Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HP Pavilion running Windows 7: slow startup, desktop disappears, windo

Started by joy2mac , Apr 22 2014 08:24 PM
windows 7 slow startup windows popup desktop blackout windows setup device toolbar disappeared

  • Please log in to reply

#1
joy2mac
Posted 22 April 2014 - 08:24 PM

joy2mac

    Member

  • Member
  • PipPip
  • 44 posts

Hi and thank you for your time!

 

Below are the details of my problem:

 

hardware & OS

HP Pavilion dv6 Notebook PC (laptop)

Intel core i7 CPU

8.0 GB RAM

Windows 7 Home Premium (2009)

Service Pack 1

 

Anti-Virus and Malware in Use

*I run the following every couple weeks; I remember deleting a bug that had "registry" in the name (not sure if this is caused my problems)

 

Avast Antivirus

AVG 2014

CCleaner

Malwarebytes

 

Problems

The following problems happened on separate occasions:

  • generally very slow startup (4-5 minutes)
  • while watching Youtube, the desktop icons and toolbar at the bottom of the screen went blank (sound still running and desktop background still visible); could login after putting computer to sleep (power button); same problem after login
  • upon login a popup said Windows could not find a setup device; I was advised to click on the popup for more details; popup disappeared and I could not locate it again; it looked like the computer had started in 'safe mode' and some of the toolbar was not visible; restarted computer and everything was normal
  • upon login, the monitor went black; restarted computer and everything was normal
  • upon login, dialog box popped up and said "RSI guard [ergonomic program installed on my computer to encourage breaks and stretches] could not access the online profile database via the internet. Please contact supervisor for assistance and report error 'InternetSecurityCertRevocationFailed(C=105) for user jmacbeth'"
  • lost all bookmarks in Firefox, desktop background is different

 

Thank you again,

 

joy


  • 0

Advertisements

#2
joy2mac
Posted 23 April 2014 - 10:19 PM

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Hi,

 

I successfully ran a full scan with Malwarebytes and removed a registry key related virus.

 

However, I am unable to run any of the three OTL tools. When I download to the "download" folder and click on "save" a dialogue box says I cannot run OTL from a temporary folder; I am advised to download to desktop. When I download to desktop, the same dialogue box appears.

 

Should I try running the exehelper and rkill tools, or do something else?

 

thank you!


  • 0

#3
joy2mac
Posted 24 April 2014 - 11:34 PM

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Hi,

 

I also posted this to the messanger because I am not sure who to post to regarding the problem with running OTL. I ran scans with Rkill (1 threat removed), MBAM (7 threats removed), Viprerescue (not sure which document is the log in the C:), and SuperAntiSpyware (13 threats removed). The logs for Rkill and MBAM are below. I am having the same problem as before. When I try to run each of the three OTL's after downloading to my desktop, a dialogue box says "OTL cannot be run from a temporary folder - please download to desktop or other suitable location."

 

Please advise as to what I should do next and thank you!

 

~joy

 

 

Rkill scan:

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 04/24/2014 07:06:32 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\kmw_run.exe (PID: 5820) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  ÿþ1 2 7 . 0 . 0 . 1               l o c a l h o s t
 
   : : 1               l o c a l h o s t
 
   

Program finished at: 04/24/2014 07:07:36 PM
Execution time: 0 hours(s), 1 minute(s), and 3 seconds(s)
 

 

 

MBAM scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/24/2014
Scan Time: 7:28:14 PM
Logfile: MBAM scan 4.24.14.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.25.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: jmacbeth

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303158
Time Elapsed: 17 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\UtilityChest_49.SkinLauncherSettings, No Action By User, [d8ad0a24c8b373c3342af25ed03209f7],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\UtilityChest_49.SkinLauncherSettings.1, No Action By User, [3e4745e9d2a944f277e7b997ff0340c0],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UtilityChest_49.SkinLauncherSettings, No Action By User, [3e4745e9d2a944f277e7b997ff0340c0],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UtilityChest_49.SkinLauncherSettings.1, No Action By User, [3e4745e9d2a944f277e7b997ff0340c0],
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\Updater By SweetPacks, No Action By User, [5a2b6cc2c6b5c96d05bf871892710ff1],

Registry Values: 2
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}, No Action By User, [cfb647e7ed8e999dab6daf9fc2407a86],
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}, C:\Program Files\Updater By SweetPacks\Firefox, No Action By User, [cfb647e7ed8e999dab6daf9fc2407a86]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#4
joy2mac
Posted 26 April 2014 - 05:25 PM

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Update: I tried logging in on April 26th. When I enter my password to login to Windows, the computer says "Logging off" and brings me back to the login screen. I tried restarting and shutting down, and still cannot login to the desktop.

