Jump to content

pcdaugs

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Posts posted by pcdaugs

    Is my computer infected

    in Resolved Malware Removal Logs

    Posted

    Hello Andro1d,

     

    I think I might have gotten this figured out, time will tell. I went into the BIOS and reset all of the defaults. Now my system is starting and staying on with out the BSODs. I was able to run the computer and work on it for over 2 hours before shutting down last night. I am not sure why this worked but as you noted my log for the desktop doesn't seem to have anything wrong with it.

     

    Thank you for your help and I will certainly let others know about the help that is on this website. I also made sure I have an anti-virus product on my computer and I download the premium malwarebytes product and have that running daily.

     

    Thank You,

     

    Paul

    Is my computer infected

    in Resolved Malware Removal Logs

    Posted

    Here is the log.

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
    Ran by Daugs (administrator) on DAUGS-PC on 16-04-2014 21:58:49
    Running from C:\Users\Daugs\Downloads
    Windows 7 Professional (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link for 32-Bit version:
    Download link for 64-Bit Version:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    (Farbar) C:\Users\Daugs\Downloads\FRST64 (1).exe
     
     
    ==================== Registry (Whitelisted) ==================
     
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x626BDE5BD147CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
     
    Chrome: 
    =======
    CHR HomePage: 
    CHR Extension: (QR Creator) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2014-03-24]
    CHR Extension: (Torrent Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2014-03-24]
    CHR Extension: (Google Docs) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]
    CHR Extension: (Google Drive) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]
    CHR Extension: (YouTube) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24]
    CHR Extension: (Google Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24]
    CHR Extension: (Backtick) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2014-03-24]
    CHR Extension: (MailChimp) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2014-03-24]
    CHR Extension: (Pandora) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-03-24]
    CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-03-24]
    CHR Extension: (No Name) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-03-24]
    CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-03-24]
    CHR Extension: (Google Voice (by Google)) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-03-24]
    CHR Extension: (Any.do Extension) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-03-24]
    CHR Extension: (Ustream Lounge) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\klpjjhflaaojjogkompcfpoejaneeika [2014-03-24]
    CHR Extension: (HootSuite) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-03-24]
    CHR Extension: (Evernote Web) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-24]
    CHR Extension: (LastPass Vault) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-03-24]
    CHR Extension: (Google Wallet) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]
    CHR Extension: (Gmail) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-24]
     
    ==================== Services (Whitelisted) =================
     
     
    ==================== Drivers (Whitelisted) ====================
     
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-04-16 21:58 - 2014-04-16 21:58 - 02158592 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64 (1).exe
    2014-04-16 21:56 - 2014-04-16 21:56 - 00286760 _____ () C:\Windows\Minidump\041614-21855-01.dmp
    2014-04-16 21:15 - 2014-04-16 21:15 - 00291976 _____ () C:\Windows\Minidump\041614-22479-01.dmp
    2014-03-24 21:46 - 2014-03-24 21:46 - 00000320 _____ () C:\Windows\PFRO.log
    2014-03-24 21:42 - 2014-03-24 21:18 - 00000000 ____D () C:\Windows\Panther
    2014-03-24 21:33 - 2014-03-24 21:33 - 00017547 _____ () C:\Users\Daugs\Downloads\Shortcut.txt
    2014-03-24 21:33 - 2014-03-24 21:33 - 00007613 _____ () C:\Users\Daugs\Downloads\Addition.txt
    2014-03-24 21:32 - 2014-04-16 21:58 - 00006549 _____ () C:\Users\Daugs\Downloads\FRST.txt
    2014-03-24 21:32 - 2014-04-16 21:58 - 00000000 ____D () C:\FRST
    2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe
    2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google
    2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.0
    2014-03-24 21:23 - 2014-04-16 21:56 - 409689897 _____ () C:\Windows\MEMORY.DMP
    2014-03-24 21:23 - 2014-04-16 21:56 - 00000000 ____D () C:\Windows\Minidump
    2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp
    2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-24 21:20 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-03-24 21:20 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-03-24 21:20 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-03-24 21:20 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-03-24 21:19 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-03-24 21:19 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-03-24 21:18 - 2014-03-24 21:40 - 00027947 _____ () C:\Windows\WindowsUpdate.log
    2014-03-24 21:18 - 2014-03-24 21:20 - 00000000 ____D () C:\Users\Daugs
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore
    2014-03-24 21:18 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-03-24 21:18 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log
     
    ==================== One Month Modified Files and Folders =======
     
    2014-04-16 21:58 - 2014-04-16 21:58 - 02158592 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64 (1).exe
    2014-04-16 21:58 - 2014-03-24 21:32 - 00006549 _____ () C:\Users\Daugs\Downloads\FRST.txt
    2014-04-16 21:58 - 2014-03-24 21:32 - 00000000 ____D () C:\FRST
    2014-04-16 21:58 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-04-16 21:58 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-04-16 21:56 - 2014-04-16 21:56 - 00286760 _____ () C:\Windows\Minidump\041614-21855-01.dmp
    2014-04-16 21:56 - 2014-03-24 21:23 - 409689897 _____ () C:\Windows\MEMORY.DMP
    2014-04-16 21:56 - 2014-03-24 21:23 - 00000000 ____D () C:\Windows\Minidump
    2014-04-16 21:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-16 21:56 - 2009-07-13 23:51 - 00021858 _____ () C:\Windows\setupact.log
    2014-04-16 21:15 - 2014-04-16 21:15 - 00291976 _____ () C:\Windows\Minidump\041614-22479-01.dmp
    2014-03-24 23:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-03-24 21:46 - 2014-03-24 21:46 - 00000320 _____ () C:\Windows\PFRO.log
    2014-03-24 21:42 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
    2014-03-24 21:42 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
    2014-03-24 21:40 - 2014-03-24 21:18 - 00027947 _____ () C:\Windows\WindowsUpdate.log
    2014-03-24 21:33 - 2014-03-24 21:33 - 00017547 _____ () C:\Users\Daugs\Downloads\Shortcut.txt
    2014-03-24 21:33 - 2014-03-24 21:33 - 00007613 _____ () C:\Users\Daugs\Downloads\Addition.txt
    2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe
    2014-03-24 21:27 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google
    2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.0
    2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp
    2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-24 21:20 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs
    2014-03-24 21:18 - 2014-03-24 21:42 - 00000000 ____D () C:\Windows\Panther
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore
    2014-03-24 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
    2014-03-24 21:18 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
    2014-03-24 20:47 - 2009-07-13 23:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log
    2014-03-24 20:45 - 2009-07-13 23:46 - 00001774 _____ () C:\Windows\DtcInstall.log
    2014-03-24 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
    2014-03-24 20:43 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\CSC
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
     
    LastRegBack: 2014-03-24 20:42
     
    ==================== End Of Log ============================

    Is my computer infected

    in Resolved Malware Removal Logs

    Posted

    Hello All,

     

    I posted earlier in the month with a drastically infected machine and in the end I decided to reformat the hard drive and start fresh. However I ran in to several problem when starting fresh but getting several blue screens of death that flickered by too quickly to understand the or even read the error screen. After seeing that I started back up in safe mode with networking and ran the Farbar Recovery Tool to get me the log below. Please let me know if you all see something that could be the problem. As far as I know I don't know why I continue to get the blue screen even after starting fresh. Any help would be appreciated.

     

    Best Regards,

     

    Paul

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by Daugs (administrator) on DAUGS-PC on 24-03-2014 21:32:47
    Running from C:\Users\Daugs\Downloads
    Windows 7 Professional (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Safe Mode (with Networking)
     
