Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Screen Goes White After Start UP [Closed]


  • This topic is locked This topic is locked

#1
brittb89

brittb89

    Member

  • Member
  • PipPip
  • 10 posts
Hello -
The pastor I work for has something wrong with his screen and now I am told that I have to fix it. He really is awful so if there is a way I could save his computer that would be really helpful!! For my job :)

he has a HP netbook Windows Xp I think or Windows 7 cant remember what one- and when it logs on everything seems ok until it gets to the desktop, it just goes white. I do Ctrl + Alt + Del and the screen goes normal, If i select the task manager, it goes back white. If i hit restart - the desktop will flash normal for a second to stop any running programs. But if I hit cancel the Reset the screen goes back to white. Just all white.

I looked up on a similar post and I already ran the program frst64 and I have attached the report.
I then realized that the instructions to fix were specifically for that user you were helping and so here I am asking for help please!!
My job depends on this and I am just an office manager at a church - I'm no computer wiz kid!

Thank you!


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013
Ran by SYSTEM on 26-08-2013 11:19:36
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [344872 2010-03-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-26] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [Skyhook Wireless XPS Service] - C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe [726856 2010-06-28] (Skyhook Wireless)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-01-27] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MSN Toolbar] - "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [x]
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe [3331944 2009-12-03] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [536488 2013-05-08] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [536488 2013-05-08] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKU\Bradford\...\Run: [Google Update] - C:\Users\Bradford\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-05-20] (Google Inc.)
HKU\Bradford\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-09-22] (Microsoft Corporation)
HKU\Bradford\...\Winlogon: [Shell] explorer.exe,C:\Users\Bradford\AppData\Roaming\skype.dat [170496 2011-11-16] (DigTech Software Int) <==== ATTENTION
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
Startup: C:\Users\Bradford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c521dcc548568ccf\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [174440 2013-05-08] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-04-11] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-02-28] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-04-03] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-04-03] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [325808 2013-01-22] (McAfee, Inc.)
S2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [331512 2010-05-12] (QUALCOMM, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c521dcc548568ccf\STacSV64.exe [244736 2010-02-26] (IDT, Inc.)
S2 xpssvc; C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe [919880 2010-06-28] (Skyhook Wireless)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-04-03] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-04-03] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309968 2013-04-03] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [516608 2013-04-03] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [772944 2013-04-03] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [337120 2013-02-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95856 2013-02-18] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [342416 2013-04-03] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2010-05-12] (QUALCOMM Incorporated)
S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [440832 2010-05-12] (QUALCOMM Incorporated)
S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [230784 2010-05-12] (QUALCOMM Incorporated)
S3 XPSVCOM; C:\Windows\System32\DRIVERS\XPSVCOM.sys [16896 2010-06-01] (Skyhook Wireless)
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-26 05:51 - 2013-08-26 05:51 - 00000000 ____D C:\Windows\System32\SPReview
2013-08-22 05:39 - 2013-08-26 07:11 - 00000004 _____ C:\Users\Bradford\AppData\Roaming\skype.ini
2013-08-16 05:04 - 2013-08-16 05:04 - 00000000 ____D C:\Windows\System32\MRT
2013-08-16 05:04 - 2013-08-16 05:04 - 00000000 ____D C:\77b92e7533a7710664afa03d628b01f0
2013-08-15 13:26 - 2012-05-28 06:28 - 00197264 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys

==================== One Month Modified Files and Folders =======

2013-08-26 07:12 - 2009-07-13 21:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-26 07:11 - 2013-08-22 05:39 - 00000004 _____ C:\Users\Bradford\AppData\Roaming\skype.ini
2013-08-26 07:11 - 2012-02-07 18:24 - 00000000 ____D C:\Users\Bradford\Tracing
2013-08-26 07:11 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 07:11 - 2009-07-13 20:51 - 00096525 _____ C:\Windows\setupact.log
2013-08-26 07:00 - 2010-09-17 00:18 - 01952424 _____ C:\Windows\WindowsUpdate.log
2013-08-26 06:49 - 2009-07-13 21:13 - 00727182 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-26 06:49 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 06:49 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 06:29 - 2011-05-20 18:33 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1907468030-502022553-1166557208-1000UA.job
2013-08-26 06:02 - 2010-09-17 00:27 - 00258364 _____ C:\Windows\PFRO.log
2013-08-26 05:54 - 2011-05-20 18:33 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1907468030-502022553-1166557208-1000Core.job
2013-08-26 05:51 - 2013-08-26 05:51 - 00000000 ____D C:\Windows\System32\SPReview
2013-08-24 13:18 - 2013-07-23 19:04 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBradford
2013-08-24 13:18 - 2013-07-23 19:04 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForBradford.job
2013-08-22 10:02 - 2011-08-23 04:57 - 00000000 ____D C:\Users\Bradford\AppData\Local\CrashDumps
2013-08-22 05:43 - 2011-05-20 18:34 - 00002341 _____ C:\Users\Bradford\Desktop\Google Chrome.lnk
2013-08-20 19:33 - 2011-07-04 07:53 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-08-19 19:26 - 2013-01-16 19:46 - 00000000 ____D C:\Users\Bradford\AppData\Local\Windows Live
2013-08-16 05:04 - 2013-08-16 05:04 - 00000000 ____D C:\Windows\System32\MRT
2013-08-16 05:04 - 2013-08-16 05:04 - 00000000 ____D C:\77b92e7533a7710664afa03d628b01f0
2013-08-16 05:04 - 2011-08-02 08:27 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-15 14:24 - 2011-07-04 07:12 - 00000000 ____D C:\ProgramData\McAfee

Files to move or delete:
====================
C:\Users\Bradford\AppData\Roaming\skype.dat
C:\Users\Bradford\AppData\Roaming\skype.ini
C:\Users\Bradford\AppData\Local\Temp\5692762189874811461593.exe
C:\Users\Bradford\AppData\Local\Temp\ApnStub.exe
C:\Users\Bradford\AppData\Local\Temp\Extract.exe
C:\Users\Bradford\AppData\Local\Temp\GUR671B.exe
C:\Users\Bradford\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Bradford\AppData\Local\Temp\HPQSi.exe
C:\Users\Bradford\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Bradford\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Bradford\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Bradford\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Bradford\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Bradford\AppData\Local\Temp\njskwr_w.dll
C:\Users\Bradford\AppData\Local\Temp\Resource.exe
C:\Users\Bradford\AppData\Local\Temp\setup.exe
C:\Users\Bradford\AppData\Local\Temp\SP48591.exe
C:\Users\Bradford\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Bradford\AppData\Local\Temp\sp54373.exe
C:\Users\Bradford\AppData\Local\Temp\sp54620.exe
C:\Users\Bradford\AppData\Local\Temp\SP56878.exe
C:\Users\Bradford\AppData\Local\Temp\SP56929.exe
C:\Users\Bradford\AppData\Local\Temp\SP57232.exe
C:\Users\Bradford\AppData\Local\Temp\SP57698.exe
C:\Users\Bradford\AppData\Local\Temp\sp58915.exe
C:\Users\Bradford\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Bradford\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Bradford\AppData\Local\Temp\{BCFA7E50-C96A-4876-862C-081F9A94B05F}\InstallFlashPlayer.exe
C:\Users\Bradford\AppData\Local\Temp\{A1126C31-DF89-430B-A521-D176A5F40B05}\ISBEW64.exe
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleCrashHandler.exe
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleCrashHandler64.exe
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleUpdate.exe
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleUpdateBroker.exe
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleUpdateOnDemand.exe
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\GoogleUpdateSetup.exe
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdate.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_am.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ar.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_bg.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_bn.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ca.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_cs.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_da.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_de.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_el.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_en-GB.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_en.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_es-419.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_es.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_et.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_fa.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_fi.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_fil.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_fr.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_gu.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_hi.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_hr.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_hu.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_id.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_is.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_it.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_iw.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ja.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_kn.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ko.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_lt.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_lv.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ml.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_mr.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ms.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_nl.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_no.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_pl.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_pt-BR.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_pt-PT.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ro.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ru.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_sk.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_sl.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_sr.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_sv.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_sw.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ta.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_te.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_th.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_tr.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_uk.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_ur.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_vi.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_zh-CN.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\goopdateres_zh-TW.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\npGoogleUpdate3.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\psmachine.dll
C:\Users\Bradford\AppData\Local\Temp\{9D651A6E-8F8E-4EB5-B6E6-775F8977D88E}\psuser.dll
C:\Users\Bradford\AppData\Local\Temp\{36D336DA-468E-43F1-8060-9EC84BDC7D00}\ISBEW64.exe
C:\Users\Bradford\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\ISBEW64.exe
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\GoogleCrashHandler.exe
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\GoogleUpdate.exe
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\GoogleUpdateBroker.exe
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\GoogleUpdateOnDemand.exe
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdate.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_am.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ar.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_bg.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_bn.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ca.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_cs.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_da.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_de.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_el.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_en-GB.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_en.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_es-419.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_es.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_et.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_fa.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_fi.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_fil.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_fr.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_gu.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_hi.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_hr.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_hu.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_id.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_is.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_it.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_iw.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ja.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_kn.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ko.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_lt.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_lv.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ml.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_mr.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ms.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_nl.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_no.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_pl.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_pt-BR.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_pt-PT.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ro.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ru.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_sk.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_sl.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_sr.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_sv.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_sw.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ta.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_te.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_th.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_tr.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_uk.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_ur.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_vi.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_zh-CN.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\goopdateres_zh-TW.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\npGoogleUpdate3.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\psmachine.dll
C:\Users\Bradford\AppData\Local\Temp\{0E485AA2-AD73-48C7-8C58-03EE5D53F829}\psuser.dll
C:\Users\Bradford\AppData\Local\Temp\x86\HPWarrantyIDDll.dll
C:\Users\Bradford\AppData\Local\Temp\x64\HPWarrantyIDDll.dll
C:\Users\Bradford\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
C:\Users\Bradford\AppData\Local\Temp\Ceement\src\setup.exe
C:\Users\Bradford\AppData\Local\Temp\CC5BC2B2A58C41C89F58D48F392AB2EC\HPNTDFButton2\7.1.361\JewelExtension.dll
C:\Users\Bradford\AppData\Local\Temp\CC5BC2B2A58C41C89F58D48F392AB2EC\HPNTDFButton1\7.1.361\JewelExtension.dll
C:\Users\Bradford\AppData\Local\Temp\B9FC.dir\InstallFlashPlayer.exe
C:\Users\Bradford\AppData\Local\Temp\B79C.dir\InstallFlashPlayer.exe
C:\Users\Bradford\AppData\Local\Temp\B55B.dir\InstallFlashPlayer.exe
C:\Users\Bradford\AppData\Local\Temp\9730.dir\InstallFlashPlayer.exe
C:\Users\Bradford\AppData\Local\Temp\88BF.dir\InstallFlashPlayer.exe
C:\Users\Bradford\AppData\Local\Temp\8372.dir\InstallFlashPlayer.exe
C:\Users\Bradford\AppData\Local\Temp\77EE.dir\InstallFlashPlayer.exe
C:\Users\Bradford\AppData\Local\Temp\5EF2.dir\InstallFlashPlayer.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-08-26 05:51:08

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 1786.9 MB
Available physical RAM: 1190.39 MB
Total Pagefile: 1786.9 MB
Available Pagefile: 1181.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.56 GB) (Free:225.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:18.24 GB) (Free:2.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 84FC2B45)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-08-22 10:27

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   27.24KB   38 downloads

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets get your pastor back to his good work :)

Download the attached fixlist.txt to the same location as FRST

Run FRST as before and press Fix
After it has completed reboot to normal windows and run the following programme

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
brittb89

brittb89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you for your reply! Just wanted to let you know that it is still scanning... Has been for about 45 mins.
I will post logs asap!
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is that OTL ? Is the progress bar still running through the files (as shown at the bottom)
  • 0

#5
brittb89

brittb89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Yes...still all this time later it is still running with the very bottom bar changing file names that the program is scanning,it has been like 2 hours...I hope that is normal!
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Shouldn't take that long

Stop OTL by closing it

Then re-run OTL and press scan with nothing in the custom scans box
  • 0

#7
brittb89

brittb89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok I am re-scanning it - I will update you asap.
Thank you so much for your fast responses.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I forgot to ask are you back in normal windows
  • 0

#9
brittb89

brittb89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Also, I had to use task manager to close the OTL it wouldnt respond when I hit the red X in the right corner
  • 0

#10
brittb89

brittb89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
yes I am in normal windows.. I think. His normal desktop is in the background with the 100 icons on his desktop
  • 0

Advertisements


#11
brittb89

brittb89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It is still going same as last time and hasnt made any log or anything.
I didn't do the copy & paste like you had said.
Right now, I am going to leave work.
Is there a different thing I could try tomorrow morning?