 

thank you for your help.


  • 0

#5
RKinner
Posted 27 April 2014 - 12:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Are you able to boot into Safe Mode?

 

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login or if that won't work with Administrator.)
 
If Safe Mode won't work then you will need to get FRST on a USB drive:
 





In a working computer:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:


  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt

    Note: You can use the Installation DVD as an alternate to the Advanced Boot Options.

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste this log in your Topic.

 


  • 0

#6
joy2mac
Posted 27 April 2014 - 04:02 PM

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Hi, and thank you for your response. Here is the scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by SYSTEM on MININT-CRK9LEE on 27-04-2014 14:53:08
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-11-28] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [kmw_run.exe] => kmw_run.exe
HKLM-x32\...\Run: [MSWheel] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [534160 2013-03-26] (QFX Software Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2544664 2014-03-23] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Startup: C:\Users\jmacbeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Services (Whitelisted) =================
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S2 NCO; C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.0.43\NST.exe [130104 2014-03-11] (Symantec Corporation)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-03-30] (Trusteer Ltd.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S2 vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-04-02] ()
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-23] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-23] (AVG Technologies)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222232 2013-03-26] (QFX Software Corporation)
S3 KMW_KBD; C:\Windows\SysWOW64\DRIVERS\KMW_KBD.sys [5248 2003-12-01] (Kensington Technology Group)
S1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-26] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282968 2014-03-30] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236248 2013-04-02] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-03-30] (Trusteer Ltd.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 eabfiltr; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-27 13:37 - 2014-04-27 14:53 - 00000000 ____D () C:\FRST
2014-04-27 13:36 - 2014-04-27 13:36 - 02061824 _____ (Farbar) C:\Users\jmacbeth\Downloads\FRST64.exe
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\Users\TEMP.jmacbeth-PC\AppData\Roaming\SUPERAntiSpyware.com
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-24 18:41 - 2014-04-24 21:05 - 00000000 ____D () C:\VIPRERESCUE
2014-04-24 18:41 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\System32\Drivers\gfiutil.sys
2014-04-24 18:41 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\System32\Drivers\gfiark.sys
2014-04-24 18:10 - 2014-04-24 18:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-24 18:10 - 2014-04-24 18:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-24 18:10 - 2014-04-03 08:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-24 18:10 - 2014-04-03 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-24 18:00 - 2014-04-24 18:00 - 00003254 _____ () C:\Windows\System32\Tasks\{B5F94EC1-A48C-44F8-87D5-D242D56492B1}
2014-04-24 17:47 - 2014-04-24 21:36 - 00000000 ____D () C:\users\TEMP.jmacbeth-PC
2014-04-22 21:47 - 2014-03-06 00:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-04-22 21:47 - 2014-03-05 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 21:46 - 2014-03-06 02:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-22 21:46 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-22 21:46 - 2014-03-06 01:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-04-22 21:46 - 2014-03-06 01:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 21:46 - 2014-03-06 00:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-22 21:46 - 2014-03-06 00:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-04-22 21:46 - 2014-03-06 00:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-04-22 21:46 - 2014-03-06 00:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-22 21:46 - 2014-03-06 00:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-22 21:46 - 2014-03-06 00:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-22 21:46 - 2014-03-06 00:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 21:46 - 2014-03-06 00:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-04-22 21:46 - 2014-03-06 00:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-04-22 21:46 - 2014-03-06 00:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-04-22 21:46 - 2014-03-06 00:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-22 21:46 - 2014-03-06 00:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-22 21:46 - 2014-03-06 00:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-04-22 21:46 - 2014-03-06 00:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-22 21:46 - 2014-03-06 00:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 21:46 - 2014-03-06 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 