Jump to content

shanks0510

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by shanks0510

  1. as i said b4 the sick computer that i was working on was my friends and he took it bake and thought i had saved all four logs but i guess since i was up real late and falling asleep i wasnt paying attention anyway long story short these are all the logs i can get. But really really appreciate your help and well definitly donate but if you see any red flags in the 2 logs i posted above please me know and i will notify my friend thanks again fred...
  2. here is step 5 with combo fix and security check i ran all four but the computer i was fixing was my buddy and he needed it back so i only copied the results for those plus i ran hitman pro which detected like over 3,000 threats and deleted them so it seems to be running fine he hasnt called to tell me that there are anymore issues but if you see any in these reports let me if you can i appreciate everything. ComboFix 13-06-27.02 - user1 06/28/2013 10:45:06.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.610 [GMT -6:00] Running from: G:\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Start Menu\Programs\Setup Wizard c:\documents and settings\All Users\Start Menu\Programs\Setup Wizard\SetupWizard.lnk c:\documents and settings\All Users\Start Menu\Programs\Setup Wizard\Uninstall SetupWizard.lnk c:\documents and settings\Rick.DBVW4W91\Start Menu\Programs\Registry Defender Platinum c:\documents and settings\Rick.DBVW4W91\Start Menu\Programs\Registry Defender Platinum\Customer Support.lnk c:\documents and settings\Rick.DBVW4W91\Start Menu\Programs\Registry Defender Platinum\Registry Defender Platinum.lnk c:\documents and settings\Rick.DBVW4W91\Start Menu\Programs\Registry Defender Platinum\User Guide.lnk c:\documents and settings\user1\Application Data\PriceGong c:\documents and settings\user1\Application Data\PriceGong\Data\1.txt c:\documents and settings\user1\Application Data\PriceGong\Data\16955.txt c:\documents and settings\user1\Application Data\PriceGong\Data\2229.txt c:\documents and settings\user1\Application Data\PriceGong\Data\4631.txt c:\documents and settings\user1\Application Data\PriceGong\Data\5038.txt c:\documents and settings\user1\Application Data\PriceGong\Data\6090.txt c:\documents and settings\user1\Application Data\PriceGong\Data\6148.txt c:\documents and settings\user1\Application Data\PriceGong\Data\6576.txt c:\documents and settings\user1\Application Data\PriceGong\Data\7038.txt c:\documents and settings\user1\Application Data\PriceGong\Data\83.txt c:\documents and settings\user1\Application Data\PriceGong\Data\9014.txt c:\documents and settings\user1\Application Data\PriceGong\Data\9562.txt c:\documents and settings\user1\Application Data\PriceGong\Data\9788.txt c:\documents and settings\user1\Application Data\PriceGong\Data\a.txt c:\documents and settings\user1\Application Data\PriceGong\Data\b.txt c:\documents and settings\user1\Application Data\PriceGong\Data\c.txt c:\documents and settings\user1\Application Data\PriceGong\Data\d.txt c:\documents and settings\user1\Application Data\PriceGong\Data\e.txt c:\documents and settings\user1\Application Data\PriceGong\Data\f.txt c:\documents and settings\user1\Application Data\PriceGong\Data\g.txt c:\documents and settings\user1\Application Data\PriceGong\Data\h.txt c:\documents and settings\user1\Application Data\PriceGong\Data\i.txt c:\documents and settings\user1\Application Data\PriceGong\Data\j.txt c:\documents and settings\user1\Application Data\PriceGong\Data\k.txt c:\documents and settings\user1\Application Data\PriceGong\Data\l.txt c:\documents and settings\user1\Application Data\PriceGong\Data\m.txt c:\documents and settings\user1\Application Data\PriceGong\Data\n.txt c:\documents and settings\user1\Application Data\PriceGong\Data\o.txt c:\documents and settings\user1\Application Data\PriceGong\Data\p.txt c:\documents and settings\user1\Application Data\PriceGong\Data\q.txt c:\documents and settings\user1\Application Data\PriceGong\Data\r.txt c:\documents and settings\user1\Application Data\PriceGong\Data\s.txt c:\documents and settings\user1\Application Data\PriceGong\Data\t.txt c:\documents and settings\user1\Application Data\PriceGong\Data\u.txt c:\documents and settings\user1\Application Data\PriceGong\Data\v.txt c:\documents and settings\user1\Application Data\PriceGong\Data\w.txt c:\documents and settings\user1\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\user1\Application Data\PriceGong\Data\x.txt c:\documents and settings\user1\Application Data\PriceGong\Data\y.txt c:\documents and settings\user1\Application Data\PriceGong\Data\z.txt c:\program files\Registry Defender Platinum c:\program files\Registry Defender Platinum\backup\10_7_2008.reg c:\program files\Registry Defender Platinum\report.csv c:\program files\TotalRecipeSearch_14 c:\program files\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14datact.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14dyn.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14highin.exe c:\program files\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14httpct.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14idle.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14impipe.exe c:\program files\TotalRecipeSearch_14\bar\1.bin\14medint.exe c:\program files\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14msg.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14radio.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14regfft.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14reghk.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14regiet.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14script.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14skin.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14sknlcr.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14skplay.exe c:\program files\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\BOOTSTRAP.JS c:\program files\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST c:\program files\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar c:\program files\TotalRecipeSearch_14\bar\1.bin\CREXT.DLL c:\program files\TotalRecipeSearch_14\bar\1.bin\CrExtP14.exe c:\program files\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF c:\program files\TotalRecipeSearch_14\bar\1.bin\installKeys.js c:\program files\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP c:\program files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll c:\program files\TotalRecipeSearch_14\bar\1.bin\T8EXTEX.DLL c:\program files\TotalRecipeSearch_14\bar\1.bin\T8EXTPEX.DLL c:\program files\TotalRecipeSearch_14\bar\1.bin\T8HTML.DLL c:\program files\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL c:\program files\TotalRecipeSearch_14\bar\1.bin\T8TICKER.DLL c:\program files\TotalRecipeSearch_14\bar\Cache\000BAA82 c:\program files\TotalRecipeSearch_14\bar\Cache\000BAD13 c:\program files\TotalRecipeSearch_14\bar\Cache\000BAEE7.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BB168.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BB37B.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BB512.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BB5FC.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BB689.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BB744.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BB986.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BBA32.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BBABF.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BBB8A.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\000BC241.jhtml c:\program files\TotalRecipeSearch_14\bar\Cache\000BE951 c:\program files\TotalRecipeSearch_14\bar\Cache\000BFCE8.bmp c:\program files\TotalRecipeSearch_14\bar\Cache\files.ini c:\program files\TotalRecipeSearch_14\bar\gen1\COMMON.T8S c:\program files\TotalRecipeSearch_14\bar\History\search3 c:\program files\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S c:\program files\TotalRecipeSearch_14\bar\Message\COMMON.T8S c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\8_step1.gif c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\anemone.js c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\bd_grad.gif c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\hpguard.js c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\hpguard1.htm c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\hpguard2.htm c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\hpp_ok.png c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\hpp_x.png c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\hpp_x2.png c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\index.htm c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\mid_dots.gif c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\mws_logo.gif c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\protect.htm c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\rebut4b.htm c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\shield.png c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\stop.gif c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\systrayp.htm c:\program files\TotalRecipeSearch_14\bar\Message\COMMON\tp_grad.gif c:\program files\TotalRecipeSearch_14\bar\Settings\prevcfg2.htm c:\program files\TotalRecipeSearch_14\bar\Settings\s_pid.dat c:\program files\TotalRecipeSearch_14\bar\Settings\s_w1.dat c:\program files\TotalRecipeSearch_14\bar\Settings\s_w1.dat.bak c:\program files\TotalRecipeSearch_14\bar\Settings\s_w2.dat c:\program files\TotalRecipeSearch_14\bar\Settings\s_w2.dat.bak c:\program files\TotalRecipeSearch_14\bar\Settings\setting3.htm c:\program files\TotalRecipeSearch_14\bar\Settings\setting3.htm.bak c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties209421892.html c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties209421894.html c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties209421896.html c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties209421898.html c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties209421900.html c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties209421903.html c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\PopupProperties209421908.html c:\program files\TotalRecipeSearch_14\TotalRecipeSearch_14\Cache\Radio.html c:\windows\system32\~GLH0003.TMP c:\windows\system32\PowerToyReadme.htm c:\windows\system32\SET54.tmp c:\windows\system32\SET55.tmp c:\windows\system32\SET9E.tmp c:\windows\system32\SETA3.