Jump to content

pcdaugs

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by pcdaugs

  1. pcdaugs
    Hello Andro1d, I think I might have gotten this figured out, time will tell. I went into the BIOS and reset all of the defaults. Now my system is starting and staying on with out the BSODs. I was able to run the computer and work on it for over 2 hours before shutting down last night. I am not sure why this worked but as you noted my log for the desktop doesn't seem to have anything wrong with it. Thank you for your help and I will certainly let others know about the help that is on this website. I also made sure I have an anti-virus product on my computer and I download the premium malwarebytes product and have that running daily. Thank You, Paul
  2. pcdaugs
    Here is the log. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014Ran by Daugs (administrator) on DAUGS-PC on 16-04-2014 21:58:49Running from C:\Users\Daugs\DownloadsWindows 7 Professional (X64) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe(Microsoft Corporation) C:\Windows\system32\msiexec.exe(Farbar) C:\Users\Daugs\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x626BDE5BD147CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR HomePage: CHR Extension: (QR Creator) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2014-03-24]CHR Extension: (Torrent Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2014-03-24]CHR Extension: (Google Docs) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]CHR Extension: (Google Drive) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]CHR Extension: (YouTube) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24]CHR Extension: (Google Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24]CHR Extension: (Backtick) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2014-03-24]CHR Extension: (MailChimp) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2014-03-24]CHR Extension: (Pandora) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-03-24]CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-03-24]CHR Extension: (No Name) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-03-24]CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-03-24]CHR Extension: (Google Voice (by Google)) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-03-24]CHR Extension: (Any.do Extension) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-03-24]CHR Extension: (Ustream Lounge) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\klpjjhflaaojjogkompcfpoejaneeika [2014-03-24]CHR Extension: (HootSuite) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-03-24]CHR Extension: (Evernote Web) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-24]CHR Extension: (LastPass Vault) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-03-24]CHR Extension: (Google Wallet) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]CHR Extension: (Gmail) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-24] ==================== Services (Whitelisted) ================= ==================== Drivers (Whitelisted) ==================== ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 21:58 - 2014-04-16 21:58 - 02158592 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64 (1).exe2014-04-16 21:56 - 2014-04-16 21:56 - 00286760 _____ () C:\Windows\Minidump\041614-21855-01.dmp2014-04-16 21:15 - 2014-04-16 21:15 - 00291976 _____ () C:\Windows\Minidump\041614-22479-01.dmp2014-03-24 21:46 - 2014-03-24 21:46 - 00000320 _____ () C:\Windows\PFRO.log2014-03-24 21:42 - 2014-03-24 21:18 - 00000000 ____D () C:\Windows\Panther2014-03-24 21:33 - 2014-03-24 21:33 - 00017547 _____ () C:\Users\Daugs\Downloads\Shortcut.txt2014-03-24 21:33 - 2014-03-24 21:33 - 00007613 _____ () C:\Users\Daugs\Downloads\Addition.txt2014-03-24 21:32 - 2014-04-16 21:58 - 00006549 _____ () C:\Users\Daugs\Downloads\FRST.txt2014-03-24 21:32 - 2014-04-16 21:58 - 00000000 ____D () C:\FRST2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Program Files (x86)\Google2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.02014-03-24 21:23 - 2014-04-16 21:56 - 409689897 _____ () C:\Windows\MEMORY.DMP2014-03-24 21:23 - 2014-04-16 21:56 - 00000000 ____D () C:\Windows\Minidump2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-03-24 21:20 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-03-24 21:20 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-03-24 21:20 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-03-24 21:20 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-03-24 21:19 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-03-24 21:19 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-03-24 21:18 - 2014-03-24 21:40 - 00027947 _____ () C:\Windows\WindowsUpdate.log2014-03-24 21:18 - 2014-03-24 21:20 - 00000000 ____D () C:\Users\Daugs2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore2014-03-24 21:18 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-03-24 21:18 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log ==================== One Month Modified Files and Folders ======= 2014-04-16 21:58 - 2014-04-16 21:58 - 02158592 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64 (1).exe2014-04-16 21:58 - 2014-03-24 21:32 - 00006549 _____ () C:\Users\Daugs\Downloads\FRST.txt2014-04-16 21:58 - 2014-03-24 21:32 - 00000000 ____D () C:\FRST2014-04-16 21:58 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-04-16 21:58 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-04-16 21:56 - 2014-04-16 21:56 - 00286760 _____ () C:\Windows\Minidump\041614-21855-01.dmp2014-04-16 21:56 - 2014-03-24 21:23 - 409689897 _____ () C:\Windows\MEMORY.DMP2014-04-16 21:56 - 2014-03-24 21:23 - 00000000 ____D () C:\Windows\Minidump2014-04-16 21:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-16 21:56 - 2009-07-13 23:51 - 00021858 _____ () C:\Windows\setupact.log2014-04-16 21:15 - 2014-04-16 21:15 - 00291976 _____ () C:\Windows\Minidump\041614-22479-01.dmp2014-03-24 23:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-03-24 21:46 - 2014-03-24 21:46 - 00000320 _____ () C:\Windows\PFRO.log2014-03-24 21:42 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG2014-03-24 21:42 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template2014-03-24 21:40 - 2014-03-24 21:18 - 00027947 _____ () C:\Windows\WindowsUpdate.log2014-03-24 21:33 - 2014-03-24 21:33 - 00017547 _____ () C:\Users\Daugs\Downloads\Shortcut.txt2014-03-24 21:33 - 2014-03-24 21:33 - 00007613 _____ () C:\Users\Daugs\Downloads\Addition.txt2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe2014-03-24 21:27 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Program Files (x86)\Google2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.02014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-03-24 21:20 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs2014-03-24 21:18 - 2014-03-24 21:42 - 00000000 ____D () C:\Windows\Panther2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore2014-03-24 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore2014-03-24 21:18 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries2014-03-24 20:47 - 2009-07-13 23:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log2014-03-24 20:45 - 2009-07-13 23:46 - 00001774 _____ () C:\Windows\DtcInstall.log2014-03-24 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep2014-03-24 20:43 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\CSC ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-24 20:42 ==================== End Of Log ============================
  3. pcdaugs
    Hello Andro1d, I will do as you prescribe tonight and post the logs. Thank you for the help. Best Regards, Paul
  4. pcdaugs
    Yes I am if I start the computer normally it shuts down 5 to 10 minutes after being started. Thus is after reformatting the hard drive and reinstalling. Any help would be great! I well be home tonight to work on it. Thanks, Paul
  5. pcdaugs
    Hello All, I posted earlier in the month with a drastically infected machine and in the end I decided to reformat the hard drive and start fresh. However I ran in to several problem when starting fresh but getting several blue screens of death that flickered by too quickly to understand the or even read the error screen. After seeing that I started back up in safe mode with networking and ran the Farbar Recovery Tool to get me the log below. Please let me know if you all see something that could be the problem. As far as I know I don't know why I continue to get the blue screen even after starting fresh. Any help would be appreciated. Best Regards, Paul Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Daugs (administrator) on DAUGS-PC on 24-03-2014 21:32:47Running from C:\Users\Daugs\DownloadsWindows 7 Professional (X64) OS Language: English(US)Internet Explorer Version 8Boot Mode: Safe Mode (with Networking) The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x626BDE5BD147CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeTcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: =======CHR HomePage: CHR Extension: (QR Creator) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2014-03-24]CHR Extension: (Torrent Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2014-03-24]CHR Extension: (Google Docs) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]CHR Extension: (Google Drive) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]CHR Extension: (YouTube) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24]CHR Extension: (Google Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24]CHR Extension: (Backtick) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2014-03-24]CHR Extension: (MailChimp) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2014-03-24]CHR Extension: (Pandora) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-03-24]CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-03-24]CHR Extension: (No Name) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-03-24]CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-03-24]CHR Extension: (Google Voice (by Google)) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-03-24]CHR Extension: (Any.do Extension) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-03-24]CHR Extension: (Ustream Lounge) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\klpjjhflaaojjogkompcfpoejaneeika [2014-03-24]CHR Extension: (HootSuite) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-03-24]CHR Extension: (Evernote Web) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-24]CHR Extension: (LastPass Vault) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-03-24]CHR Extension: (Google Wallet) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]CHR Extension: (Gmail) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-24] ==================== Services (Whitelisted) ================= ==================== Drivers (Whitelisted) ==================== ========================== Drivers MD5 ======================= C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legitC:\Windows\system32\drivers\afd.sys B9384E03479D2506BC924C16A3DB87BCC:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\amdsata.sys 7A4B413614C055935567CF88A9734D38C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legitC:\Windows\system32\drivers\appid.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legitC:\Windows\System32\Drivers\Beep.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legitC:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legitC:\Windows\System32\CLFS.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legitC:\Windows\System32\Drivers\cng.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legitC:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CBC:\Windows\System32\Drivers\dfsc.sys 3F1DC527070ACB87E40AFE46EF6DA749C:\Windows\System32\drivers\discache.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legitC:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legitC:\Windows\System32\drivers\dxgkrnl.sys 7CB7D2B73813CE05C7BC0F5F95D27CECC:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legitC:\Windows\System32\Drivers\exfat.sys ==> MD5 is legitC:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legitC:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legitC:\Windows\System32\drivers\filetrace.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitC:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legitC:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legitC:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legitC:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legitC:\Windows\System32\drivers\HTTP.sys ==> MD5 is legitC:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\i8042prt.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legitC:\Windows\System32\drivers\ipnat.sys ==> MD5 is legitC:\Windows\System32\drivers\irenum.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legitC:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legitC:\Windows\System32\Drivers\ksecpkg.sys BBE1BF6D9B661C354D4857D5FADB943BC:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legitC:\Windows\system32\drivers\luafv.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legitC:\Windows\System32\drivers\modem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legitC:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mrxsmb.sys CFDCD8CA87C2A657DEBC150AC35B5E08C:\Windows\System32\DRIVERS\mrxsmb10.sys 1BEE517B220B7F024F411AEC1571DD5AC:\Windows\System32\DRIVERS\mrxsmb20.sys 6B2D5FEF385828B6E485C1C90AFB8195C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legitC:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legitC:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legitC:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legitC:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legitC:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legitC:\Windows\System32\Drivers\mup.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legitC:\Windows\System32\drivers\ndis.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legitC:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legitC:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legitC:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legitC:\Windows\System32\Drivers\Null.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legitC:\Windows\System32\drivers\partmgr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legitC:\Windows\System32\drivers\pcw.sys ==> MD5 is legitC:\Windows\System32\drivers\peauth.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legitC:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legitC:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legitC:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legitC:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BECC:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legitC:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legitC:\Windows\System32\Drivers\spldr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\srv.sys EC8F67289105BF270498095F14963464C:\Windows\System32\DRIVERS\srv2.sys F773D2ED090B7BAA1C1A034F3CA476C8C:\Windows\System32\DRIVERS\srvnet.sys 26E84D3649019C3244622E654DFCD75BC:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09AC:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legitC:\Windows\System32\drivers\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1C:\Windows\System32\DRIVERS\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legitC:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legitC:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\USBSTOR.SYS ==> MD5 is legitC:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitC:\Windows\System32\drivers\vga.