21:46 - 2014-03-06 00:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 21:46 - 2014-03-05 23:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-22 21:46 - 2014-03-05 23:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-22 21:46 - 2014-03-05 23:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 21:46 - 2014-03-05 23:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 21:46 - 2014-03-05 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 21:46 - 2014-03-05 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 21:46 - 2014-03-05 23:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-04-22 21:46 - 2014-03-05 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 21:46 - 2014-03-05 23:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 21:46 - 2014-03-05 23:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 21:46 - 2014-03-05 23:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-22 21:46 - 2014-03-05 23:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 21:46 - 2014-03-05 23:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-04-22 21:46 - 2014-03-05 23:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 21:46 - 2014-03-05 23:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 21:46 - 2014-03-05 22:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-22 21:46 - 2014-03-05 22:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 21:46 - 2014-03-05 22:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 21:46 - 2014-03-05 22:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 21:46 - 2014-03-05 22:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-22 21:46 - 2014-03-05 21:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-22 21:46 - 2014-03-05 21:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-04-22 21:46 - 2014-03-05 21:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 21:46 - 2014-03-05 21:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 21:46 - 2014-03-05 21:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 17:38 - 2014-04-23 17:47 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForjmacbeth.job
2014-04-22 17:38 - 2014-04-22 17:52 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForjmacbeth
2014-04-18 14:01 - 2014-04-18 14:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2014-04-08 19:49 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-08 19:49 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-08 19:49 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-08 19:49 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-08 19:49 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-08 19:49 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 19:49 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:49 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 19:49 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 19:49 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 19:49 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 19:49 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-08 19:49 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-08 19:49 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-08 19:49 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-08 19:49 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 19:45 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-03-31 15:20 - 2014-03-31 15:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2014-03-31 15:06 - 2014-03-31 15:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2014-03-30 14:56 - 2014-04-24 17:56 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-30 14:56 - 2014-03-30 14:56 - 00000000 ____D () C:\Users\jmacbeth\AppData\Roaming\AVG2014
2014-03-30 14:55 - 2014-03-30 14:56 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-30 14:55 - 2014-03-30 14:55 - 00000000 ___HD () C:\$AVG
2014-03-30 14:54 - 2014-03-30 14:54 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-30 14:48 - 2014-03-30 15:17 - 00000000 ____D () C:\Users\jmacbeth\AppData\Local\Avg2014
2014-03-30 14:48 - 2014-03-30 14:48 - 04471880 _____ (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2014_4354_cnet.exe
2014-03-30 14:45 - 2014-03-30 14:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 12:21 - 2014-04-27 13:47 - 00000896 _____ () C:\Windows\setupact.log
2014-03-30 12:21 - 2014-04-26 15:16 - 00161930 _____ () C:\Windows\PFRO.log
2014-03-30 12:21 - 2014-03-30 12:21 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
2014-04-27 14:53 - 2014-04-27 13:37 - 00000000 ____D () C:\FRST
2014-04-27 13:48 - 2009-07-13 20:45 - 00023248 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 13:48 - 2009-07-13 20:45 - 00023248 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 13:47 - 2014-03-30 12:21 - 00000896 _____ () C:\Windows\setupact.log
2014-04-27 13:47 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 13:36 - 2014-04-27 13:36 - 02061824 _____ (Farbar) C:\Users\jmacbeth\Downloads\FRST64.exe
2014-04-26 15:37 - 2011-10-24 17:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-26 15:21 - 2011-10-24 17:11 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-26 15:16 - 2014-03-30 12:21 - 00161930 _____ () C:\Windows\PFRO.log
2014-04-26 15:16 - 2013-04-11 14:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-26 15:16 - 2013-04-01 13:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-24 21:36 - 2014-04-24 17:47 - 00000000 ____D () C:\users\TEMP.jmacbeth-PC