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_TOTALRECIPESEARCH_14SERVICE . . ((((((((((((((((((((((((( Files Created from 2013-05-28 to 2013-06-28 ))))))))))))))))))))))))))))))) . . 2013-06-28 16:28 . 2013-06-28 16:28 -------- d-----w- C:\TDSSKiller_Quarantine 2013-06-28 15:04 . 2013-06-28 15:04 -------- d-----w- C:\bb64d726b3a1382b16cdde5f 2013-06-28 14:23 . 2013-06-28 14:23 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-06-28 14:18 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys 2013-06-28 13:53 . 2013-06-28 13:53 -------- d-----w- c:\program files\HitmanPro 2013-06-28 12:54 . 2013-06-28 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2013-06-27 04:42 . 2013-06-27 13:02 -------- d-----w- C:\FRST 2013-06-26 23:19 . 2013-06-28 01:03 -------- d-----w- c:\documents and settings\Administrator 2013-06-26 19:32 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll 2013-06-26 19:32 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll 2013-06-08 17:48 . 2013-06-08 17:48 -------- d-----w- C:\temp 2013-06-08 17:29 . 2013-06-08 17:27 1169609 ----a-w- c:\windows\unins000.exe 2013-06-08 17:29 . 2013-06-08 17:29 -------- d-----w- c:\program files\vGrabber-software 2013-06-08 17:28 . 2013-06-08 17:28 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\CRE 2013-06-08 17:28 . 2013-05-08 06:10 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-06-08 17:28 . 2013-05-08 06:10 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-06-08 17:28 . 2013-06-23 17:41 -------- d-----w- c:\program files\Vgrabber_v1.5 2013-06-08 17:28 . 2013-06-23 17:41 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\Vgrabber_v1.5 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-28 16:30 . 2004-08-04 04:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys 2013-06-12 21:30 . 2012-08-30 01:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 21:30 . 2012-08-30 01:49 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-07 22:30 . 2005-08-16 09:18 920064 ----a-w- c:\windows\system32\wininet.dll 2013-05-07 22:30 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-07 22:30 . 2005-08-16 09:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-07 21:53 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec 2013-05-03 01:30 . 2005-08-16 09:18 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38 . 2004-08-04 03:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 01:31 . 2005-08-16 09:18 1876352 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 20:50 . 2012-01-11 23:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-12-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840] "EPSON Stylus Photo R300 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-18 901800] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104] Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk backup=c:\windows\pss\Kodak software updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-10-05 08:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-09-29 19:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-10-15 01:46 77824 -c--a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-10-15 01:50 114688 -c--a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-10-15 01:49 94208 -c--a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-05-16 13:58 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-05-16 13:58 86960 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 18:03 36975 -c--a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R1 MpKsl5e900756;MpKsl5e900756;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7023231-783A-4A8C-9842-30574D860537}\MpKsl5e900756.sys [6/28/2013 11:02 AM 29904] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [1/26/2008 5:29 PM 18176] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [1/26/2008 5:29 PM 7680] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [1/26/2008 5:29 PM 23680] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL5E900756 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-20 12:34 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 17:11] . 2013-06-28 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 17:11] . . ------- Supplementary Scan ------- . Trusted Zone: bmi.net\www Trusted Zone: macu.com\www Trusted Zone: mtnestatement.org\www TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{16bb67e0-6319-4077-be84-f41269e051f3} - (no file) URLSearchHooks-{73507124-6acd-43aa-b749-c3bcfefbea97} - (no file) Toolbar-{16bb67e0-6319-4077-be84-f41269e051f3} - (no file) Toolbar-{73507124-6acd-43aa-b749-c3bcfefbea97} - (no file) WebBrowser-{16BB67E0-6319-4077-BE84-F41269E051F3} - (no file) WebBrowser-{73507124-6ACD-43AA-B749-C3BCFEFBEA97} - (no file) HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe SafeBoot-88498498.sys MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe MSConfigStartUp-DLA - c:\windows\System32\DLA\DLACTRLW.EXE MSConfigStartUp-dlccmon - c:\program files\Dell Photo AIO Printer 924\dlccmon.exe MSConfigStartUp-IM - c:\program files\IM\IMLauncher.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-Norton Ghost 10 - c:\program files\Norton Ghost\Agent\GhostTray.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe AddRemove-MyPC Backup - c:\program files\MyPC Backup\uninst.exe AddRemove-PCHealthBoost - c:\program files\PC HealthBoost\hbuninst.exe AddRemove-SearchProtect - c:\program files\SearchProtect\bin\uninstall.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-06-28 11:02 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4052) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Google\Update\GoogleUpdate.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe . ************************************************************************** . Completion time: 2013-06-28 11:05:46 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-28 17:05 . Pre-Run: 33,913,622,528 bytes free Post-Run: 36,421,545,984 bytes free . - - End Of File - - 33A4C4BF130AA7F1E868F5214F72138C 5CB90281D1A59B251F6603134774EEC3 Results of screen317's Security Check version 0.99.68 Windows XP Service Pack 3 x86 Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 35 Java version out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 5% ````````````````````End of Log``````````````````````
  3. hey fred i got it working last night finally but the sick computer does not have wireless and i only have wireless interenet for the time being i ran malwarebytes and it detected one threat and i got rid of it but is there another program or something i could use that doesnt require interenet update that i could use as im sure that the virus is not fully gone
  4. that hoser guy is not me i think he posted on wrong thread everything is not running good just to be clear
  5. actually that last part is wrong here is the new one Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-06-2013 02 Ran by Administrator at 2013-06-27 22:16:28 Run:10 Running from G:\ Boot Mode: Safe Mode (minimal) ============================================== C:\Documents and Settings\Administrator\Local Settings\desktop.ini => Moved successfully. C:\Documents and Settings\NetworkService\Local Settings\desktop.ini => Moved successfully. C:\Windows\Tasks\SA.DAT => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => File/Directory not found. C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job => File/Directory not found. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => File/Directory not found. C:\Windows\Tasks\Adobe Flash Player Updater.job => File/Directory not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found. HKU\user1\Software\Microsoft\Command Processor\\AutoRun => Value not found. C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe => File/Directory not found. ==== End of Fixlog ==== still nothing same white screen
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-06-2013 02 Ran by Administrator at 2013-06-27 22:09:29 Run:9 Running from G:\ Boot Mode: Safe Mode (minimal) ============================================== HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found. HKU\ user1\Software\Microsoft\Command Processor\\AutoRun => Value not found. ==== End of Fixlog ====