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592CC:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legitC:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legitC:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legitC:\Windows\System32\drivers\wimmount.sys ==> MD5 is legitC:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legitC:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legitC:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-24 21:42 - 2014-03-24 21:18 - 00000000 ____D () C:\Windows\Panther2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe2014-03-24 21:32 - 2014-03-24 21:32 - 00019111 _____ () C:\Users\Daugs\Downloads\FRST.txt2014-03-24 21:32 - 2014-03-24 21:32 - 00000000 ____D () C:\FRST2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Program Files (x86)\Google2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.02014-03-24 21:23 - 2014-03-24 21:23 - 490975017 _____ () C:\Windows\MEMORY.DMP2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp2014-03-24 21:23 - 2014-03-24 21:23 - 00000000 ____D () C:\Windows\Minidump2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-03-24 21:20 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-03-24 21:20 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-03-24 21:20 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-03-24 21:20 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-03-24 21:19 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-03-24 21:19 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-03-24 21:18 - 2014-03-24 21:20 - 00025650 _____ () C:\Windows\WindowsUpdate.log2014-03-24 21:18 - 2014-03-24 21:20 - 00000000 ____D () C:\Users\Daugs2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore2014-03-24 21:18 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-03-24 21:18 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log ==================== One Month Modified Files and Folders ======= 2014-03-24 23:17 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-03-24 23:17 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-03-24 23:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-24 23:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-03-24 21:42 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG2014-03-24 21:42 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe2014-03-24 21:32 - 2014-03-24 21:32 - 00019111 _____ () C:\Users\Daugs\Downloads\FRST.txt2014-03-24 21:32 - 2014-03-24 21:32 - 00000000 ____D () C:\FRST2014-03-24 21:27 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Program Files (x86)\Google2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.02014-03-24 21:23 - 2014-03-24 21:23 - 490975017 _____ () C:\Windows\MEMORY.DMP2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp2014-03-24 21:23 - 2014-03-24 21:23 - 00000000 ____D () C:\Windows\Minidump2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-03-24 21:20 - 2014-03-24 21:18 - 00025650 _____ () C:\Windows\WindowsUpdate.log2014-03-24 21:20 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs2014-03-24 21:18 - 2014-03-24 21:42 - 00000000 ____D () C:\Windows\Panther2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore2014-03-24 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore2014-03-24 21:18 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries2014-03-24 20:47 - 2009-07-13 23:51 - 00021690 _____ () C:\Windows\setupact.log2014-03-24 20:47 - 2009-07-13 23:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log2014-03-24 20:45 - 2009-07-13 23:46 - 00001774 _____ () C:\Windows\DtcInstall.log2014-03-24 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep2014-03-24 20:43 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\CSC ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Windows Boot Manager--------------------identifier {bootmgr}device partition=\Device\HarddiskVolume1description Windows Boot Managerlocale en-USinherit {globalsettings}default {current}resumeobject {0a7cb8b4-b3c7-11e3-9b1e-814c7fe8d58b}displayorder {current}toolsdisplayorder {memdiag}timeout 30 Windows Boot Loader-------------------identifier {current}device partition=C:path \Windows\system32\winload.exedescription Windows 7locale en-USinherit {bootloadersettings}recoverysequence {0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b}recoveryenabled Yesosdevice partition=C:systemroot \Windowsresumeobject {0a7cb8b4-b3c7-11e3-9b1e-814c7fe8d58b}nx OptIn Windows Boot Loader-------------------identifier {0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b}device ramdisk=[C:]\Recovery\0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b\Winre.wim,{0a7cb8b7-b3c7-11e3-9b1e-814c7fe8d58b}path \windows\system32\winload.exedescription Windows Recovery Environmentinherit {bootloadersettings}osdevice ramdisk=[C:]\Recovery\0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b\Winre.wim,{0a7cb8b7-b3c7-11e3-9b1e-814c7fe8d58b}systemroot \windowsnx OptInwinpe Yes Resume from Hibernate---------------------identifier {0a7cb8b4-b3c7-11e3-9b1e-814c7fe8d58b}device partition=C:path \Windows\system32\winresume.exedescription Windows Resume Applicationlocale en-USinherit {resumeloadersettings}filedevice partition=C:filepath \hiberfil.sysdebugoptionenabled No Windows Memory Tester---------------------identifier {memdiag}device partition=\Device\HarddiskVolume1path \boot\memtest.exedescription Windows Memory Diagnosticlocale en-USinherit {globalsettings}badmemoryaccess Yes EMS Settings------------identifier {emssettings}bootems Yes Debugger Settings-----------------identifier {dbgsettings}debugtype Serialdebugport 1baudrate 115200 RAM Defects-----------identifier {badmemory} Global Settings---------------identifier {globalsettings}inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings--------------------identifier {bootloadersettings}inherit {globalsettings} {hypervisorsettings} Hypervisor Settings-------------------identifier {hypervisorsettings}hypervisordebugtype Serialhypervisordebugport 1hypervisorbaudrate 115200 Resume Loader Settings----------------------identifier {resumeloadersettings}inherit {globalsettings} Device options--------------identifier {0a7cb8b7-b3c7-11e3-9b1e-814c7fe8d58b}description Ramdisk Optionsramdisksdidevice partition=C:ramdisksdipath \Recovery\0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b\boot.sdi LastRegBack: 2014-03-24 20:42 ==================== End Of Log ============================
  6. pcdaugs
    Hello CatByte, I have decided to reformat the hard drive and install a new operating system. I really appreciate all of you help on this I was running the ComboFix software but my system just kept shutting down before I had time to run it. So I got frustrated and I am in the process of pulling all of the data off of the drive that I want so I can reformat and clear the drive completely. This experience has taught me to keep a better eye on my machines so I don't have to do this again. Thank You, Paul
  7. pcdaugs
    I will give this a shot and let you know what happens. thanks,
  8. pcdaugs
    Well every time I try to run mbar my computer shuts down with the same error I have been running into since I started trying to fix it. Any thoughts about what we can do with that?
  9. pcdaugs
    Here is the FixLog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02Ran by Daugs at 2014-03-05 21:27:48 Run:1Running from C:\Users\Daugs\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************startHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=901251890&ir=HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=901251890&ir=HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=901251890&ir=URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No FileSearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {38527D85-B835-4F23-8AA3-7C9930650B4D} URL = http://www.mysearchr...?c=2355&t=01&q={searchTerms}SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}SearchScopes: HKCU - {7B3AC98A-5AE8-49F0-B8AD-6F4A47FE4D0C} URL = http://search.condui...urce=45&UM=2&q={searchTerms}SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://websearch.ask...0031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=4CA0B5AA-5F8B-484C-8B29-BD26BA1D8965&apn_sauid=A696E9E0-07FB-4E23-B6B8-4BCBE5246CAFBHO: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No FileBHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No FileBHO-x32: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No FileBHO-x32: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No FileBHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No FileBHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Daugs\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No FileToolbar: HKLM-x32 - Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileTask: C:\Windows\Tasks\Digital Sites.job => C:\Users\Daugs\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONend ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38527D85-B835-4F23-8AA3-7C9930650B4D} => Key deleted successfully.HKCR\CLSID\{38527D85-B835-4F23-8AA3-7C9930650B4D} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B3AC98A-5AE8-49F0-B8AD-6F4A47FE4D0C} => Key deleted successfully.HKCR\CLSID\{7B3AC98A-5AE8-49F0-B8AD-6F4A47FE4D0C} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A486DC73-64E3-4F6D-AA16-10B8C2252628} => Key deleted successfully.HKCR\CLSID\{A486DC73-64E3-4F6D-AA16-10B8C2252628} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key deleted successfully.HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0} => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{377e5d4d-77e5-476a-8716-7e70a9272da0} => Value deleted successfully.HKCR\Wow6432Node\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.C:\Windows\Tasks\Digital Sites.job => Moved successfully. ==== End of Fixlog ==== What next? I can run the mbar program now it looks like.