2014-04-24 21:36 - 2010-02-09 01:26 - 01933435 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\Users\TEMP.jmacbeth-PC\AppData\Roaming\SUPERAntiSpyware.com
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-24 21:05 - 2014-04-24 18:41 - 00000000 ____D () C:\VIPRERESCUE
2014-04-24 20:56 - 2012-04-27 13:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 18:10 - 2014-04-24 18:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-24 18:10 - 2014-04-24 18:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-24 18:10 - 2013-04-11 12:41 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-24 18:10 - 2013-04-01 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 18:03 - 2010-02-20 19:37 - 00000000 ____D () C:\users\jmacbeth
2014-04-24 18:00 - 2014-04-24 18:00 - 00003254 _____ () C:\Windows\System32\Tasks\{B5F94EC1-A48C-44F8-87D5-D242D56492B1}
2014-04-24 17:56 - 2014-03-30 14:56 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-23 20:34 - 2013-04-05 13:55 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-23 20:33 - 2009-07-13 21:13 - 00775124 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-23 17:47 - 2014-04-22 17:38 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForjmacbeth.job
2014-04-23 17:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-22 17:52 - 2014-04-22 17:38 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForjmacbeth
2014-04-22 17:51 - 2010-03-05 14:14 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-18 14:01 - 2014-04-18 14:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2014-04-10 18:32 - 2013-04-11 12:45 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-04-08 21:30 - 2010-01-09 16:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 21:28 - 2013-08-14 10:49 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-08 21:25 - 2010-03-07 21:09 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-08 19:29 - 2012-04-29 13:28 - 00000000 ____D () C:\Users\Public\Documents\RSIGuard
2014-04-08 19:29 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-08 19:22 - 2010-03-18 18:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-07 20:06 - 2012-04-29 13:31 - 00000000 ____D () C:\Users\jmacbeth\AppData\Roaming\RSIGuard
2014-04-07 19:03 - 2012-05-04 14:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 08:51 - 2014-04-24 18:10 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-03 08:51 - 2014-04-24 18:10 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-03 08:50 - 2013-04-11 12:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-03-31 15:20 - 2014-03-31 15:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2014-03-31 15:06 - 2014-03-31 15:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2014-03-30 15:17 - 2014-03-30 14:48 - 00000000 ____D () C:\Users\jmacbeth\AppData\Local\Avg2014
2014-03-30 14:56 - 2014-03-30 14:56 - 00000000 ____D () C:\Users\jmacbeth\AppData\Roaming\AVG2014
2014-03-30 14:56 - 2014-03-30 14:55 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-30 14:55 - 2014-03-30 14:55 - 00000000 ___HD () C:\$AVG
2014-03-30 14:54 - 2014-03-30 14:54 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-30 14:51 - 2013-04-06 10:01 - 00000000 ____D () C:\Users\jmacbeth\Desktop\Temp Files
2014-03-30 14:48 - 2014-03-30 14:48 - 04471880 _____ (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2014_4354_cnet.exe
2014-03-30 14:45 - 2014-03-30 14:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 14:34 - 2011-10-30 14:18 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-30 12:26 - 2010-06-16 20:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-30 12:21 - 2014-03-30 12:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-30 09:07 - 2013-06-25 12:36 - 00000000 ____D () C:\Users\jmacbeth\AppData\Local\CrashDumps
2014-03-30 09:07 - 2010-04-03 14:39 - 00000000 ____D () C:\Windows\Minidump
2014-03-30 08:57 - 2014-03-23 14:15 - 00000000 ____D () C:\ProgramData\Amazon
2014-03-30 08:57 - 2010-01-09 15:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-29 14:02 - 2014-02-17 13:23 - 00000000 ____D () C:\Users\jmacbeth\Documents\TurboTax
2014-03-29 10:15 - 2011-10-24 17:11 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 10:15 - 2011-10-24 17:11 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 09:48 - 2013-06-14 18:26 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-30 12:25:47
Restore point made on: 2014-03-30 14:54:45
Restore point made on: 2014-03-30 14:55:26
Restore point made on: 2014-04-08 19:43:37
Restore point made on: 2014-04-08 21:23:59
Restore point made on: 2014-04-22 21:45:59
Restore point made on: 2014-04-23 20:33:04
Restore point made on: 2014-04-24 18:01:38
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8182.87 MB
Available physical RAM: 7245.54 MB
Total Pagefile: 8181.02 MB
Available Pagefile: 7238.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:452.2 GB) (Free:318.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:13.27 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive i: (512MB FLASH) (Removable) (Total:0.47 GB) (Free:0.19 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 094B8C03)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 484 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-04-22 19:43
 