  7. ok will do thanks ill run and pos t in 5mins if by chace your still up but thanks again
  8. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02 Ran by Administrator (administrator) on 27-06-2013 21:28:41 Running from G:\ Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [213936 2006-05-16] (Macrovision Corporation) HKLM\...\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler [213936 2006-05-16] (Macrovision Corporation) HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x] HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x] HKLM\...\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [1121792 2005-08-12] (McAfee, Inc.) HKLM\...\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [901800 2011-11-17] (Ask) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe HKU\Rick.DBVW4W91\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [x] HKU\Rick.DBVW4W91\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x] HKU\Rick.DBVW4W91\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [x] HKU\Rick.DBVW4W91\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x] HKU\user1\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] HKU\user1\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <===== ATTENTION! Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM - No Name - {16bb67e0-6319-4077-be84-f41269e051f3} - No File Toolbar: HKLM - No Name - {73507124-6acd-43aa-b749-c3bcfefbea97} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2008-06-18] (Meetinghouse Data Communications) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-09] (Malwarebytes Corporation) S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 rtl8185; C:\Windows\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation ) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) S4 Abiosdsk; No ImagePath S4 Atdisk; No ImagePath S3 bvrp_pci; No ImagePath S3 CA561; System32\Drivers\SPCA561.SYS [x] S1 Changer; No ImagePath S1 lbrtfdc; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 Simbad; No ImagePath S3 wanatw; system32\DRIVERS\wanatw4.sys [x] S3 WDICA; No ImagePath ========================== Drivers MD5 ======================= C:\Windows\system32\DRIVERS\ABP480N5.SYS 6ABB91494FE6C59089B9336452AB2EA3 C:\Windows\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17 C:\Windows\System32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5 C:\Windows\system32\DRIVERS\adpu160m.sys 9A11864873DA202C996558B2106B0BBC C:\Windows\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557 C:\Windows\System32\DRIVERS\AegisP.sys 58A8273918EEF2BF9204B12ED171513A C:\Windows\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9 C:\Windows\system32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7 C:\Windows\system32\DRIVERS\agpCPQ.sys 03A7E0922ACFE1B07D5DB2EEB0773063 C:\Windows\system32\DRIVERS\aha154x.sys C23EA9B5F46C7F7910DB3EAB648FF013 C:\Windows\system32\DRIVERS\aic78u2.sys 19DD0FB48B0C18892F70E2E7D61A1529 C:\Windows\system32\DRIVERS\aic78xx.sys B7FE594A7468AA0132DEB03FB8E34326 C:\Windows\system32\DRIVERS\aliide.sys 1140AB9938809700B46BB88E46D72A96 C:\Windows\system32\DRIVERS\alim1541.sys CB08AED0DE2DD889A8A820CD8082D83C C:\Windows\system32\DRIVERS\amdagp.sys 95B4FB835E28AA1336CEEB07FD5B9398 C:\Windows\system32\DRIVERS\amsint.sys 79F5ADD8D24BD6893F2903A3E2F3FAD6 C:\Windows\system32\DRIVERS\asc.sys 62D318E9A0C8FC9B780008E724283707 C:\Windows\system32\DRIVERS\asc3350p.sys 69EB0CC7714B32896CCBFD5EDCBEA447 C:\Windows\system32\DRIVERS\asc3550.sys 5D8DE112AA0254B907861E9E9C31D597 C:\Windows\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC C:\Windows\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674 C:\Windows\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159 C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68 C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9 C:\Windows\system32\DRIVERS\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\Windows\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C C:\Windows\system32\DRIVERS\cd20xrnt.sys F3EC03299634490E97BBCE94CD2954C7 C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B C:\Windows\System32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32 C:\Windows\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE C:\Windows\system32\DRIVERS\cmdide.sys E5DCB56C533014ECBC556A8357C929D5 C:\Windows\system32\DRIVERS\cpqarray.sys 3EE529119EED34CD212A215E8C40D4B6 C:\Windows\system32\DRIVERS\dac2w2k.sys E550E7418984B65A78299D248F0A7F36 C:\Windows\system32\DRIVERS\dac960nt.sys 683789CAA3864EB46125AE86FF677D34 C:\Windows\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25 C:\Windows\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41 C:\Windows\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F C:\Windows\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45 C:\Windows\system32\DRIVERS\dpti2o.sys 40F3B93B4E5B0126F2F5C0A7A5E22660 C:\Windows\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8 C:\Windows\System32\DRIVERS\e100b325.sys 95974E66D3DE4951D29E28E8BC0B644C C:\Windows\System32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E C:\Windows\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81 C:\Windows\System32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3 C:\Windows\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0 C:\Windows\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0 C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A C:\Windows\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D C:\Windows\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2 C:\Windows\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511 C:\Windows\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1 C:\Windows\system32\DRIVERS\hpn.sys B028377DEA0546A5FCFBA928A8AEFAE0 C:\Windows\System32\DRIVERS\HSFHWBS2.sys 77E4FF0B73BC0AEAAF39BF0C8104231F C:\Windows\System32\DRIVERS\HSF_DP.sys 60E1604729A15EF4A3B05F298427B3B1 C:\Windows\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38 C:\Windows\System32\Drivers\i2omgmt.sys 9368670BD426EBEA5E8B18A62416EC28 C:\Windows\system32\DRIVERS\i2omp.sys F10863BF1CCC290BABD1A09188AE49E0 C:\Windows\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30 C:\Windows\System32\DRIVERS\ialmnt5.sys 5A8E05F1D5C36ABD58CFFA111EB325EA C:\Windows\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E C:\Windows\system32\DRIVERS\ini910u.sys 4A40E045FAEE58631FD8D91AFC620719 C:\Windows\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678 C:\Windows\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B C:\Windows\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0 C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182 C:\Windows\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5 C:\Windows\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB C:\Windows\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91 C:\Windows\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89 C:\Windows\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7 C:\Windows\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128 C:\Windows\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99 C:\Windows\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378 C:\Windows\System32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1 C:\WINDOWS\system32\drivers\mbamswissarmy.sys 0DB7527DB188C7D967A37BB51BBF3963 C:\Windows\System32\DRIVERS\mdmxsdk.sys EEAEA6514BA7C9D273B5E87C4E1AAB30 C:\Windows\System32\DRIVERS\mhndrv.sys 7F2F1D2815A6449D346FCCCBC569FBD6 C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6 C:\Windows\System32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1 C:\Windows\System32\drivers\MODEMCSA.sys 1992E0D143B09653AB0F9C5E04B0FD65 C:\Windows\System32\DRIVERS\motccgp.sys A10FA04B73A9D97E5CF77EB1D5A88165 C:\Windows\System32\DRIVERS\motccgpfl.sys AAD6191A4DAA519F04AB12B2AF73E356 C:\Windows\System32\DRIVERS\motmodem.sys FE80C18BA448DDD76B7BEAD9EB203D37 C:\Windows\System32\DRIVERS\motport.sys FE80C18BA448DDD76B7BEAD9EB203D37 C:\Windows\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04 C:\Windows\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685 C:\Windows\System32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD C:\Windows\System32\DRIVERS\MpFilter.sys D993BEA500E7382DC4E760BF4F35EFCB C:\Windows\system32\DRIVERS\mraid35x.sys 3F4BB95E5A44F3BE34824E8E7CAF0737 C:\Windows\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD C:\Windows\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0 C:\Windows\System32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027 C:\Windows\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1 C:\Windows\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E C:\Windows\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D C:\Windows\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136 C:\Windows\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D C:\Windows\System32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5 C:\Windows\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB C:\Windows\System32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D C:\Windows\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97 C:\Windows\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22 C:\Windows\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849 C:\Windows\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB C:\Windows\System32\Drivers\NDProxy.sys 9282BD12DFB069D3889EB3FCC1000A9B