Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows wont load after running Malwarebytes [Solved]

Started by philborup , Dec 19 2015 09:19 AM
Malware boot windows

  • This topic is locked This topic is locked

#1
philborup
Posted 19 December 2015 - 09:19 AM

philborup

    New Member

  • Member
  • Pip
  • 9 posts

My laptop was running a bit slow and had the blue screen of death once so I thought I would start scanning for virus's, etc.  Ran AVG and everything was OK but when I ran Malwarebytes there was 31 infected files.  It asked me to restart and now it wont load windows.  It gets to the login screen but when I log in it goes to a black screen with a cursor and doesn't get past it.  I ran a boot repair, windows repair, avg repair, scanned system files and all was well there.  Nothing has been able to find anything.  I ran Farbar. Below is the log file.  Thanks to anyone who can help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-12-2015
Ran by SYSTEM on MININT-EN46LLQ (19-12-2015 14:29:10)
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-12-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
HKU\Jeri Warner\...\Policies\system: [LogonHoursAction] 2
HKU\Jeri Warner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-06-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-06-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.)
S4 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4378024 2015-11-23] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater40.2.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\ToolbarUpdater.exe [1923984 2015-12-10] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-10] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-12] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-11-23] (TuneUp Software)
S3 BcmSqlStartupSvc; no ImagePath
S2 CLKMSVC10_3A60B698; no ImagePath
S2 CLKMSVC10_C3B3B687; no ImagePath
S2 DriverService; no ImagePath
S2 IAStorDataMgrSvc; no ImagePath
S2 iATAgentService; no ImagePath
S2 idealife Update Service; no ImagePath
S3 IGRS; no ImagePath
S2 IviRegMgr; no ImagePath
S2 nvUpdatusService; no ImagePath
S2 Oasis2Service; no ImagePath
S2 PCCarerService; no ImagePath
S2 ReadyComm.DirectRouter; no ImagePath
S2 RichVideo; no ImagePath
S2 RtLedService; no ImagePath
S2 SeaPort; no ImagePath
S2 SoftwareService; no ImagePath
S3 SQLWriter; no ImagePath
S2 Stereo Service; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-19 14:28 - 2015-12-19 14:29 - 00000000 ____D C:\FRST
2015-12-19 04:12 - 2015-12-19 05:16 - 00126475 _____ C:\Windows\System32\avgrep.txt
2015-12-18 13:42 - 2015-12-18 13:42 - 00000000 _____ C:\Windows\Minidump\121815-45021-01.dmp
2015-12-13 23:26 - 2015-12-13 23:26 - 00003352 ____N C:\bootsqm.dat
2015-12-13 23:18 - 2015-12-13 23:18 - 00000000 __SHD C:\found.000
2015-12-13 00:00 - 2015-12-19 04:08 - 00641224 _____ C:\Windows\ntbtlog.txt
2015-12-12 22:56 - 2015-12-12 22:57 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-12-12 22:56 - 2015-12-12 22:56 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-12 22:56 - 2015-12-12 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-12 22:56 - 2015-12-12 22:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-12 22:56 - 2015-10-05 08:50 - 00109272 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-12-12 22:56 - 2015-10-05 08:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-12-12 22:56 - 2015-10-05 08:50 - 00025816 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2015-12-12 22:54 - 2015-12-12 22:55 - 22908888 _____ (Malwarebytes ) C:\Users\Jeri Warner\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-12 11:56 - 2015-12-18 13:41 - 417599213 _____ C:\Windows\MEMORY.DMP
2015-12-12 11:56 - 2015-12-12 11:56 - 00262144 _____ C:\Windows\Minidump\121215-67860-01.dmp
2015-12-12 08:59 - 2015-12-12 08:59 - 00000000 ____D C:\Users\Jeri Warner\Downloads\Autoruns
2015-12-12 08:35 - 2015-12-12 08:35 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2015-12-08 22:56 - 2015-12-08 22:56 - 00003694 _____ C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2015-12-08 22:09 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-12-08 22:09 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-12-08 22:09 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-12-08 22:09 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 22:09 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 22:09 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 22:09 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 22:09 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 22:09 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-12-08 22:09 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-12-08 22:09 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2015-12-08 22:09 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 22:09 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 22:09 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-12-08 22:09 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wshrm.dll
2015-12-08 22:09 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 22:09 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2015-12-08 22:09 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-08 22:09 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2015-12-08 22:09 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2015-12-08 22:09 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 22:09 - 2015-10-08 15:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\nlsbres.dll
2015-12-08 22:09 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 22:09 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\kbdgeoqw.dll
2015-12-08 22:09 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZEL.DLL
2015-12-08 22:09 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZE.DLL
2015-12-08 22:09 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 22:09 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 22:09 - 2015-10-08 15:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-08 22:09 - 2015-10-08 11:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 22:09 - 2015-10-08 10:52 - 00419928 _____ C:\Windows\System32\locale.nls
2015-12-08 22:08 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-12-08 22:08 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 22:08 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll
2015-12-08 22:08 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll
2015-12-08 22:08 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 22:08 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 22:08 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-12-08 22:08 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 22:08 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 22:08 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 22:08 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 22:08 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-12-08 22:08 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 22:08 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 22:08 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 22:08 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 22:08 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 22:08 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 22:08 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 22:08 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 22:08 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 22:08 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 22:08 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 22:08 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 22:08 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 22:08 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 22:08 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 22:08 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 22:08 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 22:08 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 22:08 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 22:08 