  10. pcdaugs
    I got the FRST run and but mbar is not running. I am going to still work at getting it run though. Here is the LOG file from FRST FRST.txtScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02Ran by Daugs (administrator) on DAUGS-PC on 05-03-2014 21:00:40Running from C:\Windows\System32\config\systemprofile\DesktopWindows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD7F990A695ADCD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No FileSearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=120&systemid=406&v=a9301-114&apn_uid=1530318458124034&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=120&systemid=406&v=a9301-114&apn_uid=1530318458124034&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=120&systemid=406&v=a9301-114&apn_uid=1530318458124034&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {38527D85-B835-4F23-8AA3-7C9930650B4D} URL = http://www.mysearchresults.com/search?c=2355&t=01&q={searchTerms}SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=120&systemid=406&v=a9301-114&apn_uid=1530318458124034&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}SearchScopes: HKCU - {7B3AC98A-5AE8-49F0-B8AD-6F4A47FE4D0C} URL = http://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=SearchScopes: HKCU - {A486DC73-64E3-4F6D-AA16-10B8C2252628} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=4CA0B5AA-5F8B-484C-8B29-BD26BA1D8965&apn_sauid=A696E9E0-07FB-4E23-B6B8-4BCBE5246CAFBHO: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No FileBHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No FileBHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No FileBHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No FileBHO-x32: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No FileBHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No FileBHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Daugs\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No FileBHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM-x32 - Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No FileToolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== NetSvcs (Whitelisted) =================== ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-10 15:37 ==================== End Of Log ============================ Addition.txtAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014 02Ran by Daugs at 2014-03-05 21:02:47Running from C:\Windows\System32\config\systemprofile\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: BullGuard Antivirus (Enabled - Out of date) {C3CCAC61-52F7-A056-1860-6406566E2578}AS: BullGuard Antispyware (Enabled - Out of date) {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: BullGuard Firewall (Enabled) {FBF72D44-1898-A10E-333F-CD33A8BD6203} ==================== Installed Programs ====================== ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\Digital Sites.job => C:\Users\Daugs\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1587915867-4008423288-1005279028-1001Core.job => C:\Users\Daugs\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1587915867-4008423288-1005279028-1001UA.job => C:\Users\Daugs\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginMSCONFIG\startupreg: SearchProtect => C:\Users\Administrator\AppData\Roaming\SearchProtect\bin\cltmng.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (03/05/2014 09:01:06 PM) (Source: Application Error) (User: )Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7fFaulting module name: SHELL32.dll, version: 6.1.7601.18222, time stamp: 0x51f1ddfaException code: 0xc0000005Fault offset: 0x0000000000097c3eFaulting process id: 0x109cFaulting application start time: 0xwmpnetwk.exe0Faulting application path: wmpnetwk.exe1Faulting module path: wmpnetwk.exe2Report Id: wmpnetwk.exe3 Error: (03/05/2014 09:00:23 PM) (Source: Application Error) (User: )Description: Faulting application name: svchost.exe_nsi, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1Faulting module name: IPHLPAPI.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7c6daException code: 0xc0000005Fault offset: 0x0000000000003abcFaulting process id: 0x3c4Faulting application start time: 0xsvchost.exe_nsi0Faulting application path: svchost.exe_nsi1Faulting module path: svchost.exe_nsi2Report Id: svchost.exe_nsi3 Error: (03/05/2014 09:00:18 PM) (Source: Application Error) (User: )Description: Faulting application name: RarExtLoader.exe, version: 3.93.0.0, time stamp: 0x4b9dd387Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000005Fault offset: 0x0003867cFaulting process id: 0x1598Faulting application start time: 0xRarExtLoader.exe0Faulting application path: RarExtLoader.exe1Faulting module path: RarExtLoader.exe2Report Id: RarExtLoader.exe3 Error: (03/05/2014 08:57:12 PM) (Source: Application Error) (User: )Description: Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1Faulting module name: gpsvc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c66aException code: 0xc0000005Fault offset: 0x000000000001873eFaulting process id: 0x3dcFaulting application start time: 0xsvchost.exe_gpsvc0Faulting application path: svchost.exe_gpsvc1Faulting module path: svchost.exe_gpsvc2Report Id: svchost.exe_gpsvc3 Error: (03/05/2014 08:24:58 PM) (Source: Application Error) (User: )Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1dFaulting module name: DEVOBJ.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdee1Exception code: 0xc0000005Fault offset: 0x0000000000002bfeFaulting process id: 0x500Faulting application start time: 0xspoolsv.exe0Faulting application path: spoolsv.exe1Faulting module path: spoolsv.exe2Report Id: spoolsv.exe3 Error: (02/27/2014 09:31:57 PM) (Source: Application Error) (User: )Description: Faulting application name: Dropbox.exe, version: 2.4.11.0, time stamp: 0x527d91e4Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000005Fault offset: 0x0005b6acFaulting process id: 0x994Faulting application start time: 0xDropbox.exe0Faulting application path: Dropbox.exe1Faulting module path: Dropbox.exe2Report Id: Dropbox.exe3 Error: (02/21/2014 11:07:23 AM) (Source: Application Error) (User: )Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9Faulting module name: MMDevAPI.DLL, version: 6.1.7600.16385, time stamp: 0x4a5bdf68Exception code: 0xc0000005Fault offset: 0x00000000000069beFaulting process id: 0x23cFaulting application start time: 0xAUDIODG.EXE0Faulting application path: AUDIODG.EXE1Faulting module path: AUDIODG.EXE2Report Id: AUDIODG.EXE3 Error: (02/20/2014 09:52:59 PM) (Source: Application Error) (User: )Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637Faulting module name: RPCRT4.dll, version: 6.1.7601.18205, time stamp: 0x51db9710Exception code: 0xc0000005Fault offset: 0x00020d80Faulting process id: 0xe8cFaulting application start time: 0xrundll32.exe0Faulting application path: rundll32.exe1Faulting module path: rundll32.exe2Report Id: rundll32.exe3 Error: (02/20/2014 09:36:41 PM) (Source: Application Error) (User: )Description: Faulting application name: CopyAgent.exe, version: 1.42.277.0, time stamp: 0x52f14e97Faulting module name: CopyAgent.exe, version: 1.42.277.0, time stamp: 0x52f14e97Exception code: 0xc0000005Fault offset: 0x00000000001137c2Faulting process id: 0x1124Faulting application start time: 0xCopyAgent.exe0Faulting application path: CopyAgent.exe1Faulting module path: CopyAgent.exe2Report Id: CopyAgent.exe3 Error: (02/20/2014 09:36:25 PM) (Source: Application Error) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25Exception code: 0xc0000005Fault offset: 0x0000000000013d3cFaulting process id: 0xb98Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 System errors:=============Error: (03/05/2014 09:02:36 PM) (Source: Service Control Manager) (User: )Description: The Windows Update service hung on starting. Error: (03/05/2014 09:02:27 PM) (Source: Service Control Manager) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: %%1056 Error: (03/05/2014 09:01:14 PM) (Source: Service Control Manager) (User: )Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )Description: The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s). Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )Description: The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )Description: The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )Description: The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )Description: The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s). Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )Description: The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Microsoft Office Sessions:=========================Error: (12/04/2013 11:22:46 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 89 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/09/2013 03:27:17 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 212124 seconds with 120 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 13%Total physical RAM: 16381.55 MBAvailable physical RAM: 14089.72 MBTotal Pagefile: 32761.29 MBAvailable Pagefile: 30445.58 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:273.63 GB) NTFSDrive f: () (Removable) (Total:1.91 GB) (Free:1.9 GB) FAT ==================== End Of Log ============================ Thanks for the help! pcdaugs
  11. pcdaugs
    Hello CatByte, Thanks for your help with getting my computer cleaned up and I do still need help with it. However I was able to get it to start before you posted the information early. I removed the hard drive and put it into a hard drive enclosure and scanned it with Malwarebyte Pro from my laptop. It clean off 34 object and then I was able to install it back in the desktop and it will now boot to the main user page. Now I am having trouble with getting it to stay on as it will shut down after logging into my main user account. I have downloaded the DDS file from the sticky post to the this forum and I plan to run that and post the log for further help. Probably won’t be able to complete this until Wednesday night. Thank you for checking in and sorry for my delayed response. Best Regards, pcdaugs
  12. pcdaugs
    Hello All, I have gotten an infected machine and I haven't been able to turn it on without turning off immediately after the tries to boot Windows 7. The only way I have been able to get at my hard drive is by pulling it out of the computer and using it like an external drive on my laptop. I am wondering how you would start cleaning this hard drive for use again. I am not sure how to figure out if the boot file is the issue so I would greatly appreciate some help. Thanks, Paul
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.