C:\Windows\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0 C:\Windows\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D C:\Windows\System32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A C:\Windows\System32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD C:\Windows\System32\DRIVERS\nv4_mini.sys 2B298519EDBFCF451D43E0F1E8F1006D C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57 C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9 C:\Windows\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C C:\Windows\System32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6 C:\Windows\System32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1 C:\Windows\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1 C:\Windows\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0 C:\Windows\System32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1 C:\Windows\system32\DRIVERS\perc2.sys 6C14B9C19BA84F73D3A86DBA11133101 C:\Windows\system32\DRIVERS\perc2hib.sys F50F7C27F131AFE7BEBA13E14A3B9416 C:\Windows\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99 C:\Windows\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424 C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD C:\Windows\System32\Drivers\PxHelp20.sys D86B4A68565E444D76457F14172C875A C:\Windows\system32\DRIVERS\ql1080.sys 0A63FB54039EB5662433CABA3B26DBA7 C:\Windows\system32\DRIVERS\ql10wnt.sys 6503449E1D43A0FF0201AD5CB1B8C706 C:\Windows\system32\DRIVERS\ql12160.sys 156ED0EF20C15114CA097A34A30D8A01 C:\Windows\system32\DRIVERS\ql1240.sys 70F016BEBDE6D29E864C1230A07CC5E6 C:\Windows\system32\DRIVERS\ql1280.sys 907F0AEEA6BC451011611E732BD31FCF C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C C:\Windows\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6 C:\Windows\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242 C:\Windows\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332 C:\Windows\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1 C:\Windows\System32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7 C:\Windows\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5 C:\Windows\System32\DRIVERS\rtl8185.sys 88B63F291AE10C1B66D2B9ED6921A7DF C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE C:\Windows\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7 C:\Windows\System32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562 C:\Windows\system32\DRIVERS\sisagp.sys 6B33D0EBD30DB32E27D1D78FE946A754 C:\Windows\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14 C:\Windows\system32\DRIVERS\sparrow.sys 83C0F71F86D3BDAF915685F3D568B20E C:\Windows\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F C:\Windows\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D C:\Windows\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7 C:\Windows\System32\drivers\sthda.sys 2A2DC39623ADEF8AB3703AB9FAC4B440 C:\Windows\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2 C:\Windows\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F C:\Windows\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01 C:\Windows\system32\DRIVERS\symc810.sys 1FF3217614018630D0A6758630FC698C C:\Windows\system32\DRIVERS\symc8xx.sys 070E001D95CF725186EF8B20335F933C C:\Windows\system32\DRIVERS\sym_hi.sys 80AC1C4ABBE2DF3B738BF15517A51F2C C:\Windows\system32\DRIVERS\sym_u3.sys BF4FAB949A382A8E105F46EBB4937058 C:\Windows\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290 C:\Windows\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D C:\Windows\System32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397 C:\Windows\System32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61 C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E C:\Windows\system32\DRIVERS\toside.sys F2790F6AF01321B172AA62F8E1E187D9 C:\Windows\System32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9 C:\Windows\system32\DRIVERS\ultra.sys 1B698A51CD528D8DA4FFAED66DFC51B9 C:\Windows\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31 C:\Windows\System32\DRIVERS\usbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8 C:\Windows\System32\DRIVERS\usbehci.sys 65DCF09D0E37D4C6B11B5B0B76D470A7 C:\Windows\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C C:\Windows\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00 C:\Windows\System32\DRIVERS\usbscan.sys A0B8CF9DEB1184FBDD20784A58FA75D4 C:\Windows\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9 C:\Windows\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6 C:\Windows\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1 C:\Windows\system32\DRIVERS\viaagp.sys 754292CE5848B3738281B4F3607EAEF4 C:\Windows\system32\DRIVERS\viaide.sys 3B3EFCDA263B8AC14FDF9CBDD0791B2E C:\Windows\System32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025 C:\Windows\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6 C:\Windows\System32\DRIVERS\Wdf01000.sys FD47474BD21794508AF449D9D91AF6E6 C:\Windows\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F C:\Windows\System32\DRIVERS\HSF_CNXT.sys F59ED5A43B988A18EF582BB07B2327A7 C:\Windows\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104 C:\Windows\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8 C:\Windows\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78 C:\Windows\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311 C:\Windows\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-06-27 21:11 - 2013-06-27 21:28 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2013-06-27 20:14 - 2013-06-27 21:28 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-06-27 20:14 - 2013-06-27 21:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-27 19:05 - 2013-06-27 21:21 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini 2013-06-27 19:05 - 2013-06-27 21:21 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-06-27 19:04 - 2013-06-27 21:20 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-06-27 17:49 - 2013-06-27 17:49 - 00000000 ____A C:\Documents and Settings\Administrator\dir 2013-06-26 22:42 - 2013-06-27 07:02 - 00000000 ____D C:\FRST 2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC 2013-06-26 17:19 - 2006-04-25 00:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Corel 2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent 2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch 2013-06-26 17:19 - 2006-04-25 00:13 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Symantec 2013-06-26 17:19 - 2006-04-25 00:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCWin 2013-06-26 17:19 - 2006-04-25 00:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software 2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030} 2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun 2013-06-26 17:19 - 2005-08-16 03:52 - 00001298 ____A C:\Documents and Settings\Administrator\Desktop\Media Center.lnk 2013-06-26 17:19 - 2005-08-16 03:33 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini 2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll 2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidserv.dll 2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml 2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log 2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log 2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log 2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log 2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat 2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END 2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software 2013-06-08 11:29 - 2013-06-08 11:27 - 01169609 ____A C:\Windows\unins000.exe 2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Program Files\Vgrabber_v1.5 2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5 2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE 2013-06-08 11:28 - 2013-05-08 00:10 - 00770384 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll 2013-06-08 11:28 - 2013-05-08 00:10 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll ==================== One Month Modified Files and Folders ======== 2013-06-27 21:28 - 2013-06-27 21:11 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2013-06-27 21:28 - 2013-06-27 20:14 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-06-27 21:22 - 2013-06-27 20:14 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-27 21:22 - 2009-11-11 15:25 - 00000178 __ASH C:\Documents and Settings\user1\ntuser.ini 2013-06-27 21:22 - 2005-08-16 03:49 - 00032514 ____A C:\Windows\SchedLgU.Txt 2013-06-27 21:22 - 2005-08-16 03:40 - 01643810 ____A C:\Windows\WindowsUpdate.log 2013-06-27 21:22 - 2005-08-16 03:35 - 00000216 ____A C:\Windows\wiadebug.log 2013-06-27 21:22 - 2005-08-16 03:35 - 00000049 ____A C:\Windows\wiaservc.log 2013-06-27 21:21 - 2013-06-27 19:05 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini 2013-06-27 21:21 - 2013-06-27 19:05 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-06-27 21:21 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Registration 2013-06-27 21:20 - 2013-06-27 19:04 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-06-27 17:49 - 2013-06-27 17:49 - 00000000 ____A C:\Documents and Settings\Administrator\dir 2013-06-27 16:19 - 2005-08-16 03:18 - 00002206 ____A C:\Windows\System32\wpa.dbl 2013-06-27 07:02 - 2013-06-26 22:42 - 00000000 ____D C:\FRST 2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-06-26 21:40 - 2009-11-11 13:16 - 00398358 ____A