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 22:08 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 22:08 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 22:08 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 22:08 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 22:08 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 22:08 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-12-08 22:08 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-12-08 22:08 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-12-08 22:08 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-12-08 22:08 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-12-08 22:08 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-12-08 22:08 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-12-08 22:08 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-12-08 22:08 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-12-08 22:08 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-12-08 22:08 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-12-08 22:08 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-12-08 22:08 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-12-08 22:08 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-12-08 22:08 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-12-08 22:08 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-12-08 22:08 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-12-08 22:08 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-12-08 22:08 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-12-08 22:08 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-12-08 22:08 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-12-08 22:08 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2015-12-08 22:08 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-12-08 22:08 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-12-08 22:08 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-12-08 22:08 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-12-08 22:08 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-12-08 22:08 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-12-08 22:08 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-12-08 22:08 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-12-08 22:08 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-12-08 22:05 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\System32\els.dll
2015-12-08 22:05 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 21:50 - 2015-11-23 15:41 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\TURegOpt.exe
2015-12-08 21:50 - 2015-11-23 15:37 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\authuitu.dll
2015-12-08 21:50 - 2015-11-23 15:37 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2015-12-08 21:44 - 2015-12-08 21:45 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\AVG Web TuneUp
2015-12-08 21:44 - 2015-12-08 21:44 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-12-08 21:44 - 2015-12-08 21:44 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-12-08 21:44 - 2015-12-08 21:44 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-12-08 21:44 - 2015-12-08 21:44 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-12-08 21:44 - 2015-12-08 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-08 21:43 - 2015-12-10 20:56 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-08 21:38 - 2015-12-08 21:49 - 00000000 ____D C:\Users\Jeri Warner\AppData\Roaming\AVG
2015-12-08 21:36 - 2015-12-08 21:36 - 00000000 ___HD C:\$AVG
2015-12-08 21:33 - 2015-12-08 21:33 - 00000938 _____ C:\Users\Public\Desktop\AVG.lnk
2015-12-08 21:31 - 2015-12-08 21:49 - 00000000 ____D C:\ProgramData\Avg
2015-12-08 21:29 - 2015-12-08 21:49 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\AvgSetupLog
2015-12-03 20:57 - 2015-12-03 20:57 - 00979002 _____ C:\Users\Jeri Warner\Downloads\Order11524344.pdf
2015-12-01 20:30 - 2015-12-12 11:56 - 00000000 ____D C:\Windows\Minidump
2015-12-01 20:12 - 2015-12-01 20:12 - 00276096 _____ C:\Users\Jeri Warner\Downloads\Estatement_Nov_2015_xxxxx7671 (1).pdf
2015-12-01 20:07 - 2015-12-01 20:07 - 00000165 ____H C:\Users\Jeri Warner\Documents\~$Budget.xlsx
2015-11-21 16:09 - 2015-11-21 16:09 - 00000000 ____D C:\d66b6423c0f7cd468496f353a94e86
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-19 13:01 - 2011-06-18 12:17 - 00122465 _____ C:\Windows\System32\fastboot.set
2015-12-19 13:01 - 2011-06-18 12:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-19 13:00 - 2013-10-22 20:02 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2015-12-19 13:00 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-18 14:22 - 2011-11-06 12:23 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\ElevatedDiagnostics
2015-12-18 14:21 - 2009-07-13 21:13 - 00166588 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-18 14:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-18 13:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-13 23:49 - 2013-02-24 15:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-13 23:27 - 2012-03-03 10:47 - 00000000 ____D C:\ProgramData\MFAData
2015-12-13 22:58 - 2009-07-13 20:45 - 00028928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-13 22:58 - 2009-07-13 20:45 - 00028928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-12 23:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2015-12-12 23:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2015-12-12 14:27 - 2011-06-18 12:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-12 14:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-12-12 09:03 - 2015-02-07 09:06 - 00004604 _____ C:\Windows\System32\Tasks\Validate Installation
2015-12-12 09:03 - 2015-02-07 09:06 - 00004398 _____ C:\Windows\System32\Tasks\Check Updates
2015-12-12 08:12 - 2014-11-19 20:09 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\Avg
2015-12-10 20:57 - 2011-06-18 12:13 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-10 20:57 - 2011-06-18 12:13 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-10 20:53 - 2009-07-13 20:45 - 00420664 _____ C:\Windows\System32\FNTCACHE.DAT
2015-12-08 23:49 - 2011-08-30 21:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 23:47 - 2013-03-13 19:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-08 23:47 - 2013-03-13 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 23:37 - 2013-08-16 17:00 - 00000000 ____D C:\Windows\System32\MRT
2015-12-08 23:36 - 2011-09-17 08:12 - 140158008 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-12-08 23:29 - 2013-02-24 15:40 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 23:29 - 2013-02-24 15:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 23:29 - 2013-02-24 15:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 22:55 - 2014-06-29 16:47 - 00000000 ____D C:\Users\Jeri Warner\AppData\Roaming\Skype
2015-12-08 22:55 - 2011-09-14 17:36 - 00000000 ____D C:\Users\Jeri Warner\Documents\Youcam
2015-12-08 22:55 - 2011-08-30 21:34 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\Microsoft Help
2015-12-08 22:55 - 2011-06-18 12:05 - 00000000 ____D C:\ProgramData\Temp
2015-12-08 22:55 - 2011-06-18 12:04 - 00000000 __HDC C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
2015-12-08 22:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2015-12-08 21:50 - 2011-08-30 19:31 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\VirtualStore
2015-12-08 21:49 - 2012-03-03 11:04 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-08 21:38 - 2015-06-30 19:08 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-07 23:23 - 2015-03-15 14:12 - 00000000 ____D C:\ProgramData\Comodo
2015-12-07 23:22 - 2011-06-18 12:13 - 00000000 ____D C:\Program Files\Google
2015-12-07 23:22 - 2011-06-18 12:12 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-07 22:15 - 2011-08-30 19:02 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\Google
2015-12-07 22:15 - 2011-06-18 12:13 - 00000000 ____D C:\ProgramData\Google
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-08 22:09] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A
 
C:\Windows\SysWOW64\User32.dll
[2015-12-08 22:09] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2015-12-19 04:38
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8106.17 MB
Available physical RAM: 7282.91 MB
Total Virtual: 8104.37 MB
Available Virtual: 7274.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:343.61 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.2 GB) NTFS
Drive g: (MALLORIE) (Removable) (Total:3.73 GB) (Free:3.04 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 39D06D3A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2015-12-12 14:16
 
==================== End of FRST.txt ============================

  • 0

Advertisements

#2
philborup
Posted 19 December 2015 - 09:21 AM

philborup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Oh yeah, I forgot to tell you that it will boot into safe mode.  Not sure if that is relevant or not.  Thanks again.


  • 0

#3
Essexboy
Posted 19 December 2015 - 09:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
After this could you try a normal boot please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-06-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-06-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
2015-12-08 22:55 - 2011-06-18 12:04 - 00000000 __HDC C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
2015-12-07 23:23 - 2015-03-15 14:12 - 00000000 ____D C:\ProgramData\Comodo
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
cmd: sfc /scanfile=C:\Windows\system32\User32.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\User32.dll
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#4
philborup
Posted 19 December 2015 - 12:25 PM

philborup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I ran the fixlist.txt that you gave me.  I tried a normal boot afterwards and it still doesn't load windows.  Below is the fixlog you asked me to provide.  Thanks.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:19-12-2015
Ran by SYSTEM (2015-12-19 18:20:58) Run:1
Running from g:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-06-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-06-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
2015-12-08 22:55 - 2011-06-18 12:04 - 00000000 __HDC C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
2015-12-07 23:23 - 2015-03-15 14:12 - 00000000 ____D C:\ProgramData\Comodo
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
cmd: sfc /scanfile=C:\Windows\system32\User32.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\User32.dll
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
HKLM\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => value restored successfully
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => moved successfully
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => moved successfully
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F} => moved successfully
C:\ProgramData\Comodo => moved successfully
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
RemoveProxy: => Error: The entry should be fixed outside recovery mode.
 