Thank you
-Brittany
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
HI this is unusual but.. I do have another tool to check the system with

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#13
brittb89

brittb89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Attached File  Attach.txt   6.41KB   34 downloads
Okay So I ran the scan- also - I have to do this on my desktop at work because his computer keeps saying IP Address Failure- there is a computer in his network with the same IP address so I can't connect to any internet to get on this website!
Here is the DDS Report and hopefully the other Attach report is at the start of this post if i did it right:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17267
Run by Bradford at 10:55:43 on 2013-08-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.317 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c521dcc548568ccf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c521dcc548568ccf\AESTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
c:\PROGRA~2\mcafee\SITEAD~1\saUpd.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\mcafee.com\agent\McUpdate.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: LocationFinder Class: {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - C:\Program Files (x86)\Skyhook Wireless\Loki Plugin\loki.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Google Update] "C:\Users\Bradford\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\Bradford\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: Interfaces\{636C84FA-6BEE-477D-A5F0-B0B9405C5649}\14D455D434 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{636C84FA-6BEE-477D-A5F0-B0B9405C5649}\14D455D43423 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{636C84FA-6BEE-477D-A5F0-B0B9405C5649}\35C656560796E6E623 : DHCPNameServer = 68.87.64.146 68.87.75.194
TCP: Interfaces\{636C84FA-6BEE-477D-A5F0-B0B9405C5649}\37130323 : DHCPNameServer = 192.168.1.31
TCP: Interfaces\{636C84FA-6BEE-477D-A5F0-B0B9405C5649}\37130373 : DHCPNameServer = 192.168.1.31
TCP: Interfaces\{636C84FA-6BEE-477D-A5F0-B0B9405C5649}\8455E445E45445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{636C84FA-6BEE-477D-A5F0-B0B9405C5649}\84E45647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6BEFA932-F6EF-4497-B4C0-E4AAD1BCA050} : DHCPNameServer = 40.7.1.100
TCP: Interfaces\{7EDF2DB7-9D32-4D2B-9208-CC8361EE3787} : NameServer = 198.224.186.135 198.224.187.135
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [Skyhook Wireless XPS Service] C:\Program Files\Skyhook Wireless\XPS\xpscontrolpanel.exe --no-info
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-9-17 335400]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-9-17 39464]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 70112]
.
=============== Created Last 30 ================
.
2013-08-27 14:46:24 -------- d-----w- C:\Windows\System32\SPReview
2013-08-27 14:23:11 -------- d-----w- C:\a5eaec3d8809cc5b1d893d9bd505
2013-08-26 19:19:16 -------- d-----w- C:\FRST
2013-08-16 13:04:58 -------- d-----w- C:\Windows\System32\MRT
2013-08-16 13:04:33 -------- d-----w- C:\77b92e7533a7710664afa03d628b01f0
2013-08-15 21:26:44 197264 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
.
==================== Find3M ====================
.
.
============= FINISH: 11:07:30.84 ===============
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that has confirmed that there is no remnant of the bad boy. Reference the internet do you go Via a proxy to go online ? If not then go to Control Panel > Internet Options > Connections
Select LAN Settings
Place a tick in Automatically detect settings and OK out


Then open an elevated command prompt :

Go Start > All Programs > Accessories
Right click Command prompt and select "Run as Administrator"
Type in the following commands and press enter after each :


ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset /c
netsh advfirewall reset /c


Reboot and then try the internet

FINALLY

A sweep for orphans

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

#15
brittb89

brittb89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.27.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Bradford :: BRADFORD-PC [administrator]

8/27/2013 1:56:09 PM
mbam-log-2013-08-27 (13-56-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221545
Time elapsed: 27 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


That was my log from the quick scan.
What type of preventative service do you reccomend for malware and what not? Preferably free? His computer is just sluggish sometimes and he has mccaffe or something?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP