1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Black screen

Discussion in 'Malware and Virus Removal Archive' started by SVEN, 2014/08/27.

  1. 2014/08/27
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    [Inactive] Black screen

    Hi Broni

    I have a problem with my son’s computer.
    It is a Toshiba laptop.
    He tells me ever since he went on you tube, he has pictures coming up with a field to type in where he wants to go, like the address bar in IE.
    This worked for a while, but now the computer will boot, but it will not display the start page.
    BTW he is running win 8. After about 5 minutes I am able to hit alt-Ctrl- Del and I managed to bring up task manager. I found that the CPU usage is at 98%. I shut down the windows defender module, and it dropped to 48%. After exiting task manager it still does not display the desktop.
    Since I cannot get to the desk top, I cannot run anything, so I don’t know how to proceed.
    Anything I can do?

    Thanks
    Sven
     
    SVEN,
    #1
  2. 2014/08/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
    NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    [color= "#0000FF"]To enter System Recovery Options from the Advanced Boot Options:[/color]
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    [color= "#0000FF"]To enter System Recovery Options by using Windows installation disc:[/color]
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    [color= "#008000"]On the System Recovery Options menu you will get the following options:[/color]

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type [color= "#FF0000"]e[/color]:\frst (for x64 bit version type [color= "#FF0000"]e[/color]:\frst64) and press Enter
      Note: Replace letter [color= "#FF0000"]e[/color] with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     

  3. to hide this advert.

  4. 2014/08/27
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    Hi Broni
    thanks for your responce.
    i got very nervouis when this happend and i used a restore point to get my son's computer back up.
    For now it is fixed. if i have further problems, i will contact you again
    Thanks
    Sven
     
    SVEN,
    #3
  5. 2014/08/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Thanks for letting me know :)
     
  6. 2014/08/31
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    all was fine, but then it came back.
    now he has the black screen and the restore point I used to get it back now ask if I want to undo the restore.
    I don't know what he is doing, but there must be some virus or something.
    I downloaded Frst to a flash drive, but I can not see anything on the infected computer.
    I can not run explorer from task manager it gives me an error. however, I can see his computer in my home group. I guess I could transfer the file from there and execute from my computer???

    let me know
    Thanks
    Thanks
    Sven
     
    SVEN,
    #5
  7. 2014/08/31
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    Hi Broni
    finally got this scan going. took me some time getting to the command prompt.
    here is the log

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
    Ran by Glenn Albrecht (administrator) on GLENN-ALBRECHT on 31-08-2014 19:49:37
    Running from e:\
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
    (Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
    (Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
    HKLM-x32\...\Run: [SiteRanker] => C:\Program Files (x86)\SiteRanker\SiteRankTray.exe [1084888 2014-08-05] (Crawler, LLC)
    HKLM-x32\...\Run: [AppGraffiti] => C:\Program Files (x86)\AppGraffiti\AppGraffiti.exe [1220544 2014-07-09] (Omega Partners Ltd)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\RunOnce: [*Restore] => C:\windows\System32\rstrui.exe [271872 2012-07-25] (Microsoft Corporation)
    HKU\S-1-5-21-2903399067-3957989209-2392072847-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
    HKU\S-1-5-21-2903399067-3957989209-2392072847-1001\...\Run: [AGupdate] => C:\Program Files (x86)\AppGraffiti\AGupdate.exe [894048 2013-03-19] (Omega Partners Ltd)
    HKU\S-1-5-21-2903399067-3957989209-2392072847-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-14] (Client Connect LTD)
    AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-14] (Client Connect LTD)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_dsit...GyEyEyCtCzz0E0CyDzytAyC0B2Q&cr=1943050506&ir=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_dsit...GyEyEyCtCzz0E0CyDzytAyC0B2Q&cr=1943050506&ir=
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {EA93D7FC-72D1-4EE3-8443-F425FD8187D5} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites03_14_22_ie&cd=2XzuyEtN2Y1L1QzutByE0F0DyDtBzyyD0C0D0E0B0B0A0B0CtN0D0Tzu0SzzyByBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0AyDtAyDtByD0EtGzz0AtBtBtGtD0DtDtBtGyCyEtC0FtGyDtB0AyCyByCtA0CtCzztA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0DtDyDyD0FyBtGyDyEyE0AtG0CyDyEyCtGzztDzzyCtGyEyEyCtCzz0E0CyDzytAyC0B2Q&cr=1943050506&ir=
    SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
    SearchScopes: HKLM - {EA93D7FC-72D1-4EE3-8443-F425FD8187D5} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites03_14_22_ie&cd=2XzuyEtN2Y1L1QzutByE0F0DyDtBzyyD0C0D0E0B0B0A0B0CtN0D0Tzu0SzzyByBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0AyDtAyDtByD0EtGzz0AtBtBtGtD0DtDtBtGyCyEtC0FtGyDtB0AyCyByCtA0CtCzztA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0DtDyDyD0FyBtGyDyEyE0AtG0CyDyEyCtGzztDzzyCtGyEyEyCtCzz0E0CyDzytAyC0B2Q&cr=1943050506&ir=
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {EA93D7FC-72D1-4EE3-8443-F425FD8187D5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
    SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3325871&octid=EB_ORIGINAL_CTID&ISID=b2143a10-98d6-4c92-bd75-32aa4a91b4dd&SearchSource=58&CUI=&UM=6&UP=SP5D30036C-8F32-42D0-8CDE-A0067520FE7A&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3325871&octid=EB_ORIGINAL_CTID&ISID=b2143a10-98d6-4c92-bd75-32aa4a91b4dd&SearchSource=58&CUI=&UM=6&UP=SP5D30036C-8F32-42D0-8CDE-A0067520FE7A&q={searchTerms}&SSPV=
    BHO: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteR64.dll (Crawler, LLC)
    BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\Program Files (x86)\AppGraffiti\AppGraffiti64.dll (Omega Partners Ltd)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
    BHO-x32: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Glenn Albrecht\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Glenn Albrecht\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox
    FF Extension: SiteRanker - C:\Program Files (x86)\SiteRanker\firefox [2014-08-05]

    Chrome:
    =======

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
    R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
    R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2991552 2014-08-14] (Client Connect LTD)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
    R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
    S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
    R3 sxuptp; C:\Windows\System32\drivers\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
    R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-31 19:49 - 2014-08-31 19:49 - 00000000 ____D () C:\FRST
    2014-08-31 16:04 - 2014-08-31 16:07 - 05330770 _____ () C:\Users\Glenn Albrecht\Documents\client-mod.swf
    2014-08-28 14:00 - 2014-08-31 18:43 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robocraft
    2014-08-28 14:00 - 2014-08-28 14:00 - 00000000 ____D () C:\Games
    2014-08-28 08:31 - 2014-08-01 17:15 - 00704480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-08-28 08:31 - 2014-08-01 17:15 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-08-27 20:58 - 2014-07-15 15:51 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
    2014-08-27 20:54 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
    2014-08-27 20:54 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
    2014-08-27 20:00 - 2014-06-12 18:57 - 01453400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
    2014-08-27 20:00 - 2014-06-12 18:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
    2014-08-27 20:00 - 2014-05-28 21:04 - 00094552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
    2014-08-27 20:00 - 2014-05-07 18:34 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
    2014-08-27 19:54 - 2014-07-24 05:09 - 19279872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-08-27 19:53 - 2014-07-24 05:09 - 15399936 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-08-27 19:53 - 2014-07-24 05:09 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-08-27 19:53 - 2014-07-24 05:09 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-08-27 19:53 - 2014-07-24 03:51 - 14371328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-08-27 19:53 - 2014-07-24 03:51 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-08-27 19:53 - 2014-07-24 03:51 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-08-27 19:52 - 2014-07-24 05:11 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-08-27 19:52 - 2014-07-24 05:10 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-08-27 19:52 - 2014-07-24 05:10 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-08-27 19:52 - 2014-07-24 05:10 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
    2014-08-27 19:52 - 2014-07-24 05:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-08-27 19:52 - 2014-07-24 05:09 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-08-27 19:52 - 2014-07-24 03:52 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-08-27 19:52 - 2014-07-24 03:52 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-08-27 19:52 - 2014-07-24 03:52 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-08-27 19:52 - 2014-07-24 03:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-08-27 19:52 - 2014-07-24 03:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-08-27 19:52 - 2014-07-24 03:29 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-08-27 19:52 - 2014-07-24 01:03 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
    2014-08-27 19:51 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-08-27 19:51 - 2014-08-06 23:33 - 00712192 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-08-27 19:51 - 2014-08-06 20:09 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-08-27 19:51 - 2014-07-15 16:03 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2014-08-27 19:51 - 2014-07-11 19:36 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2014-08-27 19:51 - 2014-06-05 10:56 - 00112984 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2014-08-27 19:51 - 2014-06-05 10:30 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
    2014-08-27 19:51 - 2014-06-05 10:29 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-08-27 19:51 - 2014-06-05 10:29 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2014-08-27 19:51 - 2014-06-05 10:28 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2014-08-27 19:51 - 2014-06-05 10:28 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2014-08-27 19:51 - 2014-06-05 06:12 - 08857600 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
    2014-08-27 19:51 - 2014-06-05 06:11 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-08-27 19:51 - 2014-06-05 06:11 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2014-08-27 19:51 - 2014-06-05 06:10 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2014-08-27 19:51 - 2014-06-05 06:10 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
    2014-08-27 19:50 - 2014-06-19 16:35 - 01312768 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2014-08-27 19:50 - 2014-06-19 15:24 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2014-08-27 18:36 - 2014-05-19 19:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-08-27 18:36 - 2014-05-19 16:45 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-08-27 18:36 - 2014-05-19 16:45 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-08-27 18:30 - 2014-05-14 15:43 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-08-27 18:30 - 2014-05-14 15:43 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-08-27 18:30 - 2014-05-14 15:42 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-08-27 18:30 - 2014-05-14 15:42 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-08-22 17:30 - 2014-08-22 17:58 - 00000184 _____ () C:\Users\Glenn Albrecht\Downloads\eula.txt
    2014-08-02 14:32 - 2014-08-02 14:32 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\LolClient
    2014-08-01 21:17 - 2014-08-01 21:17 - 00000000 ____D () C:\ProgramData\Riot Games
    2014-08-01 21:14 - 2014-08-01 21:14 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
    2014-08-01 21:14 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
    2014-08-01 21:14 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
    2014-08-01 21:14 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
    2014-08-01 21:13 - 2014-08-01 21:13 - 00000000 ____D () C:\Riot Games
    2014-08-01 21:13 - 2014-08-01 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
    2014-08-01 21:09 - 2014-08-31 18:43 - 00000000 ____D () C:\ProgramData\PMB Files
    2014-08-01 21:09 - 2014-08-31 15:13 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\PMB Files
    2014-08-01 21:06 - 2014-08-31 18:43 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Riot Games

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-31 19:49 - 2014-08-31 19:49 - 00000000 ____D () C:\FRST
    2014-08-31 19:32 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-08-31 19:21 - 2013-08-10 10:59 - 01259677 _____ () C:\windows\WindowsUpdate.log
    2014-08-31 19:15 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
    2014-08-31 19:10 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-08-31 18:44 - 2014-07-27 14:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-08-31 18:44 - 2013-09-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-08-31 18:43 - 2014-08-28 14:00 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robocraft
    2014-08-31 18:43 - 2014-08-01 21:09 - 00000000 ____D () C:\ProgramData\PMB Files
    2014-08-31 18:43 - 2014-08-01 21:06 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Riot Games
    2014-08-31 18:43 - 2014-07-27 14:54 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Skype
    2014-08-31 18:43 - 2014-07-27 14:50 - 00000000 ____D () C:\Users\Glenn Albrecht\Downloads\Skype_TSV1AHZ6E
    2014-08-31 18:43 - 2014-07-13 15:17 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Ubisoft
    2014-08-31 18:43 - 2014-06-06 17:37 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Unity
    2014-08-31 18:43 - 2014-06-06 17:36 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Apps\2.0
    2014-08-31 18:43 - 2014-05-26 11:06 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\1H1Q
    2014-08-31 18:43 - 2013-09-06 21:33 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
    2014-08-31 18:43 - 2013-09-06 21:30 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Warframe
    2014-08-31 18:43 - 2013-09-06 20:20 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2014-08-31 18:43 - 2013-08-10 12:00 - 00000000 ___SD () C:\Users\Glenn Albrecht\Documents\My Webs
    2014-08-31 18:43 - 2013-08-10 12:00 - 00000000 ___SD () C:\Users\Glenn Albrecht\Documents\My Data Sources
    2014-08-31 18:43 - 2013-08-10 11:14 - 00000000 ___RD () C:\Users\Glenn Albrecht\SkyDrive
    2014-08-31 18:43 - 2013-08-10 11:03 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\TOSHIBA
    2014-08-31 18:43 - 2013-08-10 10:59 - 00000000 ___RD () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-08-31 18:43 - 2013-08-10 10:59 - 00000000 ___RD () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-08-31 18:43 - 2013-08-10 10:59 - 00000000 ___RD () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-08-31 18:43 - 2013-08-10 10:59 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-08-31 18:43 - 2013-08-10 10:59 - 00000000 ____D () C:\Users\Glenn Albrecht
    2014-08-31 18:43 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries
    2014-08-31 18:43 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-08-31 18:42 - 2014-07-10 07:28 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-08-31 18:42 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
    2014-08-31 18:42 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\SysWOW64\Macromed
    2014-08-31 18:42 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\Macromed
    2014-08-31 18:42 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
    2014-08-31 18:40 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\registration
    2014-08-31 18:23 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
    2014-08-31 16:25 - 2013-12-01 16:30 - 00011776 ___SH () C:\Users\Glenn Albrecht\Downloads\Thumbs.db
    2014-08-31 16:24 - 2013-09-11 17:11 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\CrashDumps
    2014-08-31 16:20 - 2013-08-10 11:09 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2903399067-3957989209-2392072847-1001
    2014-08-31 16:07 - 2014-08-31 16:04 - 05330770 _____ () C:\Users\Glenn Albrecht\Documents\client-mod.swf
    2014-08-31 15:13 - 2014-08-01 21:09 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\PMB Files
    2014-08-31 09:04 - 2014-07-27 14:51 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
    2014-08-31 08:58 - 2014-07-25 08:16 - 00000000 ____D () C:\Program Files (x86)\SiteRanker
    2014-08-31 08:55 - 2012-11-14 21:36 - 00940726 _____ () C:\windows\PFRO.log
    2014-08-30 11:31 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\NDF
    2014-08-30 09:33 - 2014-07-27 14:53 - 00000000 ____D () C:\ProgramData\Skype
    2014-08-30 09:33 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
    2014-08-28 14:00 - 2014-08-28 14:00 - 00000000 ____D () C:\Games
    2014-08-28 13:57 - 2013-08-10 11:13 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Windows Live
    2014-08-28 08:30 - 2014-07-11 08:21 - 00312264 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-08-27 21:24 - 2013-08-15 12:55 - 00000000 ____D () C:\windows\system32\MRT
    2014-08-27 21:19 - 2013-08-13 19:57 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-08-27 18:59 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
    2014-08-27 18:22 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\system32\Sysprep
    2014-08-27 18:12 - 2014-02-02 09:37 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Malwarebytes
    2014-08-27 18:12 - 2013-11-02 08:57 - 00000000 ____D () C:\Users\Glenn Albrecht\Documents\My Games
    2014-08-27 18:12 - 2013-08-10 11:08 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Macromedia
    2014-08-27 18:12 - 2013-08-10 11:01 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Adobe
    2014-08-27 18:11 - 2014-07-27 14:54 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Skype
    2014-08-27 18:11 - 2013-11-22 21:37 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\.technic
    2014-08-27 18:11 - 2013-08-10 10:59 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Packages
    2014-08-22 23:47 - 2014-08-27 19:51 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-08-22 18:03 - 2013-11-27 19:06 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\.minecraft
    2014-08-22 17:58 - 2014-08-22 17:30 - 00000184 _____ () C:\Users\Glenn Albrecht\Downloads\eula.txt
    2014-08-06 23:33 - 2014-08-27 19:51 - 00712192 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-08-06 20:09 - 2014-08-27 19:51 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-08-02 14:32 - 2014-08-02 14:32 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\LolClient
    2014-08-01 21:17 - 2014-08-01 21:17 - 00000000 ____D () C:\ProgramData\Riot Games
    2014-08-01 21:14 - 2014-08-01 21:14 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
    2014-08-01 21:13 - 2014-08-01 21:13 - 00000000 ____D () C:\Riot Games
    2014-08-01 21:13 - 2014-08-01 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
    2014-08-01 21:08 - 2013-11-01 16:57 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
    2014-08-01 17:15 - 2014-08-28 08:31 - 00704480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-08-01 17:15 - 2014-08-28 08:31 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