    The only official download link for FRST:
    Download link for 32-Bit version:
    Download link for 64-Bit Version:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x626BDE5BD147CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    Chrome: 
    =======
    CHR HomePage: 
    CHR Extension: (QR Creator) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2014-03-24]
    CHR Extension: (Torrent Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2014-03-24]
    CHR Extension: (Google Docs) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]
    CHR Extension: (Google Drive) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]
    CHR Extension: (YouTube) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24]
    CHR Extension: (Google Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24]
    CHR Extension: (Backtick) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2014-03-24]
    CHR Extension: (MailChimp) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2014-03-24]
    CHR Extension: (Pandora) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-03-24]
    CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-03-24]
    CHR Extension: (No Name) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-03-24]
    CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-03-24]
    CHR Extension: (Google Voice (by Google)) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-03-24]
    CHR Extension: (Any.do Extension) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-03-24]
    CHR Extension: (Ustream Lounge) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\klpjjhflaaojjogkompcfpoejaneeika [2014-03-24]
    CHR Extension: (HootSuite) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-03-24]
    CHR Extension: (Evernote Web) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-24]
    CHR Extension: (LastPass Vault) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-03-24]
    CHR Extension: (Google Wallet) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]
    CHR Extension: (Gmail) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-24]
     
    ==================== Services (Whitelisted) =================
     
     
    ==================== Drivers (Whitelisted) ====================
     
     
    ========================== Drivers MD5 =======================
     
    C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys B9384E03479D2506BC924C16A3DB87BC
    C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\amdsata.sys 7A4B413614C055935567CF88A9734D38
    C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit
    C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
    C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB
    C:\Windows\System32\Drivers\dfsc.sys 3F1DC527070ACB87E40AFE46EF6DA749
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\drivers\dxgkrnl.sys 7CB7D2B73813CE05C7BC0F5F95D27CEC
    C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\i8042prt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecpkg.sys BBE1BF6D9B661C354D4857D5FADB943B
    C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mrxsmb.sys CFDCD8CA87C2A657DEBC150AC35B5E08
    C:\Windows\System32\DRIVERS\mrxsmb10.sys 1BEE517B220B7F024F411AEC1571DD5A
    C:\Windows\System32\DRIVERS\mrxsmb20.sys 6B2D5FEF385828B6E485C1C90AFB8195
    C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
    C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
    C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6
    C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys EC8F67289105BF270498095F14963464
    C:\Windows\System32\DRIVERS\srv2.sys F773D2ED090B7BAA1C1A034F3CA476C8
    C:\Windows\System32\DRIVERS\srvnet.sys 26E84D3649019C3244622E654DFCD75B
    C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895
    C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A
    C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1
    C:\Windows\System32\DRIVERS\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1
    C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
    C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1
    C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C
    C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-03-24 21:42 - 2014-03-24 21:18 - 00000000 ____D () C:\Windows\Panther
    2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe
    2014-03-24 21:32 - 2014-03-24 21:32 - 00019111 _____ () C:\Users\Daugs\Downloads\FRST.txt
    2014-03-24 21:32 - 2014-03-24 21:32 - 00000000 ____D () C:\FRST
    2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google
    2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.0
    2014-03-24 21:23 - 2014-03-24 21:23 - 490975017 _____ () C:\Windows\MEMORY.DMP
    2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp
    2014-03-24 21:23 - 2014-03-24 21:23 - 00000000 ____D () C:\Windows\Minidump
    2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-24 21:20 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-03-24 21:20 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-03-24 21:20 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-03-24 21:20 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-03-24 21:19 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-03-24 21:19 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-03-24 21:18 - 2014-03-24 21:20 - 00025650 _____ () C:\Windows\WindowsUpdate.log
    2014-03-24 21:18 - 2014-03-24 21:20 - 00000000 ____D () C:\Users\Daugs
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore
    2014-03-24 21:18 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-03-24 21:18 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log
     