==================== End Of Log ============================

  • 0

#7
RKinner
Posted 27 April 2014 - 04:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Please look and see if you got another log called Additions.  There's not much showing in the first log.  We can remove SAS since it was the last thing you installed and one dead driver but it doesn't look like it should be unbootable.  

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
If you try to go to Safe Mode can you get into Safe Mode with Command Prompt?

  • 0

#8
joy2mac
Posted 27 April 2014 - 06:07 PM

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Hi, I ran FRST again and checked the "additions" box, however there is still no second log with additions. When I restart, F8, and select 'Safe Mode with Command Prompt,' I get a black screen that says 'Microsoft ® Windows ® (Build 7601: Service Pack 1).' 'Safe Mode' appears in all four corners of the screen, and there is a command window that says 'Administrator: cmd.exe.'

 

 

Here is the fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by SYSTEM at 2014-04-27 16:53:01 Run:1
Running from I:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 eabfiltr; 
!SASCORE
SASDIFSV
SASKUTIL
eabfiltr 
 
*****************
 
!SASCORE => Service deleted successfully.
SASDIFSV => Service deleted successfully.
SASKUTIL => Service deleted successfully.
eabfiltr => Service deleted successfully.
 
==== End of Fixlog ====
 
 
Here is the frst log: 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by SYSTEM on MININT-939OT71 on 27-04-2014 16:54:03
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-11-28] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [kmw_run.exe] => kmw_run.exe
HKLM-x32\...\Run: [MSWheel] => [X]
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [534160 2013-03-26] (QFX Software Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2544664 2014-03-23] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Startup: C:\Users\jmacbeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Services (Whitelisted) =================
 
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S2 NCO; C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.0.43\NST.exe [130104 2014-03-11] (Symantec Corporation)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-03-30] (Trusteer Ltd.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S2 vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-04-02] ()
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-23] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-23] (AVG Technologies)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222232 2013-03-26] (QFX Software Corporation)
S3 KMW_KBD; C:\Windows\SysWOW64\DRIVERS\KMW_KBD.sys [5248 2003-12-01] (Kensington Technology Group)
S1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-26] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282968 2014-03-30] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236248 2013-04-02] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-03-30] (Trusteer Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-27 13:37 - 2014-04-27 16:54 - 00000000 ____D () C:\FRST
2014-04-27 13:36 - 2014-04-27 13:36 - 02061824 _____ (Farbar) C:\Users\jmacbeth\Downloads\FRST64.exe
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\Users\TEMP.jmacbeth-PC\AppData\Roaming\SUPERAntiSpyware.com
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-24 18:41 - 2014-04-24 21:05 - 00000000 ____D () C:\VIPRERESCUE
2014-04-24 18:41 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\System32\Drivers\gfiutil.sys
2014-04-24 18:41 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\System32\Drivers\gfiark.sys
2014-04-24 18:10 - 2014-04-24 18:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-24 18:10 - 2014-04-24 18:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-24 18:10 - 2014-04-03 08:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-24 18:10 - 2014-04-03 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-24 18:00 - 2014-04-24 18:00 - 00003254 _____ () C:\Windows\System32\Tasks\{B5F94EC1-A48C-44F8-87D5-D242D56492B1}
2014-04-24 17:47 - 2014-04-24 21:36 - 00000000 ____D () C:\users\TEMP.jmacbeth-PC
2014-04-22 21:47 - 2014-03-06 00:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-04-22 21:47 - 2014-03-05 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 21:46 - 2014-03-06 02:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-22 21:46 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-22 21:46 - 2014-03-06 01:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-04-22 21:46 - 2014-03-06 01:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 21:46 - 2014-03-06 00:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-22 21:46 - 2014-03-06 00:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-04-22 21:46 - 2014-03-06 00:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-04-22 21:46 - 2014-03-06 00:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-22 21:46 - 2014-03-06 00:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-22 21:46 - 2014-03-06 00:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-22 21:46 - 2014-03-06 00:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 21:46 - 2014-03-06 00:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-04-22 21:46 - 2014-03-06 00:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-04-22 21:46 - 2014-03-06 00:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-04-22 21:46 - 2014-03-06 00:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-22 21:46 - 2014-03-06 00:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-22 21:46 - 2014-03-06 00:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-04-22 21:46 - 2014-03-06 00:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-22 21:46 - 2014-03-06 00:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 21:46 - 2014-03-06 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 21:46 - 2014-03-06 00:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 21:46 - 2014-03-05 23:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-22 21:46 - 2014-03-05 23:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-22 21:46 - 2014-03-05 23:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 21:46 - 2014-03-05 23:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 21:46 - 2014-03-05 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 21:46 - 2014-03-05 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 21:46 - 2014-03-05 23:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-04-22 21:46 - 2014-03-05 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 21:46 - 2014-03-05 23:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 21:46 - 2014-03-05 23:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 21:46 - 2014-03-05 23:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-22 21:46 - 2014-03-05 23:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 21:46 - 2014-03-05 23:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-04-22 21:46 - 2014-03-05 23:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 21:46 - 2014-03-05 23:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 21:46 - 2014-03-05 22:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-22 21:46 - 2014-03-05 22:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 21:46 - 2014-03-05 22:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 21:46 - 2014-03-05 22:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 21:46 - 2014-03-05 22:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-22 21:46 - 2014-03-05 21:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-22 21:46 - 2014-03-05 21:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-04-22 21:46 - 2014-03-05 21:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 21:46 - 2014-03-05 21:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 21:46 - 2014-03-05 21:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 17:38 - 2014-04-23 17:47 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForjmacbeth.job
2014-04-22 17:38 - 2014-04-22 17:52 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForjmacbeth
2014-04-18 14:01 - 2014-04-18 14:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2014-04-08 19:49 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-08 19:49 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-08 19:49 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-08 19:49 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-08 19:49 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-08 19:49 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 19:49 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:49 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 19:49 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 19:49 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 19:49 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 19:49 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-08 19:49 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-08 19:49 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-08 19:49 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-08 19:49 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 19:45 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-03-31 15:20 - 2014-03-31 15:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2014-03-31 15:06 - 2014-03-31 15:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2014-03-30 14:56 - 2014-04-24 17:56 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-30 14:56 - 2014-03-30 14:56 - 00000000 ____D () C:\Users\jmacbeth\AppData\Roaming\AVG2014
