Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black screen with cursor after login..... Help


  • Please log in to reply
5 replies to this topic

#1 mjhair1229

mjhair1229

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 12 February 2015 - 07:08 PM

I'm in desperate need for help. I have tried everything I know of and still can't seem to get anywhere. I have an Hp envy dv6 running 8.1 x64. It boots fine to the login screen. After I login the screen goes black with the cursor only visible. I can access task manager through ctrl+alt+del so I was able to pull up Msconfig and reboot into safe mode with networking. During the first session of safe mode I ran malwayrebytes through hirens boot disk on a flash drive. It showed several adware nothing else. I ran ccleaner and cleaned those issues after a reboot back into safe mode. After a third reboot into normal mode I still get the same black screen. So I rebooted back into safe mode with networking but now it won't let me connect to anything. I tried to do a system restore before all of this and kept getting errors. So I searched for a problem similar to what I have going on and found a couple posts to follow what they did. Nothing has worked. Even tried accessing system restore in the advanced repair boot and still nothing. I ran Farbar so I have the log file for it if anyone is able to help. Thanks in advance!

BC AdBot (Login to Remove)

 


#2 mjhair1229

mjhair1229
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 13 February 2015 - 02:54 PM

Here is my frst.txt log file.  Attached File  FRST.txt   21.9KB   1 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by SYSTEM on MININT-BM2HC58 on 13-02-2015 14:41:01
Running from e:\
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-06-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware (reboot)] => C:\Users\bseagraves\AppData\Local\Temp\HBCD\Malwarebytes\mbam.exe [1047656 2011-07-06] (Malwarebytes Corporation) <===== ATTENTION
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [Taplika] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BSEAGR~1\AppData\Roaming\Taplika\UpdateProc\bkup.dat"
HKU\bseagraves\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\bseagraves\...\Run: [HLBackupScheduler] => C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe [7065224 2012-08-20] ()
HKU\bseagraves\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\bseagraves\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-05] (CyberLink Corp.)
HKU\bseagraves\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\bseagraves\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\bseagraves\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [456192 2014-02-22] (Microsoft Corporation)
HKU\bseagraves\...\RunOnce: [Taplika] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BSEAGR~1\AppData\Roaming\Taplika\UpdateProc\bkup.dat"
HKU\bseagraves\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [31902 2015-02-11] ()
Startup: C:\Users\bseagraves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-13] (Alcatel-Lucent)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S2 Update Cyti Web; C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe [398112 2015-02-11] ()
S2 Util Cyti Web; C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe [398112 2015-02-11] ()
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-08-18] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-12] (Qualcomm Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-06-06] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S1 {4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64; C:\Windows\System32\drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64.sys [48832 2015-02-09] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 17:27 - 2015-02-03 15:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-02-12 17:27 - 2015-02-03 15:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-02-12 17:27 - 2015-02-03 15:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-02-12 17:27 - 2015-02-02 15:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-02-12 17:27 - 2015-02-02 15:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-02-12 17:27 - 2015-02-02 15:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-02-12 17:27 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2015-02-12 17:27 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-02-12 13:46 - 2015-02-12 13:46 - 00003552 ____N () C:\bootsqm.dat
2015-02-12 12:52 - 2015-02-12 12:57 - 00000000 ____D () C:\FRST
2015-02-11 16:57 - 2015-02-11 17:07 - 00002514 _____ () C:\Users\bseagraves\Desktop\unhide.txt
2015-02-11 16:27 - 2015-02-13 10:52 - 00619619 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 16:26 - 2015-02-12 17:41 - 00001025 _____ () C:\Windows\setupact.log
2015-02-11 16:26 - 2015-02-11 16:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-11 16:21 - 2015-02-11 16:21 - 00153288 _____ () C:\Users\bseagraves\Documents\cc_20150211_192108.reg
2015-02-11 16:14 - 2015-02-11 16:17 - 00000000 ____D () C:\AdwCleaner
2015-02-11 14:30 - 2015-02-11 14:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-02-11 14:30 - 2011-07-06 10:52 - 00041272 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2015-02-11 14:30 - 2011-07-06 10:52 - 00022712 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbam.sys
2015-02-11 14:25 - 2015-02-13 10:23 - 00000000 ____D () C:\Windows\pss
2015-02-10 12:24 - 2015-02-12 17:14 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-10 10:58 - 2015-02-10 10:58 - 00000046 _____ () C:\Users\bseagraves\AppData\Roaming\WB.CFG
2015-02-10 10:05 - 2015-02-09 22:29 - 00048832 _____ (StdLib) C:\Windows\System32\Drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64.sys
2015-02-10 09:59 - 2015-02-10 09:59 - 00004336 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2015-02-10 09:59 - 2015-02-10 09:59 - 00003550 _____ () C:\Windows\System32\Tasks\RocketTab
2015-02-10 09:59 - 2015-02-10 09:59 - 00003472 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-02-10 09:59 - 2015-02-10 09:59 - 00003208 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-02-10 09:59 - 2015-02-10 09:59 - 00000000 ____D () C:\Users\bseagraves\Documents\ProPCCleaner
2015-02-10 09:59 - 2015-02-10 09:59 - 00000000 ____D () C:\Users\bseagraves\AppData\Local\Pro_PC_Cleaner
2015-02-10 09:59 - 2015-02-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2015-02-10 09:58 - 2015-02-11 16:58 - 00000326 _____ () C:\Windows\Tasks\Taplika.job
2015-02-10 09:58 - 2015-02-11 16:27 - 00000000 ____D () C:\Program Files (x86)\Cyti Web
2015-02-10 09:58 - 2015-02-10 09:58 - 00002664 _____ () C:\Windows\System32\Tasks\Taplika
2015-02-10 09:58 - 2015-02-10 09:58 - 00000000 ____D () C:\Users\bseagraves\AppData\Roaming\Taplika
2015-02-10 09:48 - 2015-02-10 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 13:13 - 2015-01-14 13:13 - 00001857 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-14 13:12 - 2015-01-14 13:13 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-14 13:11 - 2015-01-14 13:11 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-14 13:09 - 2015-01-14 13:11 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-14 13:09 - 2015-01-14 13:11 - 00000000 ____D () C:\Program Files\iTunes
2015-01-14 13:09 - 2015-01-14 13:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-14 13:09 - 2015-01-14 13:09 - 00000000 ____D () C:\Program Files\iPod
2015-01-14 13:00 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2015-01-14 13:00 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-01-14 13:00 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 13:00 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2015-01-14 13:00 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 13:00 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2015-01-14 13:00 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe
2015-01-14 13:00 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 13:00 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2015-01-14 13:00 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\System32\WerFault.exe
2015-01-14 13:00 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\System32\wermgr.exe
2015-01-14 13:00 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2015-01-14 13:00 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2015-01-14 13:00 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2015-01-14 13:00 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2015-01-14 13:00 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 13:00 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 13:00 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 13:00 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 13:00 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 13:00 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\werdiagcontroller.dll
2015-01-14 13:00 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 13:00 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2015-01-14 08:11 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-14 08:11 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-14 08:11 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys
2015-01-14 08:11 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-14 08:11 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-01-14 08:11 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-14 08:11 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2015-01-14 08:11 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 10:28 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 10:28 - 2013-03-15 03:56 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 10:21 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru
2015-02-13 10:21 - 2013-03-15 03:56 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 17:53 - 2014-12-18 05:02 - 00000000 ____D () C:\Windows\System32\appraiser
2015-02-12 17:53 - 2014-07-14 14:37 - 00000000 ___SD () C:\Windows\System32\CompatTel
2015-02-12 17:47 - 2013-09-29 20:04 - 00956476 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-02-12 17:41 - 2013-08-22 06:44 - 00508504 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-02-12 17:39 - 2012-12-31 08:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 17:38 - 2013-08-21 16:43 - 00000000 ____D () C:\Windows\System32\MRT
2015-02-12 17:31 - 2013-01-01 06:34 - 116773704 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-02-12 17:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-12 17:29 - 2012-07-25 23:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 17:17 - 2012-12-30 12:11 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{55A340B8-9347-4493-B958-11E53C452040}
2015-02-11 17:10 - 2013-06-09 13:24 - 00000368 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-02-11 16:27 - 2012-07-25 21:26 - 00000269 _____ () C:\Windows\win.ini
2015-02-11 14:30 - 2012-12-31 08:23 - 00000000 ____D () C:\Users\bseagraves\AppData\Roaming\Malwarebytes
2015-02-11 14:18 - 2013-11-25 20:21 - 00000000 ____D () C:\users\bseagraves
2015-02-10 12:23 - 2014-09-10 10:04 - 00000372 _____ () C:\Windows\Tasks\HPCeeScheduleForbseagraves.job
2015-02-10 12:22 - 2013-08-22 05:25 - 00524288 ___SH () C:\Windows\System32\config\BBI
2015-02-10 12:19 - 2012-12-30 12:17 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4116369340-858652678-3094488305-1002
2015-02-10 12:17 - 2015-01-11 10:31 - 00028160 ___SH () C:\Users\bseagraves\Downloads\Thumbs.db
2015-02-10 09:58 - 2013-07-31 10:30 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-10 05:14 - 2014-09-10 10:04 - 00003196 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForbseagraves
2015-02-10 05:14 - 2013-01-01 06:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-10 05:14 - 2013-01-01 06:10 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-06 14:23 - 2013-03-15 03:56 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 14:23 - 2013-03-15 03:56 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 06:20 - 2013-03-15 03:59 - 00000000 ___RD () C:\Users\bseagraves\Google Drive
2015-02-03 11:31 - 2014-05-22 07:15 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2014-05-22 07:15 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 17:45 - 2012-12-31 11:54 - 00000000 ____D () C:\Users\bseagraves\Documents\Lawn Addictions Lawn Care, LLC
2015-01-14 13:21 - 2014-09-24 20:07 - 00000000 ____D () C:\Users\bseagraves\AppData\Local\FFE5765C-7F72-4EC3-B634-9F52A34090EE.aplzod
2015-01-14 13:09 - 2014-07-18 03:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-14 13:09 - 2012-12-31 05:03 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-14 07:58 - 2015-01-11 17:23 - 00000000 ____D () C:\Users\bseagraves\AppData\Roaming\MultiPdfConverter

Files to move or delete:
====================
C:\Users\bseagraves\AppData\Local\Temp\HBCD\Malwarebytes\mbam.exe

Some content of TEMP:
====================
C:\Users\bseagraves\AppData\Local\Temp\Quarantine.exe
C:\Users\bseagraves\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\bseagraves\AppData\Local\Temp\System.Data.SQLite1e395e3a-46d3-46d0-bccd-749675718f8c.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2014-09-13 23:19] - [2014-08-22 23:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA

C:\Windows\SysWOW64\explorer.exe
[2014-09-13 23:19] - [2014-08-22 23:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2014-11-18 06:52] - [2014-09-21 20:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6C

C:\Windows\SysWOW64\User32.dll
[2014-11-18 06:52] - [2014-09-18 16:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1B

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-09-13 23:18] - [2014-06-18 18:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB

==================== Restore Points  =========================

Restore point made on: 2015-01-22 14:24:33
Restore point made on: 2015-02-04 06:48:08
Restore point made on: 2015-02-12 17:28:19

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 5596.25 MB
Available physical RAM: 4815.09 MB
Total Pagefile: 5596.25 MB
Available Pagefile: 4833.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:670.82 GB) (Free:572.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.7 GB) (Free:3.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:29.71 GB) (Free:12.76 GB) FAT32
Drive g: () (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2015-02-12 17:53

==================== End Of Log ============================


Edited by mjhair1229, 13 February 2015 - 02:56 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:20 PM

Posted 16 February 2015 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware (reboot)] => C:\Users\bseagraves\AppData\Local\Temp\HBCD\Malwarebytes\mbam.exe [1047656 2011-07-06] (Malwarebytes Corporation) <===== ATTENTION
HKLM-x32\...\RunOnce: [Taplika] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BSEAGR~1\AppData\Roaming\Taplika\UpdateProc\bkup.dat"
HKU\bseagraves\...\RunOnce: [Taplika] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BSEAGR~1\AppData\Roaming\Taplika\UpdateProc\bkup.dat"
HKU\bseagraves\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [31902 2015-02-11] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S2 Update Cyti Web; C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe [398112 2015-02-11] ()
S2 Util Cyti Web; C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe [398112 2015-02-11] ()
S1 {4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64; C:\Windows\System32\drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64.sys [48832 2015-02-09] (StdLib)
C:\Program Files (x86)\Cyti Web
C:\Windows\System32\drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64.sys

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

In your next reply post the content of the addition.txt file that was created when your ran the Farbar tool.

How is the computer running now?

#4 mjhair1229

mjhair1229
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 16 February 2015 - 03:08 PM

Computer is running good now.  I ran the adwcleaner and cleaned what that had detected.  The log created from that is located at the bottom of the fixlog.  If there's anything else I need to do let me know.  Thank you for the help!

 

Here's the content of the fixlog.txt file that was created:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by SYSTEM at 2015-02-16 14:00:15 Run:1
Running from e:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware (reboot)] => C:\Users\bseagraves\AppData\Local\Temp\HBCD\Malwarebytes\mbam.exe [1047656 2011-07-06] (Malwarebytes Corporation) <===== ATTENTION
HKLM-x32\...\RunOnce: [Taplika] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BSEAGR~1\AppData\Roaming\Taplika\UpdateProc\bkup.dat"
HKU\bseagraves\...\RunOnce: [Taplika] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BSEAGR~1\AppData\Roaming\Taplika\UpdateProc\bkup.dat"
HKU\bseagraves\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [31902 2015-02-11] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S2 Update Cyti Web; C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe [398112 2015-02-11] ()
S2 Util Cyti Web; C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe [398112 2015-02-11] ()
S1 {4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64;
C:\Windows\System32\drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64.sys [48832 2015-02-09] (StdLib)
C:\Program Files (x86)\Cyti Web
C:\Windows\System32\drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64.sys
 
End
*****************
 
CloseProcesses: => Error: This directive works only outside recovery mode.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Taplika => value deleted successfully.
HKU\bseagraves\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Taplika => value deleted successfully.
HKU\bseagraves\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
C:\Windows\System32\GroupPolicy\Machine => Moved successfully.
C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.
Update Cyti Web => Service deleted successfully.
Util Cyti Web => Service deleted successfully.
{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64 => Service deleted successfully.
"C:\Windows\System32\drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64.sys [48832 2015-02-09] (StdLib)" => File/Directory not found.
C:\Program Files (x86)\Cyti Web => Moved successfully.
C:\Windows\System32\drivers\{4bd643ce-8ef9-41bb-9b43-501b4f8fae85}Gw64.sys => Moved successfully.
 
==== End of Fixlog 14:00:17 ====
 
# AdwCleaner v4.110 - Logfile created 16/02/2015 at 14:52:46
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : bseagraves - SEAGRAVES
# Running from : C:\Users\bseagraves\Desktop\adwcleaner_4.110.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\Search Extensions
Folder Deleted : C:\Program Files (x86)\Coupons.com CouponBar
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Users\bseagraves\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\bseagraves\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\bseagraves\AppData\Roaming\Taplika
Folder Deleted : C:\Users\bseagraves\Documents\ProPCCleaner
Folder Deleted : C:\Users\bseagraves\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp
File Deleted : C:\Users\bseagraves\AppData\Roaming\Mozilla\Firefox\Profiles\pbcyi92x.default\searchplugins\Taplika.xml
 
***** [ Scheduled tasks ] *****
 
Task Deleted : BackgroundContainer Startup Task
Task Deleted : RocketTab Update Task
Task Deleted : RocketTab
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\download-free-soft bundle uninstaller\download-free-soft bundle uninstaller.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dmkpdpkjmmdacleogmmlinafnhdfdlmp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F236CA79-3123-4AFB-9F74-E98117AD5625}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8660E5B3-6C41-44DE-8503-98D99BBECD41}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DCF88A13-DA27-4617-8A40-84B41BBF6D2F}
Key Deleted : HKCU\Software\RocketTabInstalled
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKLM\SOFTWARE\RocketTab
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponBar5.0.0.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49229;hxxps=127.0.0.1:49229
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v
 
[pbcyi92x.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Taplika");
[pbcyi92x.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_otbrw1_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0Ezz0DyE0E0CtB0BtB0EtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qz[...]
 
-\\ Google Chrome v40.0.2214.111
 
[C:\Users\bseagraves\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN24968671231397017&ctid=CT3315827&UM=2
[C:\Users\bseagraves\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\bseagraves\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\bseagraves\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_otbrw1_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0Ezz0DyE0E0CtB0BtB0EtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyByEtB0E0ByB0BtG0EtAtAyEtGtB0CzzzytG0AyC0CyDtGtByBtC0F0DyCtDzyyD0Czyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDyEtA0AyCtGzy0EyC0EtGyEtCyD0DtGzyyE0ByCtGtCyCyDyEtByBtD0CtC0AtAyD2Q&cr=1668123924&ir=
[C:\Users\bseagraves\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_otbrw1_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0Ezz0DyE0E0CtB0BtB0EtN0D0Tzu0StCtCtAyCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyByEtB0E0ByB0BtG0EtAtAyEtGtB0CzzzytG0AyC0CyDtGtByBtC0F0DyCtDzyyD0Czyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0A0EtDyEtA0AyCtGzy0EyC0EtGyEtCyD0DtGzyyE0ByCtGtCyCyDyEtByBtD0CtC0AtAyD2Q&cr=1668123924&ir=
 
*************************
 
AdwCleaner[R0].txt - [32411 bytes] - [11/02/2015 19:15:06]
AdwCleaner[R1].txt - [7671 bytes] - [16/02/2015 14:12:49]
AdwCleaner[S0].txt - [31902 bytes] - [11/02/2015 19:16:43]
AdwCleaner[S1].txt - [7322 bytes] - [16/02/2015 14:52:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7381  bytes] ##########
 


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:20 PM

Posted 17 February 2015 - 09:01 AM

One last scan.

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:20 PM

Posted 21 February 2015 - 09:59 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users