    ==================== One Month Modified Files and Folders =======
     
    2014-03-24 23:17 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-24 23:17 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-24 23:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-24 23:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-03-24 21:42 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
    2014-03-24 21:42 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
    2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe
    2014-03-24 21:32 - 2014-03-24 21:32 - 00019111 _____ () C:\Users\Daugs\Downloads\FRST.txt
    2014-03-24 21:32 - 2014-03-24 21:32 - 00000000 ____D () C:\FRST
    2014-03-24 21:27 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google
    2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment
    2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.0
    2014-03-24 21:23 - 2014-03-24 21:23 - 490975017 _____ () C:\Windows\MEMORY.DMP
    2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp
    2014-03-24 21:23 - 2014-03-24 21:23 - 00000000 ____D () C:\Windows\Minidump
    2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-24 21:20 - 2014-03-24 21:18 - 00025650 _____ () C:\Windows\WindowsUpdate.log
    2014-03-24 21:20 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs
    2014-03-24 21:18 - 2014-03-24 21:42 - 00000000 ____D () C:\Windows\Panther
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery
    2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore
    2014-03-24 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
    2014-03-24 21:18 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
    2014-03-24 20:47 - 2009-07-13 23:51 - 00021690 _____ () C:\Windows\setupact.log
    2014-03-24 20:47 - 2009-07-13 23:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log
    2014-03-24 20:45 - 2009-07-13 23:46 - 00001774 _____ () C:\Windows\DtcInstall.log
    2014-03-24 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
    2014-03-24 20:43 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\CSC
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== BCD ================================
     
    Windows Boot Manager
    --------------------
    identifier              {bootmgr}
    device                  partition=\Device\HarddiskVolume1
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    default                 {current}
    resumeobject            {0a7cb8b4-b3c7-11e3-9b1e-814c7fe8d58b}
    displayorder            {current}
    toolsdisplayorder       {memdiag}
    timeout                 30
     
    Windows Boot Loader
    -------------------
    identifier              {current}
    device                  partition=C:
    path                    \Windows\system32\winload.exe
    description             Windows 7
    locale                  en-US
    inherit                 {bootloadersettings}
    recoverysequence        {0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b}
    recoveryenabled         Yes
    osdevice                partition=C:
    systemroot              \Windows
    resumeobject            {0a7cb8b4-b3c7-11e3-9b1e-814c7fe8d58b}
    nx                      OptIn
     
    Windows Boot Loader
    -------------------
    identifier              {0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b}
    device                  ramdisk=[C:]\Recovery\0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b\Winre.wim,{0a7cb8b7-b3c7-11e3-9b1e-814c7fe8d58b}
    path                    \windows\system32\winload.exe
    description             Windows Recovery Environment
    inherit                 {bootloadersettings}
    osdevice                ramdisk=[C:]\Recovery\0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b\Winre.wim,{0a7cb8b7-b3c7-11e3-9b1e-814c7fe8d58b}
    systemroot              \windows
    nx                      OptIn
    winpe                   Yes
     
    Resume from Hibernate
    ---------------------
    identifier              {0a7cb8b4-b3c7-11e3-9b1e-814c7fe8d58b}
    device                  partition=C:
    path                    \Windows\system32\winresume.exe
    description             Windows Resume Application
    locale                  en-US
    inherit                 {resumeloadersettings}
    filedevice              partition=C:
    filepath                \hiberfil.sys
    debugoptionenabled      No
     
    Windows Memory Tester
    ---------------------
    identifier              {memdiag}
    device                  partition=\Device\HarddiskVolume1
    path                    \boot\memtest.exe
    description             Windows Memory Diagnostic
    locale                  en-US
    inherit                 {globalsettings}
    badmemoryaccess         Yes
     
    EMS Settings
    ------------
    identifier              {emssettings}
    bootems                 Yes
     
    Debugger Settings
    -----------------
    identifier              {dbgsettings}
    debugtype               Serial
    debugport               1
    baudrate                115200
     
    RAM Defects
    -----------
    identifier              {badmemory}
     
    Global Settings
    ---------------
    identifier              {globalsettings}
    inherit                 {dbgsettings}
                            {emssettings}
                            {badmemory}
     
    Boot Loader Settings
    --------------------
    identifier              {bootloadersettings}
    inherit                 {globalsettings}
                            {hypervisorsettings}
     
    Hypervisor Settings
    -------------------
    identifier              {hypervisorsettings}
    hypervisordebugtype     Serial
    hypervisordebugport     1
    hypervisorbaudrate      115200
     
    Resume Loader Settings
    ----------------------
    identifier              {resumeloadersettings}
    inherit                 {globalsettings}
     
    Device options
    --------------
    identifier              {0a7cb8b7-b3c7-11e3-9b1e-814c7fe8d58b}
    description             Ramdisk Options
    ramdisksdidevice        partition=C:
    ramdisksdipath          \Recovery\0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b\boot.sdi
     