2014-03-30 14:55 - 2014-03-30 14:56 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-30 14:55 - 2014-03-30 14:55 - 00000000 ___HD () C:\$AVG
2014-03-30 14:54 - 2014-03-30 14:54 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-30 14:48 - 2014-03-30 15:17 - 00000000 ____D () C:\Users\jmacbeth\AppData\Local\Avg2014
2014-03-30 14:48 - 2014-03-30 14:48 - 04471880 _____ (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2014_4354_cnet.exe
2014-03-30 14:45 - 2014-03-30 14:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 12:21 - 2014-04-27 15:49 - 00000952 _____ () C:\Windows\setupact.log
2014-03-30 12:21 - 2014-04-26 15:16 - 00161930 _____ () C:\Windows\PFRO.log
2014-03-30 12:21 - 2014-03-30 12:21 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
2014-04-27 16:54 - 2014-04-27 13:37 - 00000000 ____D () C:\FRST
2014-04-27 15:50 - 2009-07-13 20:45 - 00023248 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 15:50 - 2009-07-13 20:45 - 00023248 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 15:49 - 2014-03-30 12:21 - 00000952 _____ () C:\Windows\setupact.log
2014-04-27 15:49 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 13:36 - 2014-04-27 13:36 - 02061824 _____ (Farbar) C:\Users\jmacbeth\Downloads\FRST64.exe
2014-04-26 15:37 - 2011-10-24 17:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-26 15:21 - 2011-10-24 17:11 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-26 15:16 - 2014-03-30 12:21 - 00161930 _____ () C:\Windows\PFRO.log
2014-04-26 15:16 - 2013-04-11 14:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-26 15:16 - 2013-04-01 13:30 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-24 21:36 - 2014-04-24 17:47 - 00000000 ____D () C:\users\TEMP.jmacbeth-PC
2014-04-24 21:36 - 2010-02-09 01:26 - 01933435 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\Users\TEMP.jmacbeth-PC\AppData\Roaming\SUPERAntiSpyware.com
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-24 21:14 - 2014-04-24 21:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-24 21:05 - 2014-04-24 18:41 - 00000000 ____D () C:\VIPRERESCUE
2014-04-24 20:56 - 2012-04-27 13:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 18:10 - 2014-04-24 18:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-24 18:10 - 2014-04-24 18:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-24 18:10 - 2013-04-11 12:41 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-24 18:10 - 2013-04-01 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 18:03 - 2010-02-20 19:37 - 00000000 ____D () C:\users\jmacbeth
2014-04-24 18:00 - 2014-04-24 18:00 - 00003254 _____ () C:\Windows\System32\Tasks\{B5F94EC1-A48C-44F8-87D5-D242D56492B1}
2014-04-24 17:56 - 2014-03-30 14:56 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-23 20:34 - 2013-04-05 13:55 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-23 20:33 - 2009-07-13 21:13 - 00775124 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-23 17:47 - 2014-04-22 17:38 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForjmacbeth.job
2014-04-23 17:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-22 17:52 - 2014-04-22 17:38 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForjmacbeth
2014-04-22 17:51 - 2010-03-05 14:14 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-18 14:01 - 2014-04-18 14:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys
2014-04-10 18:32 - 2013-04-11 12:45 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-04-08 21:30 - 2010-01-09 16:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 21:28 - 2013-08-14 10:49 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-08 21:25 - 2010-03-07 21:09 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-08 19:29 - 2012-04-29 13:28 - 00000000 ____D () C:\Users\Public\Documents\RSIGuard
2014-04-08 19:29 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-08 19:22 - 2010-03-18 18:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-07 20:06 - 2012-04-29 13:31 - 00000000 ____D () C:\Users\jmacbeth\AppData\Roaming\RSIGuard
2014-04-07 19:03 - 2012-05-04 14:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 08:51 - 2014-04-24 18:10 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-03 08:51 - 2014-04-24 18:10 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-03 08:50 - 2013-04-11 12:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-03-31 15:20 - 2014-03-31 15:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2014-03-31 15:06 - 2014-03-31 15:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2014-03-30 15:17 - 2014-03-30 14:48 - 00000000 ____D () C:\Users\jmacbeth\AppData\Local\Avg2014
2014-03-30 14:56 - 2014-03-30 14:56 - 00000000 ____D () C:\Users\jmacbeth\AppData\Roaming\AVG2014
2014-03-30 14:56 - 2014-03-30 14:55 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-30 14:55 - 2014-03-30 14:55 - 00000000 ___HD () C:\$AVG
2014-03-30 14:54 - 2014-03-30 14:54 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-30 14:51 - 2013-04-06 10:01 - 00000000 ____D () C:\Users\jmacbeth\Desktop\Temp Files
2014-03-30 14:48 - 2014-03-30 14:48 - 04471880 _____ (AVG Technologies) C:\Users\jmacbeth\Downloads\avg_free_stb_all_2014_4354_cnet.exe
2014-03-30 14:45 - 2014-03-30 14:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 14:34 - 2011-10-30 14:18 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-30 12:26 - 2010-06-16 20:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-30 12:21 - 2014-03-30 12:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-30 09:07 - 2013-06-25 12:36 - 00000000 ____D () C:\Users\jmacbeth\AppData\Local\CrashDumps
2014-03-30 09:07 - 2010-04-03 14:39 - 00000000 ____D () C:\Windows\Minidump
2014-03-30 08:57 - 2014-03-23 14:15 - 00000000 ____D () C:\ProgramData\Amazon
2014-03-30 08:57 - 2010-01-09 15:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-29 14:02 - 2014-02-17 13:23 - 00000000 ____D () C:\Users\jmacbeth\Documents\TurboTax
2014-03-29 10:15 - 2011-10-24 17:11 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 10:15 - 2011-10-24 17:11 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 09:48 - 2013-06-14 18:26 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-30 12:25:47
Restore point made on: 2014-03-30 14:54:45
Restore point made on: 2014-03-30 14:55:26
Restore point made on: 2014-04-08 19:43:37
Restore point made on: 2014-04-08 21:23:59
Restore point made on: 2014-04-22 21:45:59
Restore point made on: 2014-04-23 20:33:04
Restore point made on: 2014-04-24 18:01:38
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8182.87 MB
Available physical RAM: 7240.08 MB
Total Pagefile: 8181.02 MB
Available Pagefile: 7234.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:452.2 GB) (Free:318.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:13.27 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive i: (512MB FLASH) (Removable) (Total:0.47 GB) (Free:0.19 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 094B8C03)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 484 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-04-22 19:43
 
