Hey guys. I've got a laptop here that's been infected. I looked up the specific virus removal, and they all have you run a program to try to remove the infection. The problem is that I can't run any of the programs, no matter how they're masked. I've tried all of the MBAM Chameleon files, and all of the RKIll extensions as well. The only thing I can run on the computer is text files. I tried renaming some of the programs to text files, but that didn't work either. I've tried it all in safe mode as well. Nothing runs. I noticed that most of the instructions for removing Internet Security virus are from 2013. Maybe this is a new version of the virus..? Any help would be much appreciated.
Inactive Internet Security Pro/ madefender.exe
- Thread starter jephph
- Start date
Broni
Posts: 56,041 +516
Please, observe following rules:
=================================
What Windows version is it?
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=================================
What Windows version is it?
Broni
Posts: 56,041 +516
NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.
Plug the flashdrive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
To enter System Recovery Options by using Windows installation disc:
On the System Recovery Options menu you will get the following options:
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.
Plug the flashdrive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive. - The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by Alicia (administrator) on ALICIA-HP on 10-05-2014 13:15:26
Running from C:\Users\Alicia\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
( ) C:\Windows\System32\lxdxcoms.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-20] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2552856 2014-04-21] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Alicia\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 8723bb1e3a6147d3a1aafd3fcc0676f4-934d5dc3d8dc8e769db1ba664331484d722e8777 --CMPID 0913a
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\MountPoints2: {43ac5068-5432-11e2-959b-2c768ae29f07} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\MountPoints2: {aec6d3b1-4fa5-11e2-941b-2c768ae29f07} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TL-Bootstrap.exe
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\MountPoints2: {b285fc39-4d00-11e2-ba06-2c768ae29f07} - F:\MotorolaDeviceManagerSetup.exe -a
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20120205,17118,0,18,0
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.0.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.0.0\\npsitesafety.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp1950@crossrider.com] - C:\Users\Alicia\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF Extension: RewardsArcade Suite - C:\Users\Alicia\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012-02-02]
Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={FEBF0440-BDCE-4CC4-9F8D-0C621736013E}&mid=8723bb1e3a6147d3a1aafd3fcc0676f4-934d5dc3d8dc8e769db1ba664331484d722e8777&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-21 10:05:25&v=3.0.0.2&pid=wtu&sg=&sap=hp
CHR StartupUrls: "hxxp://mysearch.avg.com?cid={FEBF0440-BDCE-4CC4-9F8D-0C621736013E}&mid=8723bb1e3a6147d3a1aafd3fcc0676f4-934d5dc3d8dc8e769db1ba664331484d722e8777&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-21 10:05:25&v=3.0.0.2&pid=wtu&sg=&sap=hp"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid=...ng=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-21 10:05:25&v=3.0.0.2&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-28]
CHR Extension: (RewardsArcade Suite) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb [2013-02-06]
CHR Extension: (Google Wallet) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]
CHR HKLM-x32\...\Chrome\Extension: [ielefkgbofdpglioecfjcbikholflklb] - C:\Users\Alicia\AppData\Local\RewardsArcadeSuite\1950\Chrome\rewardsarcade-suite.crx [2011-12-22]
==================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 vToolbarUpdater3.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.0.0\ToolbarUpdater.exe [1801240 2014-04-21] (AVG Secure Search)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-21] (AVG Technologies)
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-10 13:15 - 2014-05-10 13:16 - 00016734 _____ () C:\Users\Alicia\Desktop\FRST.txt
2014-05-10 13:15 - 2014-05-10 13:15 - 00000000 ____D () C:\Users\Alicia\Desktop\FRST-OlderVersion
2014-05-10 13:14 - 2014-05-10 13:15 - 02065408 _____ (Farbar) C:\Users\Alicia\Desktop\FRST64.exe
2014-05-09 20:18 - 2014-05-10 13:15 - 00000000 ____D () C:\FRST
2014-05-09 10:15 - 2014-05-09 10:13 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill.rtf.com
2014-05-09 10:15 - 2014-05-09 10:12 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill (1).exe
2014-05-09 09:57 - 2014-05-09 09:58 - 00000000 ____D () C:\Users\Alicia\Desktop\Pics
2014-05-09 09:57 - 2014-05-09 09:51 - 49566984 _____ (GridinSoft LLC) C:\Users\Alicia\Desktop\gtk-2.2.2.9-setup.exe
2014-05-09 09:57 - 2014-05-09 09:47 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Alicia\Desktop\tdsskiller (3).exe
2014-05-09 09:57 - 2014-05-09 09:47 - 00015648 _____ (GridinSoft LLC. All rights reserved.) C:\Users\Alicia\Desktop\madefender.exe.exe
2014-05-09 09:36 - 2014-05-09 09:47 - 00000000 ____D () C:\Users\Alicia\Desktop\mbam-chameleon-1.62.1.1000
2014-05-03 11:52 - 2014-05-09 09:59 - 00110553 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 11:49 - 2014-05-10 13:13 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 11:49 - 2014-05-03 11:49 - 00001112 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-21 10:05 - 2014-04-22 06:13 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-21 10:05 - 2014-04-22 06:09 - 00000000 ____D () C:\Users\Alicia\AppData\Local\AVG Web TuneUp
2014-04-21 10:05 - 2014-04-21 10:03 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-21 10:04 - 2014-04-21 10:05 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-11 08:55 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 08:55 - 2014-03-30 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 08:55 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 08:55 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 08:55 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 08:55 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 08:55 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 08:55 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 08:55 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 08:55 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 08:55 - 2013-12-24 09:42 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 08:53 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 08:08 - 2014-04-10 08:28 - 00000000 ____D () C:\Users\Alicia\Desktop\alicia's phone
==================== One Month Modified Files and Folders =======
2014-05-10 17:12 - 2012-01-14 16:15 - 00000000 ____D () C:\Users\Alicia
2014-05-10 13:16 - 2014-05-10 13:15 - 00016734 _____ () C:\Users\Alicia\Desktop\FRST.txt
2014-05-10 13:15 - 2014-05-10 13:15 - 00000000 ____D () C:\Users\Alicia\Desktop\FRST-OlderVersion
2014-05-10 13:15 - 2014-05-10 13:14 - 02065408 _____ (Farbar) C:\Users\Alicia\Desktop\FRST64.exe
2014-05-10 13:15 - 2014-05-09 20:18 - 00000000 ____D () C:\FRST
2014-05-10 13:13 - 2014-05-03 11:49 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 13:13 - 2009-07-14 00:51 - 00084048 _____ () C:\Windows\setupact.log
2014-05-09 13:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-09 10:13 - 2014-05-09 10:15 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill.rtf.com
2014-05-09 10:12 - 2014-05-09 10:15 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill (1).exe
2014-05-09 09:59 - 2014-05-03 11:52 - 00110553 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 09:58 - 2014-05-09 09:57 - 00000000 ____D () C:\Users\Alicia\Desktop\Pics
2014-05-09 09:51 - 2014-05-09 09:57 - 49566984 _____ (GridinSoft LLC) C:\Users\Alicia\Desktop\gtk-2.2.2.9-setup.exe
2014-05-09 09:47 - 2014-05-09 09:57 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Alicia\Desktop\tdsskiller (3).exe
2014-05-09 09:47 - 2014-05-09 09:57 - 00015648 _____ (GridinSoft LLC. All rights reserved.) C:\Users\Alicia\Desktop\madefender.exe.exe
2014-05-09 09:47 - 2014-05-09 09:36 - 00000000 ____D () C:\Users\Alicia\Desktop\mbam-chameleon-1.62.1.1000
2014-05-09 09:42 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 09:42 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 09:41 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 11:57 - 2012-01-14 13:21 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{406271A2-5C4F-4B73-A93B-115D35C5CAA7}
2014-05-03 11:49 - 2014-05-03 11:49 - 00001112 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-30 13:02 - 2011-04-09 17:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-04-29 17:13 - 2013-08-13 17:50 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-29 17:09 - 2010-11-20 23:47 - 00360316 _____ () C:\Windows\PFRO.log
2014-04-28 16:06 - 2012-04-01 09:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-26 10:19 - 2014-02-19 17:49 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAlicia
2014-04-22 06:13 - 2014-04-21 10:05 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-22 06:10 - 2012-01-24 19:35 - 00000000 ____D () C:\Users\Alicia\AppData\Roaming\Skype
2014-04-22 06:09 - 2014-04-21 10:05 - 00000000 ____D () C:\Users\Alicia\AppData\Local\AVG Web TuneUp
2014-04-21 10:05 - 2014-04-21 10:04 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-04-21 10:03 - 2014-04-21 10:05 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-13 18:34 - 2012-01-30 15:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-12 19:17 - 2014-04-02 17:39 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-04-12 18:59 - 2013-08-13 19:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 18:46 - 2013-08-13 19:43 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-11 12:18 - 2011-04-09 17:13 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-04-10 08:28 - 2014-04-10 08:08 - 00000000 ____D () C:\Users\Alicia\Desktop\alicia's phone
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-21 06:51
==================== End Of Log ============================
Ran by Alicia (administrator) on ALICIA-HP on 10-05-2014 13:15:26
Running from C:\Users\Alicia\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
( ) C:\Windows\System32\lxdxcoms.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-20] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2552856 2014-04-21] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Alicia\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 8723bb1e3a6147d3a1aafd3fcc0676f4-934d5dc3d8dc8e769db1ba664331484d722e8777 --CMPID 0913a
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\MountPoints2: {43ac5068-5432-11e2-959b-2c768ae29f07} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\MountPoints2: {aec6d3b1-4fa5-11e2-941b-2c768ae29f07} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\TL-Bootstrap.exe
HKU\S-1-5-21-1005116257-878886063-1618395364-1001\...\MountPoints2: {b285fc39-4d00-11e2-ba06-2c768ae29f07} - F:\MotorolaDeviceManagerSetup.exe -a
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20120205,17118,0,18,0
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.0.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.0.0\\npsitesafety.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp1950@crossrider.com] - C:\Users\Alicia\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF Extension: RewardsArcade Suite - C:\Users\Alicia\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012-02-02]
Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={FEBF0440-BDCE-4CC4-9F8D-0C621736013E}&mid=8723bb1e3a6147d3a1aafd3fcc0676f4-934d5dc3d8dc8e769db1ba664331484d722e8777&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-21 10:05:25&v=3.0.0.2&pid=wtu&sg=&sap=hp
CHR StartupUrls: "hxxp://mysearch.avg.com?cid={FEBF0440-BDCE-4CC4-9F8D-0C621736013E}&mid=8723bb1e3a6147d3a1aafd3fcc0676f4-934d5dc3d8dc8e769db1ba664331484d722e8777&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-21 10:05:25&v=3.0.0.2&pid=wtu&sg=&sap=hp"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid=...ng=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-21 10:05:25&v=3.0.0.2&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-28]
CHR Extension: (RewardsArcade Suite) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb [2013-02-06]
CHR Extension: (Google Wallet) - C:\Users\Alicia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]
CHR HKLM-x32\...\Chrome\Extension: [ielefkgbofdpglioecfjcbikholflklb] - C:\Users\Alicia\AppData\Local\RewardsArcadeSuite\1950\Chrome\rewardsarcade-suite.crx [2011-12-22]
==================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 vToolbarUpdater3.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.0.0\ToolbarUpdater.exe [1801240 2014-04-21] (AVG Secure Search)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-21] (AVG Technologies)
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-10 13:15 - 2014-05-10 13:16 - 00016734 _____ () C:\Users\Alicia\Desktop\FRST.txt
2014-05-10 13:15 - 2014-05-10 13:15 - 00000000 ____D () C:\Users\Alicia\Desktop\FRST-OlderVersion
2014-05-10 13:14 - 2014-05-10 13:15 - 02065408 _____ (Farbar) C:\Users\Alicia\Desktop\FRST64.exe
2014-05-09 20:18 - 2014-05-10 13:15 - 00000000 ____D () C:\FRST
2014-05-09 10:15 - 2014-05-09 10:13 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill.rtf.com
2014-05-09 10:15 - 2014-05-09 10:12 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill (1).exe
2014-05-09 09:57 - 2014-05-09 09:58 - 00000000 ____D () C:\Users\Alicia\Desktop\Pics
2014-05-09 09:57 - 2014-05-09 09:51 - 49566984 _____ (GridinSoft LLC) C:\Users\Alicia\Desktop\gtk-2.2.2.9-setup.exe
2014-05-09 09:57 - 2014-05-09 09:47 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Alicia\Desktop\tdsskiller (3).exe
2014-05-09 09:57 - 2014-05-09 09:47 - 00015648 _____ (GridinSoft LLC. All rights reserved.) C:\Users\Alicia\Desktop\madefender.exe.exe
2014-05-09 09:36 - 2014-05-09 09:47 - 00000000 ____D () C:\Users\Alicia\Desktop\mbam-chameleon-1.62.1.1000
2014-05-03 11:52 - 2014-05-09 09:59 - 00110553 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 11:49 - 2014-05-10 13:13 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 11:49 - 2014-05-03 11:49 - 00001112 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-21 10:05 - 2014-04-22 06:13 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-21 10:05 - 2014-04-22 06:09 - 00000000 ____D () C:\Users\Alicia\AppData\Local\AVG Web TuneUp
2014-04-21 10:05 - 2014-04-21 10:03 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-21 10:04 - 2014-04-21 10:05 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-11 08:55 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-11 08:55 - 2014-03-30 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-11 08:55 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 08:55 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 08:55 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 08:55 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 08:55 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 08:55 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 08:55 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 08:55 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 08:55 - 2013-12-24 09:42 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 08:53 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 08:08 - 2014-04-10 08:28 - 00000000 ____D () C:\Users\Alicia\Desktop\alicia's phone
==================== One Month Modified Files and Folders =======
2014-05-10 17:12 - 2012-01-14 16:15 - 00000000 ____D () C:\Users\Alicia
2014-05-10 13:16 - 2014-05-10 13:15 - 00016734 _____ () C:\Users\Alicia\Desktop\FRST.txt
2014-05-10 13:15 - 2014-05-10 13:15 - 00000000 ____D () C:\Users\Alicia\Desktop\FRST-OlderVersion
2014-05-10 13:15 - 2014-05-10 13:14 - 02065408 _____ (Farbar) C:\Users\Alicia\Desktop\FRST64.exe
2014-05-10 13:15 - 2014-05-09 20:18 - 00000000 ____D () C:\FRST
2014-05-10 13:13 - 2014-05-03 11:49 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 13:13 - 2009-07-14 00:51 - 00084048 _____ () C:\Windows\setupact.log
2014-05-09 13:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-09 10:13 - 2014-05-09 10:15 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill.rtf.com
2014-05-09 10:12 - 2014-05-09 10:15 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Alicia\Desktop\rkill (1).exe
2014-05-09 09:59 - 2014-05-03 11:52 - 00110553 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 09:58 - 2014-05-09 09:57 - 00000000 ____D () C:\Users\Alicia\Desktop\Pics
2014-05-09 09:51 - 2014-05-09 09:57 - 49566984 _____ (GridinSoft LLC) C:\Users\Alicia\Desktop\gtk-2.2.2.9-setup.exe
2014-05-09 09:47 - 2014-05-09 09:57 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Alicia\Desktop\tdsskiller (3).exe
2014-05-09 09:47 - 2014-05-09 09:57 - 00015648 _____ (GridinSoft LLC. All rights reserved.) C:\Users\Alicia\Desktop\madefender.exe.exe
2014-05-09 09:47 - 2014-05-09 09:36 - 00000000 ____D () C:\Users\Alicia\Desktop\mbam-chameleon-1.62.1.1000
2014-05-09 09:42 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 09:42 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 09:41 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 11:57 - 2012-01-14 13:21 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{406271A2-5C4F-4B73-A93B-115D35C5CAA7}
2014-05-03 11:49 - 2014-05-03 11:49 - 00001112 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-30 13:02 - 2011-04-09 17:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-04-29 17:13 - 2013-08-13 17:50 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-29 17:09 - 2010-11-20 23:47 - 00360316 _____ () C:\Windows\PFRO.log
2014-04-28 16:06 - 2012-04-01 09:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-26 10:19 - 2014-02-19 17:49 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAlicia
2014-04-22 06:13 - 2014-04-21 10:05 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-04-22 06:10 - 2012-01-24 19:35 - 00000000 ____D () C:\Users\Alicia\AppData\Roaming\Skype
2014-04-22 06:09 - 2014-04-21 10:05 - 00000000 ____D () C:\Users\Alicia\AppData\Local\AVG Web TuneUp
2014-04-21 10:05 - 2014-04-21 10:04 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-21 10:04 - 2014-04-21 10:04 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-04-21 10:03 - 2014-04-21 10:05 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-13 18:34 - 2012-01-30 15:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-12 19:17 - 2014-04-02 17:39 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-04-12 18:59 - 2013-08-13 19:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-12 18:46 - 2013-08-13 19:43 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-11 12:18 - 2011-04-09 17:13 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-04-10 08:28 - 2014-04-10 08:08 - 00000000 ____D () C:\Users\Alicia\Desktop\alicia's phone
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-21 06:51
==================== End Of Log ============================
I'll double click, or right click->run as admin, and they will either do nothing, or the UAC will pop up, and I'll say yes, and then nothing happens. Sometimes, I'll see the little loading circle for a fraction of a second after I double click, or right after I say yes to UAC, but then nothing.
Broni
Posts: 56,041 +516
See if you can run this...
Download Windows Repair (All in One) from this site
Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.
Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.
Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:
Go to Step 5 and under "System Restore" click on Create button:
Go to Start Repairs tab and click Start button.
Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.
Click on Start button.
Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
Download Windows Repair (All in One) from this site
Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.
Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.
Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:
Go to Step 5 and under "System Restore" click on Create button:
Go to Start Repairs tab and click Start button.
Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.
Click on Start button.
Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
Broni
Posts: 56,041 +516
My only other suggestion would be repair installation: http://www.sevenforums.com/tutorials/3413-repair-install.html
Latest posts
-
BlizzGone: Blizzard cancels 2024 convention but promises an eventual return- GodisanAtheist replied