=========  sfc /scanfile=C:\Windows\system32\User32.dll =========
 
 
 
 
There is a system repair pending which requires reboot to complete.  Restart 
 
Windows and run sfc again.
 
 
========= End of CMD: =========
 
 
=========  sfc /scanfile=C:\Windows\SysWOW64\User32.dll =========
 
 
 
 
There is a system repair pending which requires reboot to complete.  Restart 
 
Windows and run sfc again.
 
 
========= End of CMD: =========
 
EmptyTemp: => Error: This directive works only outside recovery mode.
 
=========  bitsadmin /reset /allusers =========
 
'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
==== End of Fixlog 18:20:59 ====

  • 0

#5
philborup
Posted 19 December 2015 - 12:43 PM

philborup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

The log file suggested that I run sfc.  I did that and it did not find any issues.


  • 0

#6
Essexboy
Posted 19 December 2015 - 12:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have the malwarebytes log from the run that started this ? if so could you post it
  • 0

#7
philborup
Posted 19 December 2015 - 12:59 PM

philborup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Here is the Malwarebytes log information.

 

 

<?xml version="1.0" encoding="UTF-16"?>
 
-<mbam-log>
 
 
-<header>
 
<date>2015/12/12 23:58:32 -0700</date>
 
<logfile>mbam-log-2015-12-12 (23-58-28).xml</logfile>
 
<isadmin>yes</isadmin>
 
</header>
 
 
-<engine>
 
<version>2.2.0.1024</version>
 
<malware-database>v2015.12.13.02</malware-database>
 
<rootkit-database>v2015.12.07.01</rootkit-database>
 
<license>trial</license>
 
<file-protection>enabled</file-protection>
 
<web-protection>enabled</web-protection>
 
<self-protection>disabled</self-protection>
 
</engine>
 
 
-<system>
 
<hostname>JERIWARNER-PC</hostname>
 
<ip>192.168.1.6</ip>
 
<osversion>Windows 7 Service Pack 1</osversion>
 
<arch>x64</arch>
 
<username>Jeri Warner</username>
 
<filesys>NTFS</filesys>
 
</system>
 
 
-<summary>
 
<type>threat</type>
 
<result>completed</result>
 
<objects>334962</objects>
 
<time>1617</time>
 
<processes>0</processes>
 
<modules>0</modules>
 
<keys>6</keys>
 
<values>3</values>
 
<datas>0</datas>
 
<folders>3</folders>
 
<files>19</files>
 
<sectors>0</sectors>
 
</summary>
 
 
-<options>
 
<memory>enabled</memory>
 
<startup>enabled</startup>
 
<filesystem>enabled</filesystem>
 
<archives>enabled</archives>
 
<rootkits>disabled</rootkits>
 
<deeprootkit>disabled</deeprootkit>
 
<heuristics>enabled</heuristics>
 
<pup>enabled</pup>
 
<pum>enabled</pum>
 
</options>
 
 
-<items>
 
 
-<key>
 
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GeniusBox</path>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>delete-on-reboot</action>
 
<hash>a1f5693bfb900f277ac2692dbf44639d</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\GeniusBox</path>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>success</action>
 
<hash>7d198420dbb0e056a8919bfbc43f837d</hash>
 
</key>
 
 
-<key>
 
<path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\KNLNHGOPPKOFGOIEELFLGBBICOGANOFL</path>
 
<vendor>PUP.Optional.ConduitTB.Gen</vendor>
 
<action>success</action>
 
<hash>ff97aff5a6e5a195405a3b71d13130d0</hash>
 
</key>
 
 
-<key>
 
<path>HKU\S-1-5-21-147077311-3248473044-2973788290-1001\SOFTWARE\geniusboxinstalled</path>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>success</action>
 
<hash>01951490414ace683502bcda6d969967</hash>
 
</key>
 
 
-<key>
 
<path>HKU\S-1-5-21-147077311-3248473044-2973788290-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E5F86C26-49D7-4E1A-AF0F-64D21DD0243F}</path>
 