    Some content of TEMP:
    ====================
    C:\Users\Glenn Albrecht\AppData\Local\Temp\6975uninstall.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\APNSetup.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\dlLogic.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\nsk1254.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\nsv5C5D.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\SPSetup.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\spstub.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\swt-win32-3349.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-28 20:47

    ==================== End Of Log ============================
     
    SVEN,
    #6
  8. 2014/09/01
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    Hi Broni,
    did you miss my post last night?
    looks like I need you help after all

    thanks
    sven
     
    SVEN,
    #7
  9. 2014/09/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    See if you can boot normally after running the fix.
     

    Attached Files:

  10. 2014/09/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you see my previous reply?
     
  11. 2014/09/01
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    Hi Broni,
    I posted just 3 minutes before you.
    Still boots to a black screen

    Here is the log

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
    Ran by Glenn Albrecht at 2014-09-01 09:24:44 Run:1
    Running from e:\
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    (Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
    (Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
    (Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
    C:\Program Files (x86)\SearchProtect
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-14] (Client Connect LTD)
    AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-14] (Client Connect LTD)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_dsite...1943050506&ir=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_dsite...1943050506&ir=
    SearchScopes: HKLM - DefaultScope {EA93D7FC-72D1-4EE3-8443-F425FD8187D5} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites03_14_22_ie&cd=2XzuyEtN2Y1L1QzutByE0F0DyDtBzyyD0C0D0E0B0B0A0B0CtN0D0Tzu0SzzyByBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0AyDtAyDtByD0EtGzz0AtBtBtGtD0DtDtBtGyCyEtC0FtGyDtB0AyCyByCtA0CtCzztA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0DtDyDyD0FyBtGyDyEyE0AtG0CyDyEyCtGzztDzzyCtGyEyEyCtCzz0E0CyDzytAyC0B2Q&cr=1943050506&ir=
    SearchScopes: HKLM - {EA93D7FC-72D1-4EE3-8443-F425FD8187D5} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites03_14_22_ie&cd=2XzuyEtN2Y1L1QzutByE0F0DyDtBzyyD0C0D0E0B0B0A0B0CtN0D0Tzu0SzzyByBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0AyDtAyDtByD0EtGzz0AtBtBtGtD0DtDtBtGyCyEtC0FtGyDtB0AyCyByCtA0CtCzztA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0DtDyDyD0FyBtGyDyEyE0AtG0CyDyEyCtGzztDzzyCtGyEyEyCtCzz0E0CyDzytAyC0B2Q&cr=1943050506&ir=
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3325871&octid=EB_ORIGINAL_CTID&ISID=b2143a10-98d6-4c92-bd75-32aa4a91b4dd&SearchSource=58&CUI=&UM=6&UP=SP5D30036C-8F32-42D0-8CDE-A0067520FE7A&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3325871&octid=EB_ORIGINAL_CTID&ISID=b2143a10-98d6-4c92-bd75-32aa4a91b4dd&SearchSource=58&CUI=&UM=6&UP=SP5D30036C-8F32-42D0-8CDE-A0067520FE7A&q={searchTerms}&SSPV=
    Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
    R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2991552 2014-08-14] (Client Connect LTD)
    C:\Users\Glenn Albrecht\AppData\Local\Temp\6975uninstall.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\APNSetup.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\dlLogic.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\nsk1254.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\nsv5C5D.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\SPSetup.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\spstub.exe
    C:\Users\Glenn Albrecht\AppData\Local\Temp\swt-win32-3349.dll

    *****************

    [2356] C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe => Process closed successfully.
    [1316] C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe => Process closed successfully.
    [1296] C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe => Process closed successfully.
    C:\Program Files (x86)\SearchProtect => Moved successfully.
    "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
    "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EA93D7FC-72D1-4EE3-8443-F425FD8187D5}" => Key deleted successfully.
    "HKCR\CLSID\{EA93D7FC-72D1-4EE3-8443-F425FD8187D5}" => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
    "HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value deleted successfully.
    "HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}" => Key not found.
    "HKCR\PROTOCOLS\Handler\cdo" => Key deleted successfully.
    "HKCR\CLSID\{CD00020A-8B95-11D1-82DB-00C04FB1625D}" => Key not found.
    CltMngSvc => Service deleted successfully.
    C:\Users\Glenn Albrecht\AppData\Local\Temp\6975uninstall.exe => Moved successfully.
    C:\Users\Glenn Albrecht\AppData\Local\Temp\APNSetup.exe => Moved successfully.
    C:\Users\Glenn Albrecht\AppData\Local\Temp\dlLogic.exe => Moved successfully.
    C:\Users\Glenn Albrecht\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Glenn Albrecht\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Glenn Albrecht\AppData\Local\Temp\nsk1254.exe => Moved successfully.
    C:\Users\Glenn Albrecht\AppData\Local\Temp\nsv5C5D.exe => Moved successfully.
    C:\Users\Glenn Albrecht\AppData\Local\Temp\SPSetup.exe => Moved successfully.
    C:\Users\Glenn Albrecht\AppData\Local\Temp\spstub.exe => Moved successfully.
    C:\Users\Glenn Albrecht\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.

    ==== End of Fixlog ====
     
  12. 2014/09/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Give me fresh FRST log.
     
  13. 2014/09/01
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    here is the new log

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
    Ran by Glenn Albrecht (administrator) on GLENN-ALBRECHT on 01-09-2014 09:53:35
    Running from e:\
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
    HKLM-x32\...\Run: [SiteRanker] => C:\Program Files (x86)\SiteRanker\SiteRankTray.exe [1084888 2014-08-05] (Crawler, LLC)
    HKLM-x32\...\Run: [AppGraffiti] => C:\Program Files (x86)\AppGraffiti\AppGraffiti.exe [1220544 2014-07-09] (Omega Partners Ltd)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\RunOnce: [*Restore] => C:\windows\System32\rstrui.exe [271872 2012-07-25] (Microsoft Corporation)
    HKU\S-1-5-21-2903399067-3957989209-2392072847-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
    HKU\S-1-5-21-2903399067-3957989209-2392072847-1001\...\Run: [AGupdate] => C:\Program Files (x86)\AppGraffiti\AGupdate.exe [894048 2013-03-19] (Omega Partners Ltd)
    HKU\S-1-5-21-2903399067-3957989209-2392072847-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
    SearchScopes: HKLM-x32 - {EA93D7FC-72D1-4EE3-8443-F425FD8187D5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
    SearchScopes: HKCU - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL =
    BHO: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteR64.dll (Crawler, LLC)
    BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\Program Files (x86)\AppGraffiti\AppGraffiti64.dll (Omega Partners Ltd)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
    BHO-x32: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Glenn Albrecht\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Glenn Albrecht\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox
    FF Extension: SiteRanker - C:\Program Files (x86)\SiteRanker\firefox [2014-08-05]

    Chrome:
    =======

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
    R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
    R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
    R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
    S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
    R3 sxuptp; C:\Windows\System32\drivers\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
    R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-31 19:49 - 2014-09-01 09:53 - 00000000 ____D () C:\FRST
    2014-08-31 16:04 - 2014-08-31 16:07 - 05330770 _____ () C:\Users\Glenn Albrecht\Documents\client-mod.swf
    2014-08-28 14:00 - 2014-08-31 18:43 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robocraft
    2014-08-28 14:00 - 2014-08-28 14:00 - 00000000 ____D () C:\Games
    2014-08-28 08:31 - 2014-08-01 17:15 - 00704480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-08-28 08:31 - 2014-08-01 17:15 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-08-27 20:58 - 2014-07-15 15:51 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
    2014-08-27 20:54 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
    2014-08-27 20:54 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
    2014-08-27 20:00 - 2014-06-12 18:57 - 01453400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
    2014-08-27 20:00 - 2014-06-12 18:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
    2014-08-27 20:00 - 2014-05-28 21:04 - 00094552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
    2014-08-27 20:00 - 2014-05-07 18:34 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
    2014-08-27 19:54 - 2014-07-24 05:09 - 19279872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-08-27 19:53 - 2014-07-24 05:09 - 15399936 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-08-27 19:53 - 2014-07-24 05:09 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-08-27 19:53 - 2014-07-24 05:09 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-08-27 19:53 - 2014-07-24 03:51 - 14371328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-08-27 19:53 - 2014-07-24 03:51 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-08-27 19:53 - 2014-07-24 03:51 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-08-27 19:52 - 2014-07-24 05:11 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-08-27 19:52 - 2014-07-24 05:10 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-08-27 19:52 - 2014-07-24 05:10 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-08-27 19:52 - 2014-07-24 05:10 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
    2014-08-27 19:52 - 2014-07-24 05:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-08-27 19:52 - 2014-07-24 05:09 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-08-27 19:52 - 2014-07-24 05:09 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-08-27 19:52 - 2014-07-24 03:52 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-08-27 19:52 - 2014-07-24 03:52 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-08-27 19:52 - 2014-07-24 03:52 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-08-27 19:52 - 2014-07-24 03:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-08-27 19:52 - 2014-07-24 03:51 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-08-27 19:52 - 2014-07-24 03:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-08-27 19:52 - 2014-07-24 03:29 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-08-27 19:52 - 2014-07-24 01:03 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
    2014-08-27 19:51 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-08-27 19:51 - 2014-08-06 23:33 - 00712192 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-08-27 19:51 - 2014-08-06 20:09 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-08-27 19:51 - 2014-07-15 16:03 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2014-08-27 19:51 - 2014-07-11 19:36 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2014-08-27 19:51 - 2014-06-05 10:56 - 00112984 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2014-08-27 19:51 - 2014-06-05 10:30 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
    2014-08-27 19:51 - 2014-06-05 10:29 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-08-27 19:51 - 2014-06-05 10:29 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2014-08-27 19:51 - 2014-06-05 10:28 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2014-08-27 19:51 - 2014-06-05 10:28 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2014-08-27 19:51 - 2014-06-05 06:12 - 08857600 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
    2014-08-27 19:51 - 2014-06-05 06:11 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-08-27 19:51 - 2014-06-05 06:11 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2014-08-27 19:51 - 2014-06-05 06:10 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2014-08-27 19:51 - 2014-06-05 06:10 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
    2014-08-27 19:50 - 2014-06-19 16:35 - 01312768 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2014-08-27 19:50 - 2014-06-19 15:24 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2014-08-27 18:36 - 2014-05-19 19:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-08-27 18:36 - 2014-05-19 16:45 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-08-27 18:36 - 2014-05-19 16:45 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
    2014-08-27 18:36 - 2014-05-19 16:24 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-08-27 18:30 - 2014-05-14 15:43 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-08-27 18:30 - 2014-05-14 15:43 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-08-27 18:30 - 2014-05-14 15:42 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-08-27 18:30 - 2014-05-14 15:42 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-08-22 17:30 - 2014-08-22 17:58 - 00000184 _____ () C:\Users\Glenn Albrecht\Downloads\eula.txt
    2014-08-02 14:32 - 2014-08-02 14:32 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\LolClient

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-01 09:53 - 2014-08-31 19:49 - 00000000 ____D () C:\FRST
    2014-09-01 09:53 - 2013-08-10 10:59 - 01391512 _____ () C:\windows\WindowsUpdate.log
    2014-09-01 09:31 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-09-01 09:22 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
    2014-08-31 21:04 - 2013-09-11 17:11 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\CrashDumps
    2014-08-31 20:19 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
    2014-08-31 19:32 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-08-31 18:44 - 2014-07-27 14:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-08-31 18:44 - 2013-09-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-08-31 18:43 - 2014-08-28 14:00 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robocraft
    2014-08-31 18:43 - 2014-08-01 21:09 - 00000000 ____D () C:\ProgramData\PMB Files
    2014-08-31 18:43 - 2014-08-01 21:06 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Riot Games
    2014-08-31 18:43 - 2014-07-27 14:54 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Skype
    2014-08-31 18:43 - 2014-07-27 14:50 - 00000000 ____D () C:\Users\Glenn Albrecht\Downloads\Skype_TSV1AHZ6E
    2014-08-31 18:43 - 2014-07-13 15:17 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Ubisoft
    2014-08-31 18:43 - 2014-06-06 17:37 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Unity
    2014-08-31 18:43 - 2014-06-06 17:36 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Apps\2.0
    2014-08-31 18:43 - 2014-05-26 11:06 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\1H1Q
    2014-08-31 18:43 - 2013-09-06 21:33 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
    2014-08-31 18:43 - 2013-09-06 21:30 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Warframe
    2014-08-31 18:43 - 2013-09-06 20:20 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2014-08-31 18:43 - 2013-08-10 12:00 - 00000000 ___SD () C:\Users\Glenn Albrecht\Documents\My Webs
    2014-08-31 18:43 - 2013-08-10 12:00 - 00000000 ___SD () C:\Users\Glenn Albrecht\Documents\My Data Sources
    2014-08-31 18:43 - 2013-08-10 11:14 - 00000000 ___RD () C:\Users\Glenn Albrecht\SkyDrive
    2014-08-31 18:43 - 2013-08-10 11:03 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\TOSHIBA
    2014-08-31 18:43 - 2013-08-10 10:59 - 00000000 ___RD () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-08-31 18:43 - 2013-08-10 10:59 - 00000000 ___RD () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-08-31 18:43 - 2013-08-10 10:59 - 00000000 ___RD () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-08-31 18:43 - 2013-08-10 10:59 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-08-31 18:43 - 2013-08-10 10:59 - 00000000 ____D () C:\Users\Glenn Albrecht
    2014-08-31 18:43 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries
    2014-08-31 18:43 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-08-31 18:42 - 2014-07-10 07:28 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-08-31 18:42 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
    2014-08-31 18:42 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\SysWOW64\Macromed
    2014-08-31 18:42 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\Macromed
    2014-08-31 18:40 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\registration
    2014-08-31 18:23 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
    2014-08-31 16:25 - 2013-12-01 16:30 - 00011776 ___SH () C:\Users\Glenn Albrecht\Downloads\Thumbs.db
    2014-08-31 16:20 - 2013-08-10 11:09 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2903399067-3957989209-2392072847-1001
    2014-08-31 16:07 - 2014-08-31 16:04 - 05330770 _____ () C:\Users\Glenn Albrecht\Documents\client-mod.swf
    2014-08-31 15:13 - 2014-08-01 21:09 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\PMB Files
    2014-08-31 08:58 - 2014-07-25 08:16 - 00000000 ____D () C:\Program Files (x86)\SiteRanker
    2014-08-31 08:55 - 2012-11-14 21:36 - 00940726 _____ () C:\windows\PFRO.log
    2014-08-30 11:31 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\NDF
    2014-08-30 09:33 - 2014-07-27 14:53 - 00000000 ____D () C:\ProgramData\Skype
    2014-08-30 09:33 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
    2014-08-28 14:00 - 2014-08-28 14:00 - 00000000 ____D () C:\Games
    2014-08-28 13:57 - 2013-08-10 11:13 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Windows Live
    2014-08-28 08:30 - 2014-07-11 08:21 - 00312264 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-08-27 21:24 - 2013-08-15 12:55 - 00000000 ____D () C:\windows\system32\MRT
    2014-08-27 21:19 - 2013-08-13 19:57 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-08-27 18:59 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
    2014-08-27 18:22 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\system32\Sysprep
    2014-08-27 18:12 - 2014-02-02 09:37 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Malwarebytes
    2014-08-27 18:12 - 2013-11-02 08:57 - 00000000 ____D () C:\Users\Glenn Albrecht\Documents\My Games
    2014-08-27 18:12 - 2013-08-10 11:08 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Macromedia
    2014-08-27 18:12 - 2013-08-10 11:01 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\Adobe
    2014-08-27 18:11 - 2014-07-27 14:54 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Skype
    2014-08-27 18:11 - 2013-11-22 21:37 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\.technic
    2014-08-27 18:11 - 2013-08-10 10:59 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Local\Packages
    2014-08-22 23:47 - 2014-08-27 19:51 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-08-22 18:03 - 2013-11-27 19:06 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\.minecraft
    2014-08-22 17:58 - 2014-08-22 17:30 - 00000184 _____ () C:\Users\Glenn Albrecht\Downloads\eula.txt
    2014-08-06 23:33 - 2014-08-27 19:51 - 00712192 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-08-06 20:09 - 2014-08-27 19:51 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-08-02 14:32 - 2014-08-02 14:32 - 00000000 ____D () C:\Users\Glenn Albrecht\AppData\Roaming\LolClient

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-28 20:47

    ==================== End Of Log ============================
     
  14. 2014/09/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run [color= "#0000FF"]FRST(FRST64)[/color] and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot then.
     

    Attached Files:

  15. 2014/09/01
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    Broni,
    How do I enter System recovery options? Windows 8

    BTW, thru MSconfig I was able to get into safe mode and pressing the windows button got me the start page

    Sven
     
  16. 2014/09/01
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    Just re-read your first post,
    will let you know what happened
    Sorry
    Sven
     
  17. 2014/09/01
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    still black screen

    Here is the log


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
    Ran by SYSTEM at 2014-09-01 11:50:04 Run:3
    Running from g:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    LastRegBack: 2014-08-28 20:47
    *****************

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
     
  18. 2014/09/02
    SVEN

    SVEN Well-Known Member Thread Starter

    Joined:
    2004/01/02
    Messages:
    862
    Likes Received:
    7
    Hi Broni,
    Have not heard from you in some time and my son needs his computer for school on thursday.
    So i have decided to "refresh" his system. worked great, but now have to reinstall all the software.
    anyways, thanks for your help.
    Sven

    PS you can mark this closed
     
  19. 2014/09/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm afraid that was the only option.
    Thank you for letting me know :)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.