C:\Windows\setupapi.log 2013-06-26 21:40 - 2006-04-24 23:51 - 00013538 ____A C:\Windows\setupact.log 2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC 2013-06-23 18:24 - 2008-01-02 15:55 - 00000230 ____A C:\Windows\RTacDbg.txt 2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\Vgrabber_v1.5 2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5 2013-06-21 15:22 - 2012-07-15 21:13 - 00001436 ____A C:\Documents and Settings\user1\My Documents\download.qfx 2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml 2013-06-20 06:39 - 2013-05-14 08:18 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2013-06-15 07:31 - 2010-03-05 14:44 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Adobe 2013-06-12 15:30 - 2012-08-29 19:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-12 15:30 - 2012-08-29 19:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-09 19:02 - 2012-09-12 11:07 - 00000664 ____A C:\Windows\System32\d3d9caps.dat 2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log 2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log 2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log 2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log 2013-06-08 20:00 - 2011-09-17 18:16 - 00000404 ____A C:\Windows\Tasks\Registry Winner Schedule.job 2013-06-08 11:42 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Microsoft.NET 2013-06-08 11:39 - 2005-08-16 03:33 - 00476650 ___AC C:\Windows\System32\PerfStringBackup.INI 2013-06-08 11:30 - 2012-03-13 16:14 - 00000000 ____D C:\Documents and Settings\user1\Application Data\PriceGong 2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat 2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END 2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software 2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE 2013-06-08 11:27 - 2013-06-08 11:29 - 01169609 ____A C:\Windows\unins000.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ and Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-06-2013 02 Ran by Administrator at 2013-06-27 21:29:58 Running from G:\ Boot Mode: Safe Mode (minimal) ========================================================== ==================== Installed Programs ======================= 924PLC32 (Version: 1.0.0) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Reader X (10.1.6) (Version: 10.1.6) AOLIcon (Version: 1.00.0000) Ask Toolbar (Version: 1.13.2.0) Conexant D850 56K V.9x DFVc Modem Coupon Printer for Windows (Version: 2.0) Critical Update for Windows Media Player 11 (KB959772) Dell CinePlayer (Version: 3.0) Dell Digital Jukebox Driver Dell Driver Reset Tool (Version: 1.02.0000) Dell System Restore (Version: 2.00.0000) ELIcon (Version: 1.00.0000) EPSON Printer Software Google Chrome (Version: 27.0.1453.116) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4209.2358) Google Update Helper (Version: 1.3.21.145) High Definition Audio Driver Package - KB835221 (Version: 20040219.000000) Indeo® Software Intel A/V Codecs V2.0 Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4410) Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections (Version: 9.20.0000) Internet Service Offers Launcher (Version: 1.00.0000) J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60) Java Auto Updater (Version: 2.0.7.1) Java 6 Update 35 (Version: 6.0.350) Macromedia Flash Player (Version: 7.0.19.0) Macromedia Shockwave Player (Version: 10.1.3.18) Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000) MCU (Version: 1.00.0000) Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514) Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463) Microsoft Security Client (Version: 4.0.1526.0) Microsoft Security Essentials (Version: 4.0.1526.0) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Modem Helper (Version: 2.40) Motorola Driver Installation 3.2.0 (Version: 3.2.0) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Musicmatch for Windows Media Player (Version: 0.00.000) MyPC Backup (Version: ) NetWaiting (Version: 2.5.12) Otto PCHealthBoost 2.3.0 (Version: 2.3.0) Produtools Manuals Toolbar (Version: 6.8.5.1) QuickBooks Premier: Contractor Edition 2006 (Version: ) QuickConnect (Version: 1.00.0000) QuickTime (Version: 7.3.0.70) Qwest eChat Support Tools (Version: 4) Search Protect by conduit (Version: 1.5.0.71) Sonic Activation Module (Version: 1.0) Sonic Encoders (Version: 1.00) Sonic Update Manager (Version: 3.0.0) TRENDnet TEW-421PC or TEW-423PI (Version: 1.00.0000) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2141007) (Version: 1) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2467659) (Version: 1) Update for Windows XP (KB2541763) (Version: 1) Update for Windows XP (KB2616676-v2) (Version: 2) Update for Windows XP (KB2641690) (Version: 1) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB951072-v2) (Version: 2) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB955839) (Version: 1) Update for Windows XP (KB967715) (Version: 1) Update for Windows XP (KB968389) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Update for Windows XP (KB971737) (Version: 1) Update for Windows XP (KB973687) (Version: 1) Update for Windows XP (KB973815) (Version: 1) Update for Windows XP (KB976749) (Version: 1) Update for Windows XP (KB978207) (Version: 1) Update for Windows XP (KB980182) (Version: 1) Update Rollup 2 for Windows XP Media Center Edition 2005 Vgrabber v1.5 Toolbar (Version: 6.13.3.1) Video Downloader (Version: 1.14) Video Downloader version 2.0 (Version: 2.0) WebCyberCoach 3.2 Dell WebFldrs XP (Version: 9.50.7523) Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Media Format 11 runtime Windows Media Player 10 (Version: 9.00.3636) Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB2619340 Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 (Version: 20080414.031525) WordPerfect Office 12 (Version: 12.01) ==================== Restore Points ========================= 30-03-2013 16:13:48 System Checkpoint 02-04-2013 16:32:36 System Checkpoint 17-04-2013 16:09:17 System Checkpoint 29-04-2013 13:22:20 System Checkpoint 07-05-2013 00:17:38 System Checkpoint 22-05-2013 14:22:11 System Checkpoint 24-05-2013 14:48:31 System Checkpoint 28-05-2013 00:02:09 System Checkpoint 29-05-2013 14:23:30 System Checkpoint 10-06-2013 01:30:15 System Checkpoint 11-06-2013 14:10:15 System Checkpoint 19-06-2013 14:08:56 System Checkpoint 27-06-2013 22:49:45 System Checkpoint ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Registry Winner Schedule.job => C:\Program Files\Registry Winner\RegistryWinner.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/26/2013 05:29:14 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error: (06/26/2013 05:29:13 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/26/2013 05:29:13 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/23/2013 00:05:38 PM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/15/2013 07:22:34 PM) (Source: Application Error) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module prxtbvgr0.dll, version 6.13.3.501, fault address 0x00002660. Processing media-specific event for [iexplore.exe!ws!] Error: (06/11/2013 10:59:34 AM) (Source: Application Error) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module prxtbvgr0.dll, version 6.13.3.501, fault address 0x00002660. Processing media-specific event for [iexplore.exe!ws!] Error: (06/09/2013 06:26:53 PM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/09/2013 06:26:53 PM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/09/2013 06:26:53 PM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/09/2013 06:26:53 PM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (06/27/2013 09:29:34 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL Error: (06/27/2013 09:29:34 PM) (Source: Service Control Manager) (User: ) Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error: (06/27/2013 09:29:34 PM) (Source: Service Control Manager) (User: ) Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error: (06/27/2013 09:29:34 PM) (Source: Service Control Manager) (User: ) Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error: (06/27/2013 09:29:34 PM) (Source: Service Control Manager) (User: ) Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error: (06/27/2013 09:28:38 PM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/27/2013 09:20:49 PM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/27/2013 09:14:38 PM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/27/2013 09:14:12 PM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/27/2013 09:13:08 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL Microsoft Office Sessions: ========================= Error: (06/26/2013 05:29:14 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved Error: (06/26/2013 05:29:13 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/26/2013 05:29:13 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/23/2013 00:05:38 PM) (Source: Application Hang)(User: ) Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 Error: (06/15/2013 07:22:34 PM) (Source: Application Error)(User: ) Description: iexplore.exe8.0.6001.18702prxtbvgr0.dll6.13.3.50100002660 Error: (06/11/2013 10:59:34 AM) (Source: Application Error)(User: ) Description: iexplore.exe8.0.6001.18702prxtbvgr0.dll6.13.3.50100002660 Error: (06/09/2013 06:26:53 PM) (Source: Application Hang)(User: ) Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 Error: (06/09/2013 06:26:53 PM) (Source: Application Hang)(User: ) Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 Error: (06/09/2013 06:26:53 PM) (Source: Application Hang)(User: ) Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 Error: (06/09/2013 06:26:53 PM) (Source: Application Hang)(User: ) Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 1014.07 MB Available physical RAM: 827 MB Total Pagefile: 2445.3 MB Available Pagefile: 2382.61 MB Total Virtual: 2047.88 MB Available Virtual: 1964.33 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:51.21 GB) (Free:32.68 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.54 GB) NTFS Drive g: (HITMANPRO) (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 75 GB) (Disk ID: E686F016) Partition 1: (Not Active) - (Size=31 MB) - (Type=DE) Partition 2: (Active) - (Size=51 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=5 GB) - (Type=DB) ======================================================== Disk: 1 (Size: 492 MB) (Disk ID: 57F92978) Partition 1: (Active) - (Size=486 MB) - (Type=0B) ==================== End Of Log ============================
  9. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02 Ran by Administrator (administrator) on 27-06-2013 21:12:13 Running from G:\ Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [213936 2006-05-16] (Macrovision Corporation) HKLM\...\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler [213936 2006-05-16] (Macrovision Corporation) HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x] HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x] HKLM\...\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [1121792 2005-08-12] (McAfee, Inc.) HKLM\...\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [901800 2011-11-17] (Ask) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe HKU\Rick.DBVW4W91\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [x] HKU\Rick.DBVW4W91\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x] HKU\Rick.DBVW4W91\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [x] HKU\Rick.DBVW4W91\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x] HKU\user1\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] HKU\user1\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <===== ATTENTION! Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM - No Name - {16bb67e0-6319-4077-be84-f41269e051f3} - No File Toolbar: HKLM - No Name - {73507124-6acd-43aa-b749-c3bcfefbea97} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2008-06-18] (Meetinghouse Data Communications) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-09] (Malwarebytes Corporation) S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 rtl8185; C:\Windows\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation ) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) S4 Abiosdsk; No ImagePath S4 Atdisk; No ImagePath S3 bvrp_pci; No ImagePath S3 CA561; System32\Drivers\SPCA561.SYS [x] S1 Changer; No ImagePath S1 lbrtfdc; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 Simbad; No ImagePath S3 wanatw; system32\DRIVERS\wanatw4.sys [x] S3 WDICA; No ImagePath ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-06-27 21:11 - 2013-06-27 21:11 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2013-06-27 20:14 - 2013-06-27 21:11 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-06-27 20:14 - 2013-06-27 20:14 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-27 19:05 - 2013-06-27 20:14 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini 2013-06-27 19:05 - 2013-06-27 20:14 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-06-27 19:04 - 2013-06-27 20:13 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-06-27 17:49 - 2013-06-27 17:49 - 00000000 ____A C:\Documents and Settings\Administrator\dir 2013-06-26 22:42 - 2013-06-27 07:02 - 00000000 ____D C:\FRST 2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC 2013-06-26 17:19 - 2006-04-25 00:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Corel 2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent 2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch 2013-06-26 17:19 - 2006-04-25 00:13 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Symantec 2013-06-26 17:19 - 2006-04-25 00:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCWin 2013-06-26 17:19 - 2006-04-25 00:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software 2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030} 2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun 2013-06-26 17:19 - 2005-08-16 03:52 - 00001298 ____A C:\Documents and Settings\Administrator\Desktop\Media Center.lnk 2013-06-26 17:19 - 2005-08-16 03:33 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini 2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll 2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidserv.dll 2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml 2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log 2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log 2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log 2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log 2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat 2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END 2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software 2013-06-08 11:29 - 2013-06-08 11:27 - 01169609 ____A C:\Windows\unins000.exe 2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Program Files\Vgrabber_v1.5 2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5 2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE 2013-06-08 11:28 - 2013-05-08 00:10 - 00770384 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll 2013-06-08 11:28 - 2013-05-08 00:10 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll ==================== One Month Modified Files and Folders ======== 2013-06-27 21:11 - 2013-06-27 21:11 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2013-06-27 21:11 - 2013-06-27 20:14 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-06-27 20:14 - 2013-06-27 20:14 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-27 20:14 - 2013-06-27 19:05 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini 2013-06-27 20:14 - 2013-06-27 19:05 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-06-27 20:14 - 2009-11-11 15:25 - 00000178 __ASH C:\Documents and Settings\user1\ntuser.ini 2013-06-27 20:14 - 2005-08-16 03:49 - 00032514 ____A C:\Windows\SchedLgU.Txt 2013-06-27 20:14 - 2005-08-16 03:40 - 01643046 ____A C:\Windows\WindowsUpdate.log 2013-06-27 20:14 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Registration 2013-06-27 20:14 - 2005-08-16 03:35 - 00000216 ____A C:\Windows\wiadebug.log 2013-06-27 20:14 - 2005-08-16 03:35 - 00000049 ____A C:\Windows\wiaservc.log 2013-06-27 20:13 - 2013-06-27 19:04 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-06-27 17:49 - 2013-06-27 17:49 - 00000000 ____A C:\Documents and Settings\Administrator\dir 2013-06-27 16:19 - 2005-08-16 03:18 - 00002206 ____A C:\Windows\System32\wpa.dbl 2013-06-27 07:02 - 2013-06-26 22:42 - 00000000 ____D C:\FRST 2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-06-26 21:40 - 2009-11-11 13:16 - 00398358 ____A C:\Windows\setupapi.log 2013-06-26 21:40 - 2006-04-24 23:51 - 00013538 ____A C:\Windows\setupact.log 2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC 2013-06-23 18:24 - 2008-01-02 15:55 - 00000230 ____A C:\Windows\RTacDbg.txt 2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\Vgrabber_v1.5 2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5 2013-06-21 15:22 - 2012-07-15 21:13 - 00001436 ____A C:\Documents and Settings\user1\My Documents\download.qfx 2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml 2013-06-20 06:39 - 2013-05-14 08:18 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2013-06-15 07:31 - 2010-03-05 14:44 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Adobe 2013-06-12 15:30 - 2012-08-29 19:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-12 15:30 - 2012-08-29 19:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-09 19:02 - 2012-09-12 11:07 - 00000664 ____A C:\Windows\System32\d3d9caps.dat 2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log 2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log 2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log 2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log 2013-06-08 20:00 - 2011-09-17 18:16 - 00000404 ____A C:\Windows\Tasks\Registry Winner Schedule.job 2013-06-08 11:42 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Microsoft.NET 2013-06-08 11:39 - 2005-08-16 03:33 - 00476650 ___AC C:\Windows\System32\PerfStringBackup.INI 2013-06-08 11:30 - 2012-03-13 16:14 - 00000000 ____D C:\Documents and Settings\user1\Application Data\PriceGong 2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat 2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END 2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software 2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE 2013-06-08 11:27 - 2013-06-08 11:29 - 01169609 ____A C:\Windows\unins000.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ should i try optinal scan checklist below like bcd ect
  10. HKU\user1\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <===== ATTENTION! i believe this to be one of the problem but it does not reqconize it as value not fount HKU\user1\Software\Microsoft\Command Processor\\AutoRun => Value not found.
  11. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-06-2013 02 Ran by Administrator at 2013-06-27 20:12:41 Run:7 Running from G:\ Boot Mode: Safe Mode (minimal) ============================================== C:\Documents and Settings\Administrator\Local Settings\desktop.ini => Moved successfully. C:\Documents and Settings\NetworkService\Local Settings\desktop.ini => Moved successfully. C:\Windows\Tasks\SA.DAT => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKU\user1\Software\Microsoft\Command Processor\\AutoRun => Value not found. ==== End of Fixlog ==== i did a reboot but still the same white screen
  12. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-06-2013 02 Ran by Administrator at 2013-06-27 19:03:48 Run:6 Running from G:\ Boot Mode: Safe Mode (minimal) ============================================== HKU\user1\Software\Microsoft\Command Processor\\AutoRun => Value not found. C:\Documents and Settings\Rick.DBVW4W91\Start Menu\Programs\Startup\Registry Defender Platinum.lnk => Moved successfully. C:\Program Files\Registry Defender Platinum\RegistryDefender.exe not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} => Key deleted successfully. HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16bb67e0-6319-4077-be84-f41269e051f3} => Key deleted successfully. HKCR\CLSID\{16bb67e0-6319-4077-be84-f41269e051f3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => Key deleted successfully. HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73507124-6acd-43aa-b749-c3bcfefbea97} => Key deleted successfully. HKCR\CLSID\{73507124-6acd-43aa-b749-c3bcfefbea97} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully. HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully. HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key deleted successfully. HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key deleted successfully. C:\Documents and Settings\Administrator\Local Settings\desktop.ini => Moved successfully. C:\Documents and Settings\Administrator\ntuser.ini => Moved successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat => Moved successfully. C:\Documents and Settings\user1\Application Data\SearchProtect => Moved successfully. C:\Documents and Settings\Administrator\Local Settings\desktop.ini => File/Directory not found. C:\Documents and Settings\NetworkService\Local Settings\desktop.ini => Moved successfully. C:\Documents and Settings\user1\Local Settings\desktop.ini => Moved successfully. C:\Documents and Settings\LocalService\Local Settings\desktop.ini => Moved successfully. C:\Documents and Settings\Administrator\ntuser.ini => File/Directory not found. C:\Documents and Settings\user1\Application Data\SearchProtect => File/Directory not found. C:\Documents and Settings\user1\Local Settings\Application Data\Conduit => Moved successfully. C:\Program Files\SearchProtect => Moved successfully. ==== End of Fixlog ==== i did a restart and same thing just a white screen what can i do next any help would be great thanks
  13. Operating system: windows xp sp3 Architecture: 32 bit Antivirus software and on-demand scanners on this system : none Date and how issue started: 6-12-2013 virus asking for money then when it loads it stuck on a white screen Current issues and symptoms: white screen, cant use any safe modes except for command only in admin not user, under f8 at the top there is no repair computer. Steps taken in order to remove the infection: tried kickstarter using flash nothing happens, tried safe modes but it just restarts afterwards unless i use command then admin works but not under user or it will reboot. im trying to use farbar but need. REQUESTED LOGS: OTL LOG aswMBR LOG need help getting rid of virus using farbar here is my recent scan Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02 Ran by Administrator (administrator) on 27-06-2013 17:38:56 Running from G:\ Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [213936 2006-05-16] (Macrovision Corporation) HKLM\...\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler [213936 2006-05-16] (Macrovision Corporation) HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x] HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x] HKLM\...\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall [1121792 2005-08-12] (McAfee, Inc.) HKLM\...\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300" [99840 2003-06-04] (SEIKO EPSON CORPORATION) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [] [x] HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [901800 2011-11-17] (Ask) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe HKU\Rick.DBVW4W91\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [x] HKU\Rick.DBVW4W91\...\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [x] HKU\Rick.DBVW4W91\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [x] HKU\Rick.DBVW4W91\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x] HKU\user1\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] HKU\user1\...\Command Processor: "C:\DOCUME~1\user1\LOCALS~1\Temp\snoafeedeyfctetvc.exe" <===== ATTENTION! Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe () Startup: C:\Documents and Settings\Rick.DBVW4W91\Start Menu\Programs\Startup\Registry Defender Platinum.lnk ShortcutTarget: Registry Defender Platinum.lnk -> C:\Program Files\Registry Defender Platinum\RegistryDefender.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll...r=iesearch HKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={s...r:source?} SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearc...archTerms} SearchScopes: HKCU - DefaultScope value is missing. BHO: Produtools Manuals Toolbar - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files\Produtools_Manuals\prxtbPro2.dll (Conduit Ltd.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Vgrabber v1.5 Toolbar - {73507124-6acd-43aa-b749-c3bcfefbea97} - C:\Program Files\Vgrabber_v1.5\prxtbVgr2.dll (Conduit Ltd.) BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM - Produtools Manuals Toolbar - {16bb67e0-6319-4077-be84-f41269e051f3} - C:\Program Files\Produtools_Manuals\prxtbPro2.dll (Conduit Ltd.) Toolbar: HKLM - Vgrabber v1.5 Toolbar - {73507124-6acd-43aa-b749-c3bcfefbea97} - C:\Program Files\Vgrabber_v1.5\prxtbVgr2.dll (Conduit Ltd.