<vendor>PUP.Optional.Spigot</vendor>
 
<action>success</action>
 
<hash>e6b0d9cbfb908fa7021b486d3bc8966a</hash>
 
</key>
 
 
-<key>
 
<path>HKU\S-1-5-21-147077311-3248473044-2973788290-1001\SOFTWARE\SEARCH EXTENSIONS</path>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>success</action>
 
<hash>3b5b7c28f39870c6e4544e48a85b837d</hash>
 
</key>
 
 
-<value>
 
<path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\knlnhgoppkofgoieelflgbbicoganofl</path>
 
<valuename>path</valuename>
 
<vendor>PUP.Optional.ConduitTB.Gen</vendor>
 
<action>success</action>
 
<valuedata>C:\Users\Jeri Warner\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx</valuedata>
 
<hash>ff97aff5a6e5a195405a3b71d13130d0</hash>
 
</value>
 
 
-<value>
 
<path>HKU\S-1-5-21-147077311-3248473044-2973788290-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E5F86C26-49D7-4E1A-AF0F-64D21DD0243F}</path>
 
<valuename>URL</valuename>
 
<vendor>PUP.Optional.Spigot</vendor>
 
<action>success</action>
 
 
<hash>e6b0d9cbfb908fa7021b486d3bc8966a</hash>
 
</value>
 
 
-<value>
 
<path>HKU\S-1-5-21-147077311-3248473044-2973788290-1001\SOFTWARE\SEARCH EXTENSIONS</path>
 
<valuename>GeniusBox</valuename>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>success</action>
 
<valuedata>1</valuedata>
 
<hash>3b5b7c28f39870c6e4544e48a85b837d</hash>
 
</value>
 
 
-<folder>
 
<path>C:\Users\Jeri Warner\AppData\Local\CRE</path>
 
<vendor>PUP.Optional.ConduitTB.Gen</vendor>
 
<action>success</action>
 
<hash>efa7f3b193f8132322778923b64cfa06</hash>
 
</folder>
 
 
-<folder>
 
<path>C:\Users\Jeri Warner\AppData\Local\browser extensions</path>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>success</action>
 
<hash>fa9c287c8ffcde58121fcaccd52e29d7</hash>
 
</folder>
 
 
-<folder>
 
<path>C:\Users\Jeri Warner\AppData\Local\browser extensions\Resources</path>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>success</action>
 
<hash>fa9c287c8ffcde58121fcaccd52e29d7</hash>
 
</folder>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\CRE\knlnhgoppkofgoieelflgbbicoganofl.crx</path>
 
<vendor>PUP.Optional.ConduitTB.Gen</vendor>
 
<action>success</action>
 
<hash>efa7f3b193f8132322778923b64cfa06</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>cdc9ecb8ccbf8ea866733e4a7d8613ed</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>0a8c9b09cebd211504d54543f40f4fb1</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\browser extensions\settings.config</path>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>success</action>
 
<hash>fa9c287c8ffcde58121fcaccd52e29d7</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\browser extensions\makecert.exe</path>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>success</action>
 
<hash>fa9c287c8ffcde58121fcaccd52e29d7</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\browser extensions\TrustedRoot.cer</path>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>success</action>
 
<hash>fa9c287c8ffcde58121fcaccd52e29d7</hash>
 
</file>
 
 
-<file>
 
<path>C:\Windows\System32\Tasks\GeniusBox</path>
 
<vendor>PUP.Optional.GeniusBox</vendor>
 
<action>success</action>
 
<hash>2373d2d252394ee8cd674e4845be43bd</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage</path>
 
<vendor>PUP.Optional.PriceGong</vendor>
 
<action>success</action>
 
<hash>6e28ebb9404b6acc15ef4d5ef01325db</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.PriceGong</vendor>
 
<action>success</action>
 
<hash>33633074e8a385b1be468f1ced1644bc</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>b7dfb2f2c8c3a98db13aa7595ba93fc1</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>dabcfaaab6d5181e03e84ab6db290ff1</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>9cfa6d377417fa3c28c332ceba4adf21</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>4452c0e42d5ea690ba3155abef15e020</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>85111490abe053e3915a03fdc341669a</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>4056dfc593f851e5f8f3a65ab252c937</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>a4f20a9a2f5c9c9a42a9b64a9371847c</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_social.conduit.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>b0e6b0f4781381b58962976915ef9c64</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>791dd4d084071c1abf2c12ee020255ab</hash>
 
</file>
 
 
-<file>
 
<path>C:\Users\Jeri Warner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal</path>
 
<vendor>PUP.Optional.Conduit</vendor>
 
<action>success</action>
 
<hash>781e22823b5011255e8d48b84bb9e917</hash>
 
</file>
 
</items>
 
</mbam-log>

  • 0

#8
Essexboy
Posted 19 December 2015 - 01:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run this fix and then try normal mode again. If that fails could I have a fresh FRST scan

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

S2 idealife Update Service; no ImagePath


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#9
philborup
Posted 19 December 2015 - 02:47 PM

philborup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I ran the fixlist and it is still not working.  Below is the fixlog.  I am running a new FRST scan now.  I will post the new log file as soon as it is finished.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:19-12-2015
Ran by SYSTEM (2015-12-19 19:40:31) Run:2
Running from g:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
S2 idealife Update Service; no ImagePath
*****************
 
idealife Update Service => service removed successfully
 
==== End of Fixlog 19:40:31 ====

  • 0

#10
philborup
Posted 19 December 2015 - 02:50 PM

philborup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Here is the new FRST log.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-12-2015
Ran by SYSTEM on MININT-HUD3LFG (19-12-2015 20:47:25)
Running from g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-12-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Jeri Warner\...\Policies\system: [LogonHoursAction] 2
HKU\Jeri Warner\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.)
S4 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4378024 2015-11-23] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater40.2.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\ToolbarUpdater.exe [1923984 2015-12-10] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-10] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-12] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-11-23] (TuneUp Software)
S3 BcmSqlStartupSvc; no ImagePath
S2 CLKMSVC10_3A60B698; no ImagePath
S2 CLKMSVC10_C3B3B687; no ImagePath
S2 DriverService; no ImagePath
S2 IAStorDataMgrSvc; no ImagePath
S2 iATAgentService; no ImagePath
S3 IGRS; no ImagePath
S2 IviRegMgr; no ImagePath
S2 nvUpdatusService; no ImagePath
S2 Oasis2Service; no ImagePath
S2 PCCarerService; no ImagePath
S2 ReadyComm.DirectRouter; no ImagePath
S2 RichVideo; no ImagePath
S2 RtLedService; no ImagePath
S2 SeaPort; no ImagePath
S2 SoftwareService; no ImagePath
S3 SQLWriter; no ImagePath
S2 Stereo Service; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-19 14:28 - 2015-12-19 20:47 - 00000000 ____D C:\FRST
2015-12-19 04:12 - 2015-12-19 05:16 - 00126475 _____ C:\Windows\System32\avgrep.txt
2015-12-18 13:42 - 2015-12-18 13:42 - 00000000 _____ C:\Windows\Minidump\121815-45021-01.dmp
2015-12-13 23:26 - 2015-12-13 23:26 - 00003352 ____N C:\bootsqm.dat
2015-12-13 23:18 - 2015-12-13 23:18 - 00000000 __SHD C:\found.000
2015-12-13 00:00 - 2015-12-19 17:56 - 00861190 _____ C:\Windows\ntbtlog.txt
2015-12-12 22:56 - 2015-12-12 22:57 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-12-12 22:56 - 2015-12-12 22:56 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-12 22:56 - 2015-12-12 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-12 22:56 - 2015-12-12 22:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-12 22:56 - 2015-10-05 08:50 - 00109272 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-12-12 22:56 - 2015-10-05 08:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-12-12 22:56 - 2015-10-05 08:50 - 00025816 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2015-12-12 22:54 - 2015-12-12 22:55 - 22908888 _____ (Malwarebytes ) C:\Users\Jeri Warner\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-12 11:56 - 2015-12-18 13:41 - 417599213 _____ C:\Windows\MEMORY.DMP
2015-12-12 11:56 - 2015-12-12 11:56 - 00262144 _____ C:\Windows\Minidump\121215-67860-01.dmp
2015-12-12 08:59 - 2015-12-12 08:59 - 00000000 ____D C:\Users\Jeri Warner\Downloads\Autoruns
2015-12-12 08:35 - 2015-12-12 08:35 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2015-12-08 22:56 - 2015-12-08 22:56 - 00003694 _____ C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2015-12-08 22:09 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-12-08 22:09 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-12-08 22:09 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-12-08 22:09 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-12-08 22:09 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 22:09 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 22:09 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 22:09 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 22:09 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 22:09 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-12-08 22:09 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-12-08 22:09 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2015-12-08 22:09 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 22:09 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 22:09 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-12-08 22:09 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wshrm.dll
2015-12-08 22:09 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 22:09 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2015-12-08 22:09 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-08 22:09 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2015-12-08 22:09 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2015-12-08 22:09 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 22:09 - 2015-10-08 15:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\nlsbres.dll
2015-12-08 22:09 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 22:09 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\kbdgeoqw.dll
2015-12-08 22:09 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZEL.DLL
2015-12-08 22:09 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZE.DLL
2015-12-08 22:09 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 22:09 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 22:09 - 2015-10-08 15:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-08 22:09 - 2015-10-08 11:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 22:09 - 2015-10-08 10:52 - 00419928 _____ C:\Windows\System32\locale.nls
2015-12-08 22:08 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-12-08 22:08 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 22:08 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll
2015-12-08 22:08 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll
2015-12-08 22:08 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 22:08 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 22:08 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-12-08 22:08 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 22:08 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 22:08 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 22:08 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 22:08 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-12-08 22:08 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 22:08 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 22:08 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 22:08 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 22:08 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 22:08 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 22:08 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 22:08 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 22:08 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 22:08 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 22:08 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 22:08 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 22:08 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 22:08 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 22:08 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 22:08 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 22:08 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 22:08 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 22:08 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 22:08 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 22:08 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 22:08 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 22:08 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 22:08 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 22:08 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 22:08 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-12-08 22:08 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-12-08 22:08 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-12-08 22:08 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-12-08 22:08 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-12-08 22:08 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-12-08 22:08 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-12-08 22:08 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-12-08 22:08 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-12-08 22:08 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-12-08 22:08 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-12-08 22:08 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-12-08 22:08 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-12-08 22:08 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-12-08 22:08 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-12-08 22:08 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-12-08 22:08 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-12-08 22:08 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-12-08 22:08 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-12-08 22:08 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-12-08 22:08 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-12-08 22:08 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2015-12-08 22:08 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-12-08 22:08 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-12-08 22:08 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-12-08 22:08 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-12-08 22:08 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-12-08 22:08 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-12-08 22:08 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-12-08 22:08 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-12-08 22:08 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-12-08 22:05 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\System32\els.dll
2015-12-08 22:05 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 21:50 - 2015-11-23 15:41 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\TURegOpt.exe
2015-12-08 21:50 - 2015-11-23 15:37 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\authuitu.dll
2015-12-08 21:50 - 2015-11-23 15:37 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2015-12-08 21:44 - 2015-12-08 21:45 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\AVG Web TuneUp
2015-12-08 21:44 - 2015-12-08 21:44 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-12-08 21:44 - 2015-12-08 21:44 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-12-08 21:44 - 2015-12-08 21:44 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-12-08 21:44 - 2015-12-08 21:44 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-12-08 21:44 - 2015-12-08 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-08 21:43 - 2015-12-10 20:56 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-08 21:38 - 2015-12-08 21:49 - 00000000 ____D C:\Users\Jeri Warner\AppData\Roaming\AVG
2015-12-08 21:36 - 2015-12-08 21:36 - 00000000 ___HD C:\$AVG
2015-12-08 21:33 - 2015-12-08 21:33 - 00000938 _____ C:\Users\Public\Desktop\AVG.lnk
2015-12-08 21:31 - 2015-12-08 21:49 - 00000000 ____D C:\ProgramData\Avg
2015-12-08 21:29 - 2015-12-08 21:49 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\AvgSetupLog
2015-12-03 20:57 - 2015-12-03 20:57 - 00979002 _____ C:\Users\Jeri Warner\Downloads\Order11524344.pdf
2015-12-01 20:30 - 2015-12-12 11:56 - 00000000 ____D C:\Windows\Minidump
2015-12-01 20:12 - 2015-12-01 20:12 - 00276096 _____ C:\Users\Jeri Warner\Downloads\Estatement_Nov_2015_xxxxx7671 (1).pdf
2015-12-01 20:07 - 2015-12-01 20:07 - 00000165 ____H C:\Users\Jeri Warner\Documents\~$Budget.xlsx
2015-11-21 16:09 - 2015-11-21 16:09 - 00000000 ____D C:\d66b6423c0f7cd468496f353a94e86
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-19 19:40 - 2012-03-03 10:47 - 00000000 ____D C:\ProgramData\MFAData
2015-12-19 19:39 - 2013-10-22 20:02 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2015-12-19 19:39 - 2011-06-18 12:17 - 00121673 _____ C:\Windows\System32\fastboot.set
2015-12-19 19:39 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-19 18:20 - 2011-06-18 12:04 - 00000000 ____D C:\ProgramData\Best Buy pc app
2015-12-19 17:56 - 2009-07-13 21:13 - 00166588 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-19 17:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-19 13:39 - 2011-06-18 12:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-18 14:22 - 2011-11-06 12:23 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\ElevatedDiagnostics
2015-12-18 13:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-13 23:49 - 2013-02-24 15:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-13 22:58 - 2009-07-13 20:45 - 00028928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-13 22:58 - 2009-07-13 20:45 - 00028928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-12 23:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2015-12-12 23:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2015-12-12 14:27 - 2011-06-18 12:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-12 14:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-12-12 09:03 - 2015-02-07 09:06 - 00004604 _____ C:\Windows\System32\Tasks\Validate Installation
2015-12-12 09:03 - 2015-02-07 09:06 - 00004398 _____ C:\Windows\System32\Tasks\Check Updates
2015-12-12 08:12 - 2014-11-19 20:09 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\Avg
2015-12-10 20:57 - 2011-06-18 12:13 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-10 20:57 - 2011-06-18 12:13 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-10 20:53 - 2009-07-13 20:45 - 00420664 _____ C:\Windows\System32\FNTCACHE.DAT
2015-12-08 23:49 - 2011-08-30 21:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 23:47 - 2013-03-13 19:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-08 23:47 - 2013-03-13 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 23:37 - 2013-08-16 17:00 - 00000000 ____D C:\Windows\System32\MRT
2015-12-08 23:36 - 2011-09-17 08:12 - 140158008 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-12-08 23:29 - 2013-02-24 15:40 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 23:29 - 2013-02-24 15:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 23:29 - 2013-02-24 15:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 22:55 - 2014-06-29 16:47 - 00000000 ____D C:\Users\Jeri Warner\AppData\Roaming\Skype
2015-12-08 22:55 - 2011-09-14 17:36 - 00000000 ____D C:\Users\Jeri Warner\Documents\Youcam
2015-12-08 22:55 - 2011-08-30 21:34 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\Microsoft Help
2015-12-08 22:55 - 2011-06-18 12:05 - 00000000 ____D C:\ProgramData\Temp
2015-12-08 22:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2015-12-08 21:50 - 2011-08-30 19:31 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\VirtualStore
2015-12-08 21:49 - 2012-03-03 11:04 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-08 21:38 - 2015-06-30 19:08 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-07 23:22 - 2011-06-18 12:13 - 00000000 ____D C:\Program Files\Google
2015-12-07 23:22 - 2011-06-18 12:12 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-07 22:15 - 2011-08-30 19:02 - 00000000 ____D C:\Users\Jeri Warner\AppData\Local\Google
2015-12-07 22:15 - 2011-06-18 12:13 - 00000000 ____D C:\ProgramData\Google
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-08 22:09] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A
 
C:\Windows\SysWOW64\User32.dll
[2015-12-08 22:09] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2015-12-19 18:20
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8106.17 MB
Available physical RAM: 7283.93 MB
Total Virtual: 8104.37 MB
Available Virtual: 7273.76 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:344.97 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.2 GB) NTFS
Drive g: (MALLORIE) (Removable) (Total:3.73 GB) (Free:3.04 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 39D06D3A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2015-12-12 14:16
 
==================== End of FRST.txt ============================

  • 0

Advertisements

#11
Essexboy
Posted 19 December 2015 - 03:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK time for a different tack and decide if a specific service is responsible for this
 
To that end we will set the system for a clean boot, this should enable use to get to normal mode

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.

Does the system go to normal boot ?
  • 0

#12
philborup
Posted 19 December 2015 - 03:31 PM

philborup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Yes, it booted normally this time.


  • 0

#13
Essexboy
Posted 19 December 2015 - 03:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now the boring bit

In normal mode open MSConfig as before
Go to the services tab and re-enable half of those that you disabled
Reboot

If it still boots normally then re-enable half of the remaining services and reboot
The aim is to isolate the dodgy service
  • 0

#14
philborup
Posted 19 December 2015 - 09:06 PM

philborup

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

OK, it ended up to be Malwarebytes itself.  I uninstalled it and it seems to be working fine now.  Thanks so much for the help.


  • 0

#15
Essexboy
Posted 20 December 2015 - 04:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Malware, boot, windows

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP