed successfully.
"C:\Users\WISDOM 2\AppData\Local\Temporary Internet Files" => ":EwcDXwpZ6WEF5uNPIF" ADS not found.
C:\Users\WISDOM 2\AppData\Local\yEXFZD0SS => ":ECwu87dDJmNdaHEfmSubhAd" ADS removed successfully.
 
==== End of Fixlog 13:37:12 ====


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:21 AM

Posted 30 December 2014 - 02:43 PM

Checking your drives, it seems that you are about to run out of space. You only have 10% of the total space on each drive.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users