     
     
    LastRegBack: 2014-03-24 20:42
     
    ==================== End Of Log ============================

    Computer is Already Infected - Suspected Boot File Issue

    in Resolved Malware Removal Logs

    Posted

    Hello CatByte,

     

    I have decided to reformat the hard drive and install a new operating system. I really appreciate all of you help on this I was running the ComboFix software but my system just kept shutting down before I had time to run it. So I got frustrated and I am in the process of pulling all of the data off of the drive that I want so I can reformat and clear the drive completely. This experience has taught me to keep a better eye on my machines so I don't have to do this again.

     

    Thank You,

     

    Paul

    Computer is Already Infected - Suspected Boot File Issue

    in Resolved Malware Removal Logs

    Posted

    Here is the FixLog.txt

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02
    Ran by Daugs at 2014-03-05 21:27:48 Run:1
    Running from C:\Users\Daugs\Desktop
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    start
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=901251890&ir=
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=901251890&ir=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=901251890&ir=
    URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
    SearchScopes: HKCU - {38527D85-B835-4F23-8AA3-7C9930650B4D} URL = http://www.mysearchr...?c=2355&t=01&q={searchTerms}
    SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKCU - {7B3AC98A-5AE8-49F0-B8AD-6F4A47FE4D0C} URL = http://search.condui...urce=45&UM=2&q={searchTerms}
    BHO: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -  No File
    BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
    BHO-x32: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -  No File
    BHO-x32: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
    BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
    BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Daugs\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
    Toolbar: HKLM-x32 - Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Daugs\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    end
     
     
    *****************
     
    HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
    HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
    HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
    HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
    HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38527D85-B835-4F23-8AA3-7C9930650B4D} => Key deleted successfully.
    HKCR\CLSID\{38527D85-B835-4F23-8AA3-7C9930650B4D} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
    HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B3AC98A-5AE8-49F0-B8AD-6F4A47FE4D0C} => Key deleted successfully.
    HKCR\CLSID\{7B3AC98A-5AE8-49F0-B8AD-6F4A47FE4D0C} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
    HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A486DC73-64E3-4F6D-AA16-10B8C2252628} => Key deleted successfully.
    HKCR\CLSID\{A486DC73-64E3-4F6D-AA16-10B8C2252628} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key deleted successfully.
    HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
    HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0} => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{377e5d4d-77e5-476a-8716-7e70a9272da0} => Value deleted successfully.
    HKCR\Wow6432Node\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    C:\Windows\Tasks\Digital Sites.job => Moved successfully.
     
    ==== End of Fixlog ====
     
    What next?
     
    I can run the mbar program now it looks like.

    Computer is Already Infected - Suspected Boot File Issue

    in Resolved Malware Removal Logs

    Posted

    I got the FRST run and but mbar is not running. I am going to still work at getting it run though. Here is the LOG file from FRST

     

     
    FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02
    Ran by Daugs (administrator) on DAUGS-PC on 05-03-2014 21:00:40
    Running from C:\Windows\System32\config\systemprofile\Desktop
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link for 32-Bit version:
    Download link for 64-Bit Version:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
     
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD7F990A695ADCD01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=
    SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
    SearchScopes: HKCU - {38527D85-B835-4F23-8AA3-7C9930650B4D} URL = http://www.mysearchresults.com/search?c=2355&t=01&q={searchTerms}
    SearchScopes: HKCU - {7B3AC98A-5AE8-49F0-B8AD-6F4A47FE4D0C} URL = http://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1QzutC0CyC0FyCyDyEzzzzzzyC0A0ByEyDzztN0D0Tzu0CyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=901251890&ir=
    SearchScopes: HKCU - {A486DC73-64E3-4F6D-AA16-10B8C2252628} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=4CA0B5AA-5F8B-484C-8B29-BD26BA1D8965&apn_sauid=A696E9E0-07FB-4E23-B6B8-4BCBE5246CAF
    BHO: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -  No File
    BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
    BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
    BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: No Name - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -  No File
    BHO-x32: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
    BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Daugs\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
     
    LastRegBack: 2014-02-10 15:37
     
    ==================== End Of Log ============================
     
     
    Addition.txt
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014 02
    Ran by Daugs at 2014-03-05 21:02:47
    Running from C:\Windows\System32\config\systemprofile\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    AV: BullGuard Antivirus (Enabled - Out of date) {C3CCAC61-52F7-A056-1860-6406566E2578}
    AS: BullGuard Antispyware (Enabled - Out of date) {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: BullGuard Firewall (Enabled) {FBF72D44-1898-A10E-333F-CD33A8BD6203}
     
    ==================== Installed Programs ======================
     
     
    ==================== Restore Points  =========================
     
     
    ==================== Hosts content: ==========================
     
    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Daugs\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1587915867-4008423288-1005279028-1001Core.job => C:\Users\Daugs\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1587915867-4008423288-1005279028-1001UA.job => C:\Users\Daugs\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
     
    ==================== Disabled items from MSCONFIG ==============
     
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: SearchProtect => C:\Users\Administrator\AppData\Roaming\SearchProtect\bin\cltmng.exe
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (03/05/2014 09:01:06 PM) (Source: Application Error) (User: )
    Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
    Faulting module name: SHELL32.dll, version: 6.1.7601.18222, time stamp: 0x51f1ddfa
    Exception code: 0xc0000005
    Fault offset: 0x0000000000097c3e
    Faulting process id: 0x109c
    Faulting application start time: 0xwmpnetwk.exe0
    Faulting application path: wmpnetwk.exe1
    Faulting module path: wmpnetwk.exe2
    Report Id: wmpnetwk.exe3
     
    Error: (03/05/2014 09:00:23 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe_nsi, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: IPHLPAPI.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7c6da
    Exception code: 0xc0000005
    Fault offset: 0x0000000000003abc
    Faulting process id: 0x3c4
    Faulting application start time: 0xsvchost.exe_nsi0
    Faulting application path: svchost.exe_nsi1
    Faulting module path: svchost.exe_nsi2
    Report Id: svchost.exe_nsi3
     
    Error: (03/05/2014 09:00:18 PM) (Source: Application Error) (User: )
    Description: Faulting application name: RarExtLoader.exe, version: 3.93.0.0, time stamp: 0x4b9dd387
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x0003867c
    Faulting process id: 0x1598
    Faulting application start time: 0xRarExtLoader.exe0
    Faulting application path: RarExtLoader.exe1
    Faulting module path: RarExtLoader.exe2
    Report Id: RarExtLoader.exe3
     
    Error: (03/05/2014 08:57:12 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: gpsvc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c66a
    Exception code: 0xc0000005
    Fault offset: 0x000000000001873e
    Faulting process id: 0x3dc
    Faulting application start time: 0xsvchost.exe_gpsvc0
    Faulting application path: svchost.exe_gpsvc1
    Faulting module path: svchost.exe_gpsvc2
    Report Id: svchost.exe_gpsvc3
     
    Error: (03/05/2014 08:24:58 PM) (Source: Application Error) (User: )
    Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
    Faulting module name: DEVOBJ.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdee1
    Exception code: 0xc0000005
    Fault offset: 0x0000000000002bfe
    Faulting process id: 0x500
    Faulting application start time: 0xspoolsv.exe0
    Faulting application path: spoolsv.exe1
    Faulting module path: spoolsv.exe2
    Report Id: spoolsv.exe3
     
    Error: (02/27/2014 09:31:57 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Dropbox.exe, version: 2.4.11.0, time stamp: 0x527d91e4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
    Exception code: 0xc0000005
    Fault offset: 0x0005b6ac
    Faulting process id: 0x994
    Faulting application start time: 0xDropbox.exe0
    Faulting application path: Dropbox.exe1
    Faulting module path: Dropbox.exe2
    Report Id: Dropbox.exe3
     
    Error: (02/21/2014 11:07:23 AM) (Source: Application Error) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
    Faulting module name: MMDevAPI.DLL, version: 6.1.7600.16385, time stamp: 0x4a5bdf68
    Exception code: 0xc0000005
    Fault offset: 0x00000000000069be
    Faulting process id: 0x23c
    Faulting application start time: 0xAUDIODG.EXE0
    Faulting application path: AUDIODG.EXE1
    Faulting module path: AUDIODG.EXE2
    Report Id: AUDIODG.EXE3
     
    Error: (02/20/2014 09:52:59 PM) (Source: Application Error) (User: )
    Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
    Faulting module name: RPCRT4.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
    Exception code: 0xc0000005
    Fault offset: 0x00020d80
    Faulting process id: 0xe8c
    Faulting application start time: 0xrundll32.exe0
    Faulting application path: rundll32.exe1
    Faulting module path: rundll32.exe2
    Report Id: rundll32.exe3
     
    Error: (02/20/2014 09:36:41 PM) (Source: Application Error) (User: )
    Description: Faulting application name: CopyAgent.exe, version: 1.42.277.0, time stamp: 0x52f14e97
    Faulting module name: CopyAgent.exe, version: 1.42.277.0, time stamp: 0x52f14e97
    Exception code: 0xc0000005
    Fault offset: 0x00000000001137c2
    Faulting process id: 0x1124
    Faulting application start time: 0xCopyAgent.exe0
    Faulting application path: CopyAgent.exe1
    Faulting module path: CopyAgent.exe2
    Report Id: CopyAgent.exe3
     
    Error: (02/20/2014 09:36:25 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25
    Exception code: 0xc0000005
    Fault offset: 0x0000000000013d3c
    Faulting process id: 0xb98
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
     
     
    System errors:
    =============
    Error: (03/05/2014 09:02:36 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Update service hung on starting.
     
    Error: (03/05/2014 09:02:27 PM) (Source: Service Control Manager) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: 
    %%1056
     
    Error: (03/05/2014 09:01:14 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )
    Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
     
    Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )
    Description: The Diagnostic Service Host service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )
    Description: The Network Store Interface Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
     
    Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
     
    Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Font Cache Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
     
    Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )
    Description: The Function Discovery Provider Host service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/05/2014 09:00:27 PM) (Source: Service Control Manager) (User: )
    Description: The COM+ Event System service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/04/2013 11:22:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 89 seconds with 0 seconds of active time.  This session ended with a crash.
     
    Error: (01/09/2013 03:27:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 212124 seconds with 120 seconds of active time.  This session ended with a crash.
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 13%
    Total physical RAM: 16381.55 MB
    Available physical RAM: 14089.72 MB
    Total Pagefile: 32761.29 MB
    Available Pagefile: 30445.58 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:931.41 GB) (Free:273.63 GB) NTFS
    Drive f: () (Removable) (Total:1.91 GB) (Free:1.9 GB) FAT
     
    ==================== End Of Log ============================
     
    Thanks for the help!
     
    pcdaugs

    Computer is Already Infected - Suspected Boot File Issue

    in Resolved Malware Removal Logs

    Posted

    Hello CatByte,

     

    Thanks for your help with getting my computer cleaned up and I do still need help with it. However I was able to get it to start before you posted the information early. I removed the hard drive and put it into a hard drive enclosure and scanned it with Malwarebyte Pro from my laptop. It clean off 34 object and then I was able to install it back in the desktop and it will now boot to the main user page. Now I am having trouble with getting it to stay on as it will shut down after logging into my main user account. I have downloaded the DDS file from the sticky post to the this forum and I plan to run that and post the log for further help. Probably won’t be able to complete this until Wednesday night. Thank you for checking in and sorry for my delayed response.

     

    Best Regards,

     

    pcdaugs

    Computer is Already Infected - Suspected Boot File Issue

    in Resolved Malware Removal Logs

    Posted

    Hello All,

     

    I have gotten an infected machine and I haven't been able to turn it on without turning off immediately after the tries to boot Windows 7. The only way I have been able to get at my hard drive is by pulling it out of the computer and using it like an external drive on my laptop. I am wondering how you would start cleaning this hard drive for use again. I am not sure how to figure out if the boot file is the issue so I would greatly appreciate some help.

     

    Thanks,

     

    Paul

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.