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/auto...s-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shock...wflash.cab Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2008-06-18] (Meetinghouse Data Communications) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-09] (Malwarebytes Corporation) S3 motport; C:\Windows\System32\DRIVERS\motport.sys [23680 2007-06-18] (Motorola) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 rtl8185; C:\Windows\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation ) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) S4 Abiosdsk; No ImagePath S4 Atdisk; No ImagePath S3 bvrp_pci; No ImagePath S3 CA561; System32\Drivers\SPCA561.SYS [x] S1 Changer; No ImagePath S1 lbrtfdc; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 Simbad; No ImagePath S3 wanatw; system32\DRIVERS\wanatw4.sys [x] S3 WDICA; No ImagePath ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-06-26 22:42 - 2013-06-27 07:02 - 00000000 ____D C:\FRST 2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC 2013-06-26 17:19 - 2013-06-27 17:38 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2013-06-26 17:19 - 2013-06-27 12:52 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-06-26 17:19 - 2006-04-25 00:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Corel 2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent 2013-06-26 17:19 - 2006-04-25 00:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch 2013-06-26 17:19 - 2006-04-25 00:13 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Symantec 2013-06-26 17:19 - 2006-04-25 00:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\CCWin 2013-06-26 17:19 - 2006-04-25 00:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\BVRP Software 2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030} 2013-06-26 17:19 - 2006-04-25 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sun 2013-06-26 17:19 - 2005-08-16 19:52 - 00000136 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat 2013-06-26 17:19 - 2005-08-16 03:52 - 00001298 ____A C:\Documents and Settings\Administrator\Desktop\Media Center.lnk 2013-06-26 17:19 - 2005-08-16 03:33 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini 2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll 2013-06-26 13:32 - 2008-04-13 18:11 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidserv.dll 2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml 2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log 2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log 2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log 2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log 2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat 2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END 2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software 2013-06-08 11:29 - 2013-06-08 11:27 - 01169609 ____A C:\Windows\unins000.exe 2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Program Files\Vgrabber_v1.5 2013-06-08 11:28 - 2013-06-23 11:41 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5 2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\SearchProtect 2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE 2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Application Data\SearchProtect 2013-06-08 11:28 - 2013-05-08 00:10 - 00770384 ____A (Microsoft Corporation) C:\Windows\System32\msvcr100.dll 2013-06-08 11:28 - 2013-05-08 00:10 - 00421200 ____A (Microsoft Corporation) C:\Windows\System32\msvcp100.dll ==================== One Month Modified Files and Folders ======== 2013-06-27 17:38 - 2013-06-26 17:19 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2013-06-27 17:38 - 2005-08-16 03:49 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-06-27 17:32 - 2005-08-16 03:49 - 00032514 ____A C:\Windows\SchedLgU.Txt 2013-06-27 17:32 - 2005-08-16 03:49 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-27 17:31 - 2012-12-09 15:13 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-27 17:31 - 2009-11-11 15:25 - 00000178 __ASH C:\Documents and Settings\user1\ntuser.ini 2013-06-27 17:31 - 2009-11-11 15:25 - 00000062 __ASH C:\Documents and Settings\user1\Local Settings\desktop.ini 2013-06-27 17:31 - 2005-08-16 03:49 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-06-27 17:31 - 2005-08-16 03:40 - 01641136 ____A C:\Windows\WindowsUpdate.log 2013-06-27 17:31 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Registration 2013-06-27 17:31 - 2005-08-16 03:35 - 00000216 ____A C:\Windows\wiadebug.log 2013-06-27 17:31 - 2005-08-16 03:35 - 00000049 ____A C:\Windows\wiaservc.log 2013-06-27 17:24 - 2012-01-11 10:24 - 00000234 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job 2013-06-27 16:34 - 2012-12-09 15:13 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-27 16:30 - 2012-08-29 19:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-27 16:19 - 2005-08-16 03:18 - 00002206 ____A C:\Windows\System32\wpa.dbl 2013-06-27 12:52 - 2013-06-26 17:19 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-06-27 07:02 - 2013-06-26 22:42 - 00000000 ____D C:\FRST 2013-06-26 22:41 - 2013-06-26 22:41 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-06-26 21:40 - 2009-11-11 13:16 - 00398358 ____A C:\Windows\setupapi.log 2013-06-26 21:40 - 2006-04-24 23:51 - 00013538 ____A C:\Windows\setupact.log 2013-06-26 18:10 - 2013-06-26 18:10 - 00000000 ____D C:\Windows\CSC 2013-06-23 18:24 - 2008-01-02 15:55 - 00000230 ____A C:\Windows\RTacDbg.txt 2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\Vgrabber_v1.5 2013-06-23 11:41 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Vgrabber_v1.5 2013-06-21 15:22 - 2012-07-15 21:13 - 00001436 ____A C:\Documents and Settings\user1\My Documents\download.qfx 2013-06-21 12:53 - 2013-06-21 12:53 - 00009227 ____A C:\Documents and Settings\user1\My Documents\Your Loan is Conditionally Approved!.eml 2013-06-20 06:39 - 2013-05-14 08:18 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2013-06-15 07:31 - 2010-03-05 14:44 - 00000000 ____D C:\Documents and Settings\user1\Application Data\Adobe 2013-06-12 15:30 - 2012-08-29 19:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-12 15:30 - 2012-08-29 19:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-09 19:02 - 2012-09-12 11:07 - 00000664 ____A C:\Windows\System32\d3d9caps.dat 2013-06-09 18:56 - 2013-06-09 18:56 - 00013074 ____A C:\Documents and Settings\user1\hs_err_pid5944.log 2013-06-09 18:52 - 2013-06-09 18:52 - 00012849 ____A C:\Documents and Settings\user1\hs_err_pid4104.log 2013-06-09 18:27 - 2013-06-09 18:27 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-06-09 18:20 - 2013-06-09 18:20 - 00012587 ____A C:\Documents and Settings\user1\hs_err_pid1044.log 2013-06-09 18:19 - 2013-06-09 18:19 - 00012856 ____A C:\Documents and Settings\user1\hs_err_pid2364.log 2013-06-08 20:00 - 2011-09-17 18:16 - 00000404 ____A C:\Windows\Tasks\Registry Winner Schedule.job 2013-06-08 11:42 - 2005-08-16 03:38 - 00000000 ____D C:\Windows\Microsoft.NET 2013-06-08 11:39 - 2005-08-16 03:33 - 00476650 ___AC C:\Windows\System32\PerfStringBackup.INI 2013-06-08 11:30 - 2012-03-13 16:14 - 00000000 ____D C:\Documents and Settings\user1\Application Data\PriceGong 2013-06-08 11:29 - 2013-06-08 11:29 - 00086535 ____A C:\Windows\unins000.dat 2013-06-08 11:29 - 2013-06-08 11:29 - 00000009 ____A C:\END 2013-06-08 11:29 - 2013-06-08 11:29 - 00000000 ____D C:\Program Files\vGrabber-software 2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Program Files\SearchProtect 2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\CRE 2013-06-08 11:28 - 2013-06-08 11:28 - 00000000 ____D C:\Documents and Settings\user1\Application Data\SearchProtect 2013-06-08 11:28 - 2012-03-13 16:08 - 00000000 ____D C:\Documents and Settings\user1\Local Settings\Application Data\Conduit 2013-06-08 11:27 - 2013-06-08 11:29 - 01169609 ____A C:\Windows\unins000.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ then i ran a fix listed below
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.