==================== End Of Log ============================

  • 0

#9
RKinner
Posted 27 April 2014 - 07:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

OK if it still won't let you log on you can try running system Restore from the command prompt in Safe Mode.  

 

At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.  Pick the earliest restore point.


  • 0

#10
joy2mac
Posted 27 April 2014 - 08:15 PM

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Hi, 

 

When I restart, select F8, select 'repair computer,' select 'command prompt' and type '%system%…exe' the system says "…system 32…exe is not recognized as an internal or external command, operable program or batch file.' 

 

I then selected "system restore" from System Recovery Options and the restore ran for an hour (restore point of March 30th). I restarted and tried again. It does not seem to be working. 

 

I also tried selecting F8, then 'system restore with command prompt' but it brought me to my login. 

 

Am I doing this correctly? 

 

thank you, 

 

joy


  • 0

Advertisements

#11
joy2mac
Posted 27 April 2014 - 08:21 PM

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

ps - i also tried %systemroot%\system64\restore\rstrui.exe in case that designates a 64-bit system but it didn't work. 


  • 0

#12
RKinner
Posted 27 April 2014 - 11:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

No such folder as System64.  MS uses System32 for both 32 and 64.  Actually they put the 32 stuff in a folder called SysNative and fake it so the system thinks it is System32.

 

%systemroot%\system32\restore\rstrui.exe is usually just:

 

c:\windows\system32\restore\rstrui.exe

 

which should bring up the System Restore menu.  Sounds like you found another way to get it so it doesn't really matter.

 

 

Are you able to get into Safe mode or Safe mode with Networking?

 

In the command Prompt type:

 

msconfig

 

and hit Enter.

 

I think it should work.  Then  Go to Services tab and click on the box to hide Microsoft Services then uncheck

everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot.  Did that help?
 
You can also try a disk check.  From the Command Prompt type:
 
chkdsk  /f  c: 

and hit Enter.  It will probably need to reboot and should take a few hours to complete.


  • 0

#13
joy2mac
Posted 28 April 2014 - 09:24 PM

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Hi, 

 

I ran 'msconfig' from the Command Prompt in 'Safe Mode with Networking.' I was unable to login to Windows in normal mode (after typing my password and hitting Enter, Windows would log me off). 

 

Ran FRST and checked 'Additions' box but no 'Additions' log appeared in folder.

 

I ran the disk check from the Command Prompt in 'Safe Mode with Networking.' The Command Prompt said another system was using the function (?) and asked if I wanted to run disk check at restart. I selected 'y' for 'yes.' Restarted in 'Safe Mode with Networking.' 

 

System freezes at 'loading windows files' and says 'please wait' (but is frozen).

 

thank you,

 

joy


  • 0

#14
joy2mac
Posted 28 April 2014 - 09:29 PM

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

i tried restarting in 'Safe Mode' as well but it freezes in the same place as 'Safe Mode with Networking.'


  • 0

#15
RKinner
Posted 29 April 2014 - 01:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

If you can get to a command prompt then 

chkntfs  /x  c:

may stop the disk check if it is keeping you from going in to Safe Mode.  Have you tried the low resolution video option in Safe Mode?  


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: windows 7, slow startup, windows popup, desktop blackout, windows setup device, toolbar disappeared

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP