Jump to content

scvhost.exe removal


rockdoc

Recommended Posts

Using Windows 7 professional. Symptoms include: notifications that Malwarebytes blocked access to a potentially malicious site (206.161.121.126) several times a day; identification of svchost.exe as a Trojan agent during scans but then it reappears; cpu usage far in excess for running tasks (e.g., up to 99% usage on Intel i5 system with 8 gigs of memory) until a scan is done and agents quarantined.

Link to post
Share on other sites

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-12-2012

Ran by SYSTEM at 21-12-2012 16:45:39

Running from F:\

Windows 7 Professional (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-28] (Adobe Systems Incorporated)

HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-09-03] (CANON INC.)

HKLM-x32\...\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5174568 2010-03-08] (Nero AG)

HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()

HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-07] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKU\Administrator\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)

HKU\Jim\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [4950664 2011-06-28] ()

HKU\Jim\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-12-11] (Google Inc.)

HKLM-x32\...\Runonce: [sMRequiresRestart] [x]

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Tcpip\Parameters: [DhcpNameServer] 64.130.80.1 216.167.144.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Services (Whitelisted) ===================

2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()

2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1053184 2012-12-06] (iolo technologies, LLC)

2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1053184 2012-12-06] (iolo technologies, LLC)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)

4 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [103472 2012-06-15] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [378952 2012-11-22] (McAfee, Inc.)

2 mcpltsvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-11-09] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177680 2012-11-09] (McAfee, Inc.)

2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

2 NeroMediaHomeService.4; "C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe" [517416 2010-03-08] (Nero AG)

4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [87344 2009-10-07] (Prolific Technology Inc.)

2 WDFME; "C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe" [1034752 2010-09-08] ()

2 WDSC; "C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe" [485376 2010-09-08] ()

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)

1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-03-29] (EldoS Corporation)

3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)

3 L6TPortA; C:\Windows\SysWow64\Drivers\L6TPortA.sys [393216 2005-12-09] (Line 6)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)

2 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [74120 2012-10-19] (McAfee, Inc.)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)

3 mfencbdc; C:\Windows\System32\Drivers\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)

3 mfencrk; C:\Windows\System32\Drivers\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)

1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]

3 mfeavfk01; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-20 19:48 - 2012-12-20 19:48 - 00000000 ____D C:\Program Files\eLicenser

2012-12-20 19:47 - 2012-12-20 19:47 - 26104568 ____A C:\Users\Jim\Downloads\eLicenserControlSetup.exe

2012-12-19 16:18 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-12-18 17:26 - 2012-12-18 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-18 17:22 - 2012-12-18 17:22 - 00000000 ____D C:\Users\Jim\AppData\Local\Wajam

2012-12-14 14:17 - 2012-12-06 22:42 - 02155248 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll

2012-12-14 09:40 - 2012-12-14 09:40 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-12-12 02:08 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-12-12 02:08 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-12-12 02:08 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-12-12 02:08 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-12-12 02:08 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-12-12 02:08 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-12-12 02:08 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-12-12 02:08 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-12-12 02:08 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-12-12 02:08 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-12-12 02:08 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-12-12 02:08 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-12-12 02:08 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-12-12 02:08 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-12-12 02:08 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-12-12 02:08 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-12-12 02:08 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-12-12 02:08 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-12-12 02:08 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-12-12 02:08 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-12-12 02:08 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-12-12 02:08 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-12-12 02:08 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-12-12 02:08 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-12-12 02:08 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-12-12 02:08 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-12-12 02:08 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-12-12 02:08 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-12-12 02:08 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-12-12 02:08 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-12-12 02:08 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-12-12 02:08 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-12-11 23:13 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-12-11 23:13 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-12-11 23:13 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-12-11 23:13 - 2012-11-05 13:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-11 23:13 - 2012-11-05 12:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-11 23:13 - 2012-11-05 12:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-11 23:13 - 2012-11-05 12:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-11 23:12 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-12-11 23:12 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-12-11 23:12 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-12-11 23:12 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-12-11 23:12 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-12-11 23:12 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-12-11 23:12 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-12-11 23:12 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-12-11 23:12 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-12-11 23:12 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-12-11 23:12 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-12-11 23:12 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-12-11 23:12 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-12-11 23:12 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-12-11 23:11 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

2012-12-11 23:11 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

2012-12-02 22:08 - 2012-12-21 13:46 - 00001844 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk

2012-12-02 22:07 - 2012-12-19 16:20 - 00000000 __RSD C:\Users\Jim\Documents\McAfee Vaults

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Users\Jim\AppData\Local\McAfee File Lock

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files (x86)\McAfeeMOBK

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup

2012-12-02 22:07 - 2012-10-19 08:51 - 00074120 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys

2012-12-02 22:07 - 2012-05-28 09:28 - 00197264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys

2012-12-02 22:07 - 2010-04-13 19:10 - 00066040 ____A (Mozy, Inc.) C:\Windows\System32\Drivers\MOBK.sys

2012-12-02 22:06 - 2012-12-02 22:06 - 00000000 ____D C:\Program Files (x86)\McAfee.com

2012-12-02 22:04 - 2012-12-18 17:43 - 00000000 ____D C:\Program Files (x86)\McAfee

2012-12-02 22:04 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files\McAfee

2012-12-02 22:04 - 2012-12-02 22:04 - 00000000 ____D C:\Program Files\McAfee.com

2012-12-02 21:52 - 2012-11-09 05:37 - 00177680 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe

2012-12-02 21:51 - 2012-12-03 15:07 - 00000000 ____D C:\Users\All Users\McAfee

2012-12-02 21:51 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files\Common Files\McAfee

2012-12-02 21:30 - 2012-12-02 21:30 - 03177840 ____A (McAfee, Inc.) C:\Users\Jim\Downloads\MCPR.exe

2012-11-26 21:51 - 2012-11-26 21:51 - 00000000 ____D C:\Users\Jim\AppData\Roaming\McAfee

2012-11-26 21:47 - 2012-11-26 21:47 - 00526800 ____A (McAfee, Inc.) C:\Users\Jim\Downloads\MVTInstaller.exe

==================== One Month Modified Files and Folders =======

2012-12-21 15:34 - 2009-12-11 08:29 - 01100772 ____A C:\Windows\WindowsUpdate.log

2012-12-21 15:32 - 2009-12-12 16:52 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-12-21 15:25 - 2012-04-05 16:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-12-21 15:25 - 2011-02-17 20:34 - 00217719 ____A C:\Windows\setupact.log

2012-12-21 13:46 - 2012-12-02 22:08 - 00001844 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk

2012-12-21 10:59 - 2009-12-13 14:22 - 00000000 ____D C:\Users\Jim\Excel

2012-12-20 21:14 - 2009-12-13 14:31 - 00000000 ____D C:\Users\Jim\Word

2012-12-20 19:48 - 2012-12-20 19:48 - 00000000 ____D C:\Program Files\eLicenser

2012-12-20 19:48 - 2011-04-05 18:57 - 00000051 ____A C:\Windows\SysWOW64\SYNSOPOS.exe.cfg

2012-12-20 19:48 - 2011-04-05 18:57 - 00000000 ____D C:\Users\All Users\eLicenser

2012-12-20 19:48 - 2011-04-05 18:57 - 00000000 ____D C:\Program Files (x86)\eLicenser

2012-12-20 19:48 - 2009-12-17 20:48 - 00223238 ____A C:\Windows\DPINST.LOG

2012-12-20 19:47 - 2012-12-20 19:47 - 26104568 ____A C:\Users\Jim\Downloads\eLicenserControlSetup.exe

2012-12-20 18:51 - 2009-12-12 16:52 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-20 09:48 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp

2012-12-19 17:20 - 2012-08-14 15:09 - 00000000 ____D C:\Windows\Minidump

2012-12-19 17:20 - 2009-12-11 20:45 - 00000000 ____D C:\Users\All Users\NVIDIA

2012-12-19 16:30 - 2009-07-13 20:45 - 00015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-19 16:30 - 2009-07-13 20:45 - 00015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-19 16:20 - 2012-12-02 22:07 - 00000000 __RSD C:\Users\Jim\Documents\McAfee Vaults

2012-12-19 16:16 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-19 13:58 - 2009-12-11 20:06 - 00471636 ____A C:\Windows\PFRO.log

2012-12-18 19:15 - 2012-12-18 17:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-18 18:43 - 2010-02-25 20:44 - 00000000 ____D C:\Users\Jim\AppData\Local\Unity

2012-12-18 17:43 - 2012-12-02 22:04 - 00000000 ____D C:\Program Files (x86)\McAfee

2012-12-18 17:42 - 2012-05-06 14:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-12-18 17:42 - 2009-12-12 16:25 - 00000000 ____D C:\Users\All Users\iolo

2012-12-18 17:22 - 2012-12-18 17:22 - 00000000 ____D C:\Users\Jim\AppData\Local\Wajam

2012-12-18 17:22 - 2009-12-11 19:57 - 00000000 ____D C:\Users\Jim\AppData\Local\Google

2012-12-18 16:42 - 2009-07-13 21:13 - 00743816 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-17 08:51 - 2009-12-11 19:51 - 00000000 ____D C:\Users\All Users\Adobe

2012-12-14 14:17 - 2009-12-28 23:16 - 00002219 ____A C:\Users\Jim\Desktop\System Mechanic.lnk

2012-12-14 10:19 - 2009-12-11 19:51 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Adobe

2012-12-14 09:40 - 2012-12-14 09:40 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-12-14 09:38 - 2009-12-11 19:51 - 00000000 ____D C:\Program Files (x86)\Adobe

2012-12-14 09:37 - 2009-12-11 19:51 - 00000000 ____D C:\Users\Jim\AppData\Local\Adobe

2012-12-13 14:39 - 2011-12-27 00:50 - 00000000 ____D C:\Users\All Users\CanonIJ

2012-12-13 14:39 - 2011-12-27 00:40 - 00000000 ____D C:\Users\All Users\CanonIJPLM

2012-12-12 13:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2012-12-12 02:57 - 2009-07-13 20:45 - 00423016 ____A C:\Windows\System32\FNTCACHE.DAT

2012-12-12 02:39 - 2009-12-12 12:04 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-12-12 02:36 - 2009-12-12 15:33 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-12-12 00:17 - 2012-04-05 16:28 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-12-12 00:17 - 2011-05-23 18:58 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-12-11 23:47 - 2012-08-05 12:24 - 00000000 ____D C:\users\Administrator

2012-12-11 23:46 - 2010-09-30 17:24 - 00000000 ____D C:\Windows\System32\Macromed

2012-12-11 23:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2012-12-11 23:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2012-12-11 23:02 - 2009-12-11 19:32 - 00000000 ____D C:\users\Jim

2012-12-11 22:49 - 2010-12-20 22:41 - 00000000 ____D C:\users\NeroMediaHomeUser.4

2012-12-07 15:48 - 2011-04-05 18:57 - 01714176 ____A (Steinberg Media Technologies GmbH) C:\Windows\System32\synsoacc.dll

2012-12-07 15:48 - 2011-04-05 18:57 - 01277952 ____A (Steinberg Media Technologies GmbH) C:\Windows\SysWOW64\SYNSOACC.dll

2012-12-06 22:58 - 2009-12-12 16:30 - 00057144 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe

2012-12-06 22:57 - 2009-12-12 16:30 - 00025744 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe

2012-12-06 22:42 - 2012-12-14 14:17 - 02155248 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll

2012-12-06 22:42 - 2011-06-15 06:41 - 02097032 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll

2012-12-03 15:07 - 2012-12-02 21:51 - 00000000 ____D C:\Users\All Users\McAfee

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Users\Jim\AppData\Local\McAfee File Lock

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files (x86)\McAfeeMOBK

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup

2012-12-02 22:07 - 2012-12-02 22:04 - 00000000 ____D C:\Program Files\McAfee

2012-12-02 22:07 - 2012-12-02 21:51 - 00000000 ____D C:\Program Files\Common Files\McAfee

2012-12-02 22:06 - 2012-12-02 22:06 - 00000000 ____D C:\Program Files (x86)\McAfee.com

2012-12-02 22:04 - 2012-12-02 22:04 - 00000000 ____D C:\Program Files\McAfee.com

2012-12-02 21:30 - 2012-12-02 21:30 - 03177840 ____A (McAfee, Inc.) C:\Users\Jim\Downloads\MCPR.exe

2012-12-02 18:31 - 2012-08-05 12:54 - 00000000 ____D C:\Program Files\CCleaner

2012-11-30 19:38 - 2012-09-19 18:44 - 00000000 ____D C:\DVD Shrink

2012-11-30 19:37 - 2009-12-12 21:39 - 00000000 ____D C:\Users\All Users\DVD Shrink

2012-11-29 20:47 - 2012-09-19 19:41 - 00000983 ____A C:\Users\UpdatusUser\Desktop\DVD Shrink 3.2.lnk

2012-11-29 20:47 - 2012-09-19 19:41 - 00000983 ____A C:\Users\NeroMediaHomeUser.4\Desktop\DVD Shrink 3.2.lnk

2012-11-29 20:47 - 2012-09-19 19:41 - 00000983 ____A C:\Users\Jim\Desktop\DVD Shrink 3.2.lnk

2012-11-29 20:47 - 2012-09-19 19:41 - 00000983 ____A C:\Users\Administrator\Desktop\DVD Shrink 3.2.lnk

2012-11-29 20:47 - 2012-09-19 18:39 - 00000000 ____D C:\Program Files (x86)\DVD Shrink

2012-11-26 21:51 - 2012-11-26 21:51 - 00000000 ____D C:\Users\Jim\AppData\Roaming\McAfee

2012-11-26 21:47 - 2012-11-26 21:47 - 00526800 ____A (McAfee, Inc.) C:\Users\Jim\Downloads\MVTInstaller.exe

2012-11-24 13:25 - 2009-12-13 15:19 - 00000000 ____D C:\Users\Jim\Powerpoint

2012-11-21 19:26 - 2012-12-11 23:13 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

ATTENTION: ========> Check for possible partition/boot infection:

C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-16 02:00:35

Restore point made on: 2012-12-17 02:00:40

Restore point made on: 2012-12-18 02:00:22

Restore point made on: 2012-12-18 18:41:05

Restore point made on: 2012-12-19 02:00:42

Restore point made on: 2012-12-19 16:14:19

Restore point made on: 2012-12-20 02:00:43

Restore point made on: 2012-12-21 02:00:33

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8182.3 MB

Available physical RAM: 7358.63 MB

Total Pagefile: 8180.45 MB

Available Pagefile: 7357.67 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:331.57 GB) NTFS

3 Drive f: () (Removable) (Total:1.85 GB) (Free:1.17 GB) FAT

4 Drive g: (My Passport) (Fixed) (Total:465.73 GB) (Free:272.98 GB) NTFS

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 1907 MB 0 B

Disk 2 Online 465 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1903 MB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0E

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT Removable 1903 MB Healthy

=========================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 2

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G My Passport NTFS Partition 465 GB Healthy

=========================================================

Last Boot: 2012-12-15 02:33

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

Please make sure you do all the steps in the order they are written.

  1. For 64bit systems, download Listparts64 and save it to your flashdrive
  2. Download fix.txt
    Save it to your flash drive.
  3. Please download FixList.txt
    Save it to your flash drive.
  4. Boot to System Recovery Options and select "Command Prompt".
    Run FRST64 and press the fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it later on to your reply. You may close the tool.
  5. While still in the recovery environment run ListParts by typing f:\listparts64 in the command prompt and pressing Enter
    Click Fix. Close the pop up after the fix is done.
  6. Please restart, let it boot normally and then post the FixLog.txt

NEXT

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Here are the two text files. I followed the steps exadctly and made it through the first six steps and when I tried to reboot the computer won't restart. I've tried the automatic startup repair with no luck. I'm trying a couple of other ideas, but as of now it can't complete the startup. Fortunately I have a laptop available to send this reply.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-12-2012

Ran by SYSTEM at 2012-12-22 20:29:13 Run:1

Running from F:\Computer Repair

==============================================

C:\Windows\svchost.exe moved successfully.

==== End of Fixlog ====

Script used: "Disk=0 partition=1 inactive"

Script used: "Disk=0 partition=1 active"

Script used: "Disk=0 partition=1 inactive"

Script used: "Disk=0 partition=1 active"

Link to post
Share on other sites

  • Staff

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
TDL4: custom:26000022
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

O.K., thanks. The system is rebooted. The log is pasted below. Should I proceed with CombiFix or wait?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-12-2012

Ran by SYSTEM at 2012-12-22 22:59:28 Run:2

Running from G:\

==============================================

The operation completed successfully.

The operation completed successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Here is the log:

ComboFix 12-12-23.01 - Jim 12/23/2012 11:55:05.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8182.6471 [GMT -7:00]

Running from: c:\users\Jim\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Jim\powerpoint

c:\users\Jim\powerpoint\A and P\Chapter 2 Chemical Basics of life.ppt

c:\users\Jim\powerpoint\A and P\Circulation.ppt

c:\users\Jim\powerpoint\A and P\Digestive tract.ppt

c:\users\Jim\powerpoint\A and P\Endocrine System.ppt

c:\users\Jim\powerpoint\A and P\Heart.ppt

c:\users\Jim\powerpoint\A and P\Lecture 7 - Axial Skeleton0.ppt

c:\users\Jim\powerpoint\A and P\Lecture 7 - Axial Skeleton1.ppt

c:\users\Jim\powerpoint\A and P\Muscle Anatomy.ppt

c:\users\Jim\powerpoint\A and P\Muscle Physiology Chapter 7.ppt

c:\users\Jim\powerpoint\A and P\Nervous system.ppt

c:\users\Jim\powerpoint\A and P\Respiration.ppt

c:\users\Jim\powerpoint\A and P\Senses.ppt

c:\users\Jim\powerpoint\A and P\Skeletal Muslces0.doc

c:\users\Jim\powerpoint\A and P\The Human Organism Chapter 1.ppt

c:\users\Jim\powerpoint\A and P\Urinary system.ppt

c:\users\Jim\powerpoint\Forensic Geology.pptx

c:\users\Jim\powerpoint\LCPB.ppt

c:\users\Jim\powerpoint\Physical Sciences Green and Silver View 2011.pptx

c:\users\Jim\powerpoint\vultures.ppsx

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

c:\windows\wininit.ini

E:\setup.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-23 to 2012-12-23 )))))))))))))))))))))))))))))))

.

.

2012-12-23 10:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-23 10:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-23 10:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-23 10:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-22 00:45 . 2012-12-22 00:45 -------- d-----w- C:\FRST

2012-12-21 03:48 . 2012-12-21 03:48 -------- d-----w- c:\program files\eLicenser

2012-12-19 01:22 . 2012-12-19 01:22 -------- d-----w- c:\users\Jim\AppData\Local\Wajam

2012-12-14 22:17 . 2012-12-07 06:42 2155248 ----a-w- c:\windows\system32\Incinerator64.dll

2012-12-14 17:40 . 2012-12-14 17:40 -------- d-----w- c:\program files (x86)\QuickTime

2012-12-12 07:13 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 07:13 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 07:13 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 07:11 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 07:11 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-03 06:07 . 2012-05-28 17:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys

2012-12-03 06:07 . 2012-12-03 06:07 -------- d-----w- c:\users\Jim\AppData\Local\McAfee File Lock

2012-12-03 06:07 . 2012-10-19 16:51 74120 ----a-w- c:\windows\system32\drivers\McPvDrv.sys

2012-12-03 06:07 . 2010-04-14 03:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys

2012-12-03 06:07 . 2012-12-03 06:07 -------- d-----w- c:\program files (x86)\McAfee Online Backup

2012-12-03 06:06 . 2012-12-03 06:06 -------- d-----w- c:\program files (x86)\Common Files\McAfee

2012-12-03 06:04 . 2012-12-03 06:07 -------- d-----w- c:\program files\McAfee

2012-12-03 06:04 . 2012-12-19 01:43 -------- d-----w- c:\program files (x86)\McAfee

2012-12-03 05:52 . 2012-11-09 13:37 177680 ----a-w- c:\windows\system32\mfevtps.exe

2012-12-03 05:51 . 2012-12-03 06:07 -------- d-----w- c:\program files\Common Files\McAfee

2012-12-03 05:51 . 2012-12-03 23:07 -------- d-----w- c:\programdata\McAfee

2012-12-01 01:54 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1CDEAEA-ACC0-4CD6-BAD4-171F432C90FA}\mpengine.dll

2012-11-27 05:51 . 2012-11-27 05:51 -------- d-----w- c:\users\Jim\AppData\Roaming\McAfee

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 10:36 . 2009-12-12 23:33 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-12 08:17 . 2012-04-06 00:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 08:17 . 2011-05-24 02:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-07 06:58 . 2009-12-13 00:30 57144 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-12-07 06:57 . 2009-12-13 00:30 25744 ----a-w- c:\windows\system32\smrgdf.exe

2012-12-07 06:42 . 2011-06-15 14:41 2097032 ----a-w- c:\windows\SysWow64\Incinerator32.dll

2012-11-09 13:40 . 2012-10-29 15:30 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 13:37 . 2012-10-29 15:27 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-11-09 13:35 . 2012-10-29 15:25 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 13:34 . 2012-10-29 15:24 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 13:34 . 2012-10-29 15:23 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 13:33 . 2012-10-29 15:23 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-11-02 08:46 . 2012-11-02 08:46 97208 ----a-w- c:\windows\system32\drivers\mfencrk.sys

2012-11-02 08:46 . 2012-11-02 08:46 328976 ----a-w- c:\windows\system32\drivers\mfencbdc.sys

2012-11-02 08:46 . 2012-11-02 08:46 10544 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys

2012-10-31 22:10 . 2012-10-31 22:10 829264 ----a-w- c:\windows\system32\msvcr100.dll

2012-10-31 22:10 . 2012-10-31 22:10 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll

2012-10-31 22:10 . 2012-10-31 22:10 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2012-10-31 22:10 . 2012-10-31 22:10 158536 ----a-w- c:\windows\system32\atl100.dll

2012-10-31 22:10 . 2012-10-31 22:10 138056 ----a-w- c:\windows\SysWow64\atl100.dll

2012-10-16 08:38 . 2012-11-27 20:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 20:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 20:14 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-11 03:23 . 2012-10-11 03:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-11 03:23 . 2012-10-11 03:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-11 03:23 . 2012-10-11 03:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-11 03:23 . 2012-10-11 03:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-11 03:23 . 2012-10-11 03:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-11 03:23 . 2012-10-11 03:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-11 03:23 . 2012-10-11 03:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-11 03:23 . 2009-12-12 04:44 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-11 03:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-11 03:23 . 2012-10-11 03:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-11 03:23 . 2012-10-11 03:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-11 03:23 . 2012-10-11 03:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-11 03:23 . 2012-03-13 15:57 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-10-11 03:22 . 2012-03-13 15:57 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-11 03:22 . 2012-10-11 03:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-11 03:22 . 2012-03-13 15:57 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-11 03:22 . 2012-10-11 03:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-11 03:22 . 2012-10-11 03:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-11 03:22 . 2012-10-11 03:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-11 03:22 . 2012-10-11 03:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-11 03:22 . 2012-10-11 03:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-09 18:17 . 2012-11-16 14:30 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 14:30 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 14:30 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 14:30 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 07:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-16 14:29 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-16 14:29 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-16 14:29 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-16 14:29 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-16 14:29 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-16 14:29 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-16 14:29 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-16 14:29 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 14:29 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-16 14:29 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-16 14:29 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-10-02 19:51 . 2011-02-23 07:39 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-10-02 19:51 . 2011-02-23 07:39 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-02 19:50 . 2011-07-09 18:33 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-10-02 19:50 . 2011-02-23 07:38 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-02 19:50 . 2011-02-23 07:38 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-10-02 19:50 . 2009-11-21 04:31 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-10-02 19:15 . 2012-10-02 19:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-09-30 01:54 . 2012-09-23 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 22:47 . 2012-11-16 14:24 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-16 14:25 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-12 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]

"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]

"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-11 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-12-07 1053184]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]

R3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA64.sys [2010-03-09 894336]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]

R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]

R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-03-29 31432]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]

S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-12-07 1053184]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-10-19 74120]

S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]

S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]

S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-07-18 82160]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]

S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]

S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-06-22 273072]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]

S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 08:18]

.

2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 00:52]

.

2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13 00:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://academic.enmu.edu/constanj/index.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: line6.net

TCP: DhcpNameServer = 64.130.80.1 216.167.144.1

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,

23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,

79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:ce,6a,7a,1e,3a,7b,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-23 12:03:06

ComboFix-quarantined-files.txt 2012-12-23 19:03

.

Pre-Run: 358,887,964,672 bytes free

Post-Run: 358,629,470,208 bytes free

.

- - End Of File - - E8C02960AA4613E58403029CA2E46685

Link to post
Share on other sites

  • Staff

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

Here are the logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.2.4 (12.21.2012:3)

OS: Windows 7 Professional x64

Ran by Jim on Mon 12/24/2012 at 13:54:40.57

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\wajam

Successfully deleted: [Registry Key] hkey_local_machine\software\wajam

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

Successfully deleted: [File] C:\Users\Jim\appdata\local\{8ECC38CF-DEA0-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\Jim\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Jim\appdata\local\wajam"

Successfully deleted: [Folder] "C:\Users\Jim\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Users\Jim\AppData\Roaming\microsoft\windows\start menu\programs\system progressive protection"

Successfully deleted: [Folder] C:\Users\Jim\appdata\local\{8ECC38CF-DEA0-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]

Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"

~~~ FireFox

Successfully deleted: [File] C:\Users\Jim\AppData\Roaming\mozilla\firefox\profiles\k31bzrz9.default\user.js

Successfully deleted: [File] C:\Users\Jim\AppData\Roaming\mozilla\firefox\profiles\k31bzrz9.default\searchplugins\conduit.xml

Successfully deleted: [File] C:\Users\Jim\AppData\Roaming\mozilla\firefox\profiles\k31bzrz9.default\searchplugins\search-here.xml

Successfully deleted: [Folder] C:\Users\Jim\AppData\Roaming\mozilla\firefox\profiles\k31bzrz9.default\conduitcommon

Successfully deleted the following from C:\Users\Jim\AppData\Roaming\mozilla\firefox\profiles\k31bzrz9.default\prefs.js

user_pref("CT2418376..clientLogIsEnabled", true);

user_pref("CT2418376..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

user_pref("CT2418376..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

user_pref("CT2418376.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

user_pref("CT2418376.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");

user_pref("CT2418376.CTID", "CT2418376");

user_pref("CT2418376.CurrentServerDate", "3-1-2012");

user_pref("CT2418376.DSInstall", true);

user_pref("CT2418376.DialogsAlignMode", "LTR");

user_pref("CT2418376.DialogsGetterLastCheckTime", "Tue Jan 03 2012 13:44:32 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.DownloadReferralCookieData", "");

user_pref("CT2418376.ExternalComponentPollDate5694225620172914022", "Tue Jan 03 2012 13:44:32 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.FirstServerDate", "3-1-2012");

user_pref("CT2418376.FirstTime", true);

user_pref("CT2418376.FirstTimeFF3", true);

user_pref("CT2418376.FixPageNotFoundErrors", true);

user_pref("CT2418376.GroupingServerCheckInterval", 1440);

user_pref("CT2418376.GroupingServiceUrl", "http://grouping.services.conduit.com/");

user_pref("CT2418376.HPInstall", false);

user_pref("CT2418376.HasUserGlobalKeys", true);

user_pref("CT2418376.HomePageProtectorEnabled", false);

user_pref("CT2418376.HomepageBeforeUnload", "http://academic.enmu.edu/constanj/index.html");

user_pref("CT2418376.Initialize", true);

user_pref("CT2418376.InitializeCommonPrefs", true);

user_pref("CT2418376.InstallationAndCookieDataSentCount", 1);

user_pref("CT2418376.InstallationId", "ConduitNSISIntegration");

user_pref("CT2418376.InstallationType", "ConduitXPEIntegration");

user_pref("CT2418376.InstalledDate", "Tue Jan 03 2012 13:44:32 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.IsGrouping", false);

user_pref("CT2418376.IsInitSetupIni", true);

user_pref("CT2418376.IsMulticommunity", false);

user_pref("CT2418376.IsOpenThankYouPage", false);

user_pref("CT2418376.IsOpenUninstallPage", false);

user_pref("CT2418376.IsProtectorsInit", true);

user_pref("CT2418376.LanguagePackLastCheckTime", "Tue Jan 03 2012 13:44:33 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.LanguagePackReloadIntervalMM", 1440);

user_pref("CT2418376.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");

user_pref("CT2418376.LastLogin_3.8.1.0", "Tue Jan 03 2012 13:44:33 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.LatestVersion", "3.8.1.0");

user_pref("CT2418376.Locale", "en");

user_pref("CT2418376.MCDetectTooltipHeight", "83");

user_pref("CT2418376.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

user_pref("CT2418376.MCDetectTooltipWidth", "295");

user_pref("CT2418376.MyStuffEnabledAtInstallation", true);

user_pref("CT2418376.OriginalFirstVersion", "3.8.1.0");

user_pref("CT2418376.SearchCaption", "PageRage Customized Web Search");

user_pref("CT2418376.SearchEngineBeforeUnload", "PageRage Customized Web Search");

user_pref("CT2418376.SearchFromAddressBarIsInit", true);

user_pref("CT2418376.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=2&q=");

user_pref("CT2418376.SearchInNewTabEnabled", true);

user_pref("CT2418376.SearchInNewTabIntervalMM", 1440);

user_pref("CT2418376.SearchInNewTabLastCheckTime", "Tue Jan 03 2012 13:44:34 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

user_pref("CT2418376.SearchInNewTabUsageUrl", "http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");

user_pref("CT2418376.SearchProtectorEnabled", true);

user_pref("CT2418376.SearchProtectorToolbarDisabled", false);

user_pref("CT2418376.SendProtectorDataViaLogin", true);

user_pref("CT2418376.ServiceMapLastCheckTime", "Tue Jan 03 2012 13:44:31 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.SettingsLastCheckTime", "Tue Jan 03 2012 13:44:31 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.SettingsLastUpdate", "1325073194");

user_pref("CT2418376.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2418376&SearchSource=13");

user_pref("CT2418376.ThirdPartyComponentsInterval", 504);

user_pref("CT2418376.ThirdPartyComponentsLastCheck", "Tue Jan 03 2012 13:44:31 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.ThirdPartyComponentsLastUpdate", "1312887586");

user_pref("CT2418376.ToolbarShrinkedFromSetup", false);

user_pref("CT2418376.TrusteLinkUrl", "http://trust.conduit.com/CT2418376");

user_pref("CT2418376.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com

user_pref("CT2418376.UserID", "UN45092265625115070");

user_pref("CT2418376.alertChannelId", "812740");

user_pref("CT2418376.autoDisableScopes", -1);

user_pref("CT2418376.backendstorage.for_aoi", "31333235363233343738");

user_pref("CT2418376.backendstorage.for_ccid", "506F7274616C6573");

user_pref("CT2418376.backendstorage.for_cid", "5553");

user_pref("CT2418376.backendstorage.for_ip", "36342E3133302E38352E313333");

user_pref("CT2418376.backendstorage.for_lcut", "31333235363233343738");

user_pref("CT2418376.backendstorage.for_rid", "4E4D");

user_pref("CT2418376.backendstorage.for_zoneid", "39363439");

user_pref("CT2418376.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP

user_pref("CT2418376.globalFirstTimeInfoLastCheckTime", "Tue Jan 03 2012 13:44:33 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.homepageProtectorEnableByLogin", true);

user_pref("CT2418376.initDone", true);

user_pref("CT2418376.isAppTrackingManagerOn", true);

user_pref("CT2418376.myStuffEnabled", true);

user_pref("CT2418376.myStuffPublihserMinWidth", 400);

user_pref("CT2418376.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

user_pref("CT2418376.myStuffServiceIntervalMM", 1440);

user_pref("CT2418376.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

user_pref("CT2418376.revertSettingsEnabled", false);

user_pref("CT2418376.searchProtectorDialogDelayInSec", 10);

user_pref("CT2418376.searchProtectorEnableByLogin", true);

user_pref("CT2418376.testingCtid", "");

user_pref("CT2418376.toolbarAppMetaDataLastCheckTime", "Tue Jan 03 2012 13:44:32 GMT-0700 (Mountain Standard Time)");

user_pref("CT2418376.toolbarContextMenuLastCheckTime", "Tue Jan 03 2012 13:44:33 GMT-0700 (Mountain Standard Time)");

user_pref("CommunityToolbar.ConduitSearchList", "PageRage Customized Web Search");

user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2418376/CT2418376", "\"1325073195\"");

user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/812740/808552/US", "\"0\"");

user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2418376", "\"1280178498\"");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");

user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");

user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");

user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");

user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2418376", "\"7043fff7ebd57e7e1acd25907e78e9ea\"");

user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"dbff24cb6381b84c110a44581d65040e\"");

user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jim\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\k31bzrz9.default\\conduitCommon\\modules\\3.8.1.0");

user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");

user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

user_pref("CommunityToolbar.ToolbarsList", "CT2418376");

user_pref("CommunityToolbar.ToolbarsList2", "CT2418376");

user_pref("CommunityToolbar.ToolbarsList4", "CT2418376");

user_pref("CommunityToolbar.globalUserId", "ea4c4402-ee00-468f-ac23-c41f17cb6a05");

user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jan 03 2012 13:44:33 GMT-0700 (Mountain Standard Time)");

user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);

user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jan 03 2012 13:44:42 GMT-0700 (Mountain Standard Time)");

user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");

user_pref("CommunityToolbar.notifications.locale", "en");

user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jan 03 2012 13:44:32 GMT-0700 (Mountain Standard Time)");

user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");

user_pref("CommunityToolbar.notifications.showTrayIcon", false);

user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

user_pref("CommunityToolbar.notifications.userId", "ccd914af-1a42-477d-beb8-f5af1257a506");

user_pref("CommunityToolbar.originalHomepage", "http://academic.enmu.edu/constanj/index.html");

user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");

user_pref("browser.search.defaultthis.engineName", "PageRage Customized Web Search");

user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}");

user_pref("extensions.crossriderapp21802.adsOldValue", 14);

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 12/24/2012 at 14:03:07.74

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.102 - Logfile created 12/24/2012 at 14:10:09

# Updated 23/12/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Jim - OFFICE

# Boot Mode : Normal

# Running from : C:\Users\Jim\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\k31bzrz9.default\prefs.js

Deleted : user_pref("CT2418376.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2418376/CT2418376[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/812740/808552/US", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2418376", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2418376",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dbf[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jim\\AppData\\Roaming\\Mozilla\\Fir[...]

*************************

AdwCleaner[s1].txt - [2732 octets] - [24/12/2012 14:10:09]

########## EOF - C:\AdwCleaner[s1].txt - [2792 octets] ##########

2012/12/24 14:12:19 -0700 OFFICE Jim MESSAGE Starting protection

2012/12/24 14:12:19 -0700 OFFICE Jim MESSAGE Protection started successfully

2012/12/24 14:12:19 -0700 OFFICE Jim MESSAGE Starting IP protection

2012/12/24 14:12:19 -0700 OFFICE Jim ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

2012/12/24 14:18:41 -0700 OFFICE Jim MESSAGE Starting database refresh

2012/12/24 14:18:43 -0700 OFFICE Jim MESSAGE Database refreshed successfully

2012/12/24 14:35:16 -0700 OFFICE Jim MESSAGE Starting protection

2012/12/24 14:35:22 -0700 OFFICE Jim MESSAGE Protection started successfully

2012/12/24 14:35:22 -0700 OFFICE Jim MESSAGE Starting IP protection

2012/12/24 14:35:22 -0700 OFFICE Jim ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

C:\Users\Administrator\AppData\Local\{8ECC38CF-DEA0-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan

C:\Users\Jim\AppData\Local\Temp\2jfuweif.exe Win32/Adware.SystemSecurity.AL application

C:\Users\Jim\AppData\Local\Temp\WNKMC.exe a variant of Win32/Injector.AANL trojan

C:\Users\Jim\AppData\Local\Temp\~!#FFCE.tmp Win32/Adware.SystemSecurity.AL application

C:\Users\Jim\AppData\Roaming\upsxy.dll a variant of Win32/Medfos.HE trojan

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4a1d433b-26ccd3bc a variant of Java/Exploit.CVE-2012-5076.B trojan

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4a1d433b-26ccd3bc a variant of Java/Exploit.CVE-2012-5076.B trojan

E:\OFFICE\Backup Set 2012-12-02 030031\Backup Files 2012-12-02 030031\Backup files 5.zip JS/Redirector.NIQ trojan

E:\OFFICE\Backup Set 2012-12-02 030031\Backup Files 2012-12-02 030031\Backup files 7.zip JS/Redirector.NIQ trojan

E:\OFFICE\Backup Set 2012-12-16 020002\Backup Files 2012-12-16 020002\Backup files 5.zip JS/Redirector.NIQ trojan

E:\OFFICE\Backup Set 2012-12-16 020002\Backup Files 2012-12-16 020002\Backup files 7.zip JS/Redirector.NIQ trojan

E:\OFFICE\Backup Set 2012-12-23 030044\Backup Files 2012-12-23 030044\Backup files 5.zip JS/Redirector.NIQ trojan

E:\OFFICE\Backup Set 2012-12-23 030044\Backup Files 2012-12-23 030044\Backup files 6.zip JS/Redirector.NIQ trojan

Operating memory a variant of Win32/Medfos.HE trojan

Link to post
Share on other sites

Here is the results of the last Malware scan

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.24.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jim :: OFFICE [administrator]

Protection: Enabled

12/25/2012 8:25:08 PM

mbam-log-2012-12-25 (20-25-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 299057

Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


File::
C:\Users\Administrator\AppData\Local\{8ECC38CF-DEA0-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul
C:\Users\Jim\AppData\Local\Temp\2jfuweif.exe
C:\Users\Jim\AppData\Local\Temp\WNKMC.exe
C:\Users\Jim\AppData\Local\Temp\~!#FFCE.tmp
C:\Users\Jim\AppData\Roaming\upsxy.dll
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4a1d433b-26ccd3bc
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4a1d433b-26ccd3bc
E:\OFFICE\Backup Set 2012-12-02 030031\Backup Files 2012-12-02 030031\Backup files 5.zip
E:\OFFICE\Backup Set 2012-12-02 030031\Backup Files 2012-12-02 030031\Backup files 7.zip
E:\OFFICE\Backup Set 2012-12-16 020002\Backup Files 2012-12-16 020002\Backup files 5.zip
E:\OFFICE\Backup Set 2012-12-16 020002\Backup Files 2012-12-16 020002\Backup files 7.zip
E:\OFFICE\Backup Set 2012-12-23 030044\Backup Files 2012-12-23 030044\Backup files 5.zip
E:\OFFICE\Backup Set 2012-12-23 030044\Backup Files 2012-12-23 030044\Backup files 6.zip

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

Link to post
Share on other sites

Ran ComboFix fine. Ran the MWB Anti-Rootkit which found the malware. Upon rebooting the comuter goes throuch the POST and the displays a black screen with "Missing operating system". If I have to reinstall the OS I have the Windows 7 install disk or I just might go buy WIndows 8 if that's an option. I should have posted log files before each reboot.

Link to post
Share on other sites

Still getting Missing operating system on reboot, but here's the log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012

Ran by SYSTEM at 28-12-2012 10:52:13

Running from G:\

Windows 7 Professional (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-28] (Adobe Systems Incorporated)

HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-09-03] (CANON INC.)

HKLM-x32\...\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5174568 2010-03-08] (Nero AG)

HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()

HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-07] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKU\Administrator\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)

HKU\Jim\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [4950664 2011-06-28] ()

HKU\Jim\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-12-11] (Google Inc.)

HKLM-x32\...\RunOnce: [Z1] C:\Users\Jim\Desktop\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s [1342312 2012-12-27] (Malwarebytes Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Tcpip\Parameters: [DhcpNameServer] 64.130.80.1 216.167.144.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Services (Whitelisted) ===================

2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()

2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1053184 2012-12-06] (iolo technologies, LLC)

2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1053184 2012-12-06] (iolo technologies, LLC)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)

4 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [103472 2012-06-15] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [378952 2012-11-22] (McAfee, Inc.)

2 mcpltsvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-11-09] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177680 2012-11-09] (McAfee, Inc.)

2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [220856 2012-10-07] (McAfee, Inc.)

2 NeroMediaHomeService.4; "C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe" [517416 2010-03-08] (Nero AG)

4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [87344 2009-10-07] (Prolific Technology Inc.)

2 WDFME; "C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe" [1034752 2010-09-08] ()

2 WDSC; "C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe" [485376 2010-09-08] ()

2 0173241356590661mcinstcleanup; C:\Windows\TEMP\017324~1.EXE -cleanup -nolog [x]

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)

1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-03-29] (EldoS Corporation)

3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)

3 L6TPortA; C:\Windows\SysWow64\Drivers\L6TPortA.sys [393216 2005-12-09] (Line 6)

3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [36680 2012-12-27] ()

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)

3 mbamswissarmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [150640 2012-12-27] (Malwarebytes Corporation)

2 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [74120 2012-10-19] (McAfee, Inc.)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)

3 mfencbdc; C:\Windows\System32\Drivers\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)

3 mfencrk; C:\Windows\System32\Drivers\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)

1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]

3 mfeavfk01; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-28 10:51 - 2012-12-28 10:51 - 00000000 ____D C:\FRST

2012-12-27 21:30 - 2012-12-27 21:30 - 00150640 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2012-12-27 21:30 - 2012-12-27 21:30 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2012-12-27 21:30 - 2012-12-27 21:30 - 00000000 ____D C:\Users\Jim\Desktop\mbar-1.01.0.1011

2012-12-27 21:29 - 2012-12-27 21:29 - 13485902 ____A C:\Users\Jim\Downloads\mbar-1.01.0.1011.zip

2012-12-27 21:29 - 2012-12-27 21:29 - 13485902 ____A C:\Users\Jim\Desktop\mbar-1.01.0.1011.zip

2012-12-27 17:12 - 2012-12-27 17:12 - 00026142 ____A C:\ComboFix.txt

2012-12-27 16:06 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-12-27 16:06 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-12-27 16:06 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-12-27 16:06 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-12-27 16:06 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-12-27 16:06 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-12-27 16:06 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-12-27 16:06 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-12-27 15:57 - 2012-12-27 15:57 - 05014125 ____R (Swearware) C:\Users\Jim\Desktop\ComboFix.exe

2012-12-26 22:28 - 2012-12-26 22:29 - 00282656 ____A C:\Windows\Minidump\122612-28969-01.dmp

2012-12-26 22:25 - 2012-12-26 22:25 - 00282896 ____A C:\Windows\Minidump\122612-27206-01.dmp

2012-12-26 22:20 - 2012-12-26 22:20 - 00282576 ____A C:\Windows\Minidump\122612-30061-01.dmp

2012-12-26 22:19 - 2012-12-26 22:28 - 456653535 ____A C:\Windows\MEMORY.DMP

2012-12-25 18:12 - 2012-12-26 21:59 - 00006527 ____A C:\Users\Jim\AppData\Local\a7303c36-d902-4667-a5cd-b8bef917ec9f.crx

2012-12-25 16:37 - 2012-12-25 16:37 - 00000000 ____D C:\Users\Jim\Downloads\WDFirmwareUpdater(1)

2012-12-24 13:56 - 2012-12-24 13:56 - 00000000 ____D C:\Program Files (x86)\ESET

2012-12-24 13:03 - 2012-12-26 23:10 - 00000000 ____D C:\Users\Jim\Downloads\Computer Repair

2012-12-24 12:54 - 2012-12-24 12:54 - 00000000 ____D C:\Windows\ERUNT

2012-12-23 11:09 - 2012-12-26 23:10 - 00000000 ____D C:\Users\All Users\3E2F546D2240F01700003E2F1641F3FF

2012-12-23 08:31 - 2012-12-27 17:12 - 00000000 ___AD C:\Qoobox

2012-12-23 08:31 - 2012-12-27 15:58 - 00000000 ____D C:\Windows\erdnt

2012-12-23 02:01 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-23 02:01 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-23 02:01 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-23 02:01 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-20 19:48 - 2012-12-20 19:48 - 00000000 ____D C:\Program Files\eLicenser

2012-12-18 17:26 - 2012-12-26 23:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-14 14:17 - 2012-12-06 22:42 - 02155248 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll

2012-12-14 09:40 - 2012-12-14 09:40 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-12-12 02:08 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-12-12 02:08 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-12-12 02:08 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-12-12 02:08 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-12-12 02:08 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-12-12 02:08 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-12-12 02:08 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-12-12 02:08 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-12-12 02:08 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-12-12 02:08 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-12-12 02:08 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-12-12 02:08 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-12-12 02:08 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-12-12 02:08 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-12-12 02:08 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-12-12 02:08 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-12-12 02:08 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-12-12 02:08 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-12-12 02:08 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-12-12 02:08 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-12-12 02:08 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-12-12 02:08 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-12-12 02:08 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-12-12 02:08 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-12-12 02:08 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-12-12 02:08 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-12-12 02:08 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-12-12 02:08 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-12-12 02:08 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-12-12 02:08 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-12-12 02:08 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-12-12 02:08 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-12-11 23:13 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-12-11 23:13 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-12-11 23:13 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-12-11 23:12 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-12-11 23:12 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-12-11 23:12 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-12-11 23:12 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-12-11 23:12 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-12-11 23:12 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-12-11 23:12 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-12-11 23:12 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-12-11 23:12 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-12-11 23:12 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-12-11 23:12 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-12-11 23:12 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-12-11 23:12 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-12-11 23:12 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-12-11 23:12 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-12-11 23:11 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

2012-12-11 23:11 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

2012-12-02 22:08 - 2012-12-27 10:00 - 00001844 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk

2012-12-02 22:07 - 2012-12-26 22:33 - 00000000 __RSD C:\Users\Jim\Documents\McAfee Vaults

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Users\Jim\AppData\Local\McAfee File Lock

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files (x86)\McAfeeMOBK

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup

2012-12-02 22:07 - 2012-10-19 08:51 - 00074120 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys

2012-12-02 22:07 - 2012-05-28 09:28 - 00197264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys

2012-12-02 22:07 - 2010-04-13 19:10 - 00066040 ____A (Mozy, Inc.) C:\Windows\System32\Drivers\MOBK.sys

2012-12-02 22:06 - 2012-12-02 22:06 - 00000000 ____D C:\Program Files (x86)\McAfee.com

2012-12-02 22:04 - 2012-12-26 22:44 - 00000000 ____D C:\Program Files (x86)\McAfee

2012-12-02 22:04 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files\McAfee

2012-12-02 22:04 - 2012-12-02 22:04 - 00000000 ____D C:\Program Files\McAfee.com

2012-12-02 21:52 - 2012-11-09 05:37 - 00177680 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe

2012-12-02 21:51 - 2012-12-03 15:07 - 00000000 ____D C:\Users\All Users\McAfee

2012-12-02 21:51 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files\Common Files\McAfee

2012-12-02 21:30 - 2012-12-02 21:30 - 03177840 ____A (McAfee, Inc.) C:\Users\Jim\Downloads\MCPR.exe

==================== One Month Modified Files and Folders =======

2012-12-28 10:51 - 2012-12-28 10:51 - 00000000 ____D C:\FRST

2012-12-27 21:45 - 2009-12-11 08:29 - 01108749 ____A C:\Windows\WindowsUpdate.log

2012-12-27 21:32 - 2009-12-12 16:52 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-12-27 21:30 - 2012-12-27 21:30 - 00150640 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2012-12-27 21:30 - 2012-12-27 21:30 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2012-12-27 21:30 - 2012-12-27 21:30 - 00000000 ____D C:\Users\Jim\Desktop\mbar-1.01.0.1011

2012-12-27 21:29 - 2012-12-27 21:29 - 13485902 ____A C:\Users\Jim\Downloads\mbar-1.01.0.1011.zip

2012-12-27 21:29 - 2012-12-27 21:29 - 13485902 ____A C:\Users\Jim\Desktop\mbar-1.01.0.1011.zip

2012-12-27 21:29 - 2009-12-12 16:52 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-27 21:22 - 2011-02-17 20:34 - 00217943 ____A C:\Windows\setupact.log

2012-12-27 21:21 - 2012-04-05 16:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-12-27 17:12 - 2012-12-27 17:12 - 00026142 ____A C:\ComboFix.txt

2012-12-27 17:12 - 2012-12-23 08:31 - 00000000 ___AD C:\Qoobox

2012-12-27 16:52 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-12-27 15:58 - 2012-12-23 08:31 - 00000000 ____D C:\Windows\erdnt

2012-12-27 15:57 - 2012-12-27 15:57 - 05014125 ____R (Swearware) C:\Users\Jim\Desktop\ComboFix.exe

2012-12-27 10:00 - 2012-12-02 22:08 - 00001844 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk

2012-12-26 23:10 - 2012-12-24 13:03 - 00000000 ____D C:\Users\Jim\Downloads\Computer Repair

2012-12-26 23:10 - 2012-12-23 11:09 - 00000000 ____D C:\Users\All Users\3E2F546D2240F01700003E2F1641F3FF

2012-12-26 23:10 - 2012-12-18 17:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-26 23:10 - 2012-08-05 12:24 - 00000000 ____D C:\users\Administrator

2012-12-26 23:10 - 2012-08-05 05:18 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0

2012-12-26 23:10 - 2012-08-04 17:55 - 00000000 ____D C:\Users\Jim\AppData\Local\{8ECC38CF-DEA0-11E1-8270-B8AC6F996F26}

2012-12-26 23:10 - 2012-01-03 12:43 - 00000000 ____D C:\Program Files (x86)\Conduit

2012-12-26 23:10 - 2011-12-27 18:37 - 00000000 ___HD C:\Users\All Users\CanonIJEGV

2012-12-26 23:10 - 2011-12-27 00:50 - 00000000 ____D C:\Users\All Users\CanonIJ

2012-12-26 23:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2012-12-26 23:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2012-12-26 23:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2012-12-26 23:08 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default

2012-12-26 22:44 - 2012-12-02 22:04 - 00000000 ____D C:\Program Files (x86)\McAfee

2012-12-26 22:43 - 2009-07-13 20:45 - 00015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-26 22:42 - 2009-07-13 20:45 - 00015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-26 22:33 - 2012-12-02 22:07 - 00000000 __RSD C:\Users\Jim\Documents\McAfee Vaults

2012-12-26 22:29 - 2012-12-26 22:28 - 00282656 ____A C:\Windows\Minidump\122612-28969-01.dmp

2012-12-26 22:29 - 2010-12-20 22:41 - 00000000 ____D C:\users\NeroMediaHomeUser.4

2012-12-26 22:29 - 2009-12-11 19:32 - 00000000 ____D C:\users\Jim

2012-12-26 22:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-26 22:28 - 2012-12-26 22:19 - 456653535 ____A C:\Windows\MEMORY.DMP

2012-12-26 22:28 - 2012-08-14 15:09 - 00000000 ____D C:\Windows\Minidump

2012-12-26 22:28 - 2009-12-11 20:45 - 00000000 ____D C:\Users\All Users\NVIDIA

2012-12-26 22:25 - 2012-12-26 22:25 - 00282896 ____A C:\Windows\Minidump\122612-27206-01.dmp

2012-12-26 22:20 - 2012-12-26 22:20 - 00282576 ____A C:\Windows\Minidump\122612-30061-01.dmp

2012-12-26 22:15 - 2009-07-13 20:45 - 00423016 ____A C:\Windows\System32\FNTCACHE.DAT

2012-12-26 21:59 - 2012-12-25 18:12 - 00006527 ____A C:\Users\Jim\AppData\Local\a7303c36-d902-4667-a5cd-b8bef917ec9f.crx

2012-12-26 21:25 - 2009-12-13 14:22 - 00000000 ____D C:\Users\Jim\Excel

2012-12-26 20:38 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp

2012-12-26 20:36 - 2011-12-27 00:40 - 00000000 ____D C:\Users\All Users\CanonIJPLM

2012-12-25 18:07 - 2011-06-17 14:37 - 00000000 ____D C:\Users\All Users\Western Digital

2012-12-25 16:37 - 2012-12-25 16:37 - 00000000 ____D C:\Users\Jim\Downloads\WDFirmwareUpdater(1)

2012-12-24 14:38 - 2009-12-24 08:47 - 00000130 ____A C:\Users\Jim\AppData\Roaming\default.rss

2012-12-24 13:56 - 2012-12-24 13:56 - 00000000 ____D C:\Program Files (x86)\ESET

2012-12-24 12:54 - 2012-12-24 12:54 - 00000000 ____D C:\Windows\ERUNT

2012-12-23 11:03 - 2009-12-16 21:08 - 00000000 ____D C:\users\Incomplete

2012-12-22 22:25 - 2009-12-11 20:06 - 00471932 ____A C:\Windows\PFRO.log

2012-12-22 21:33 - 2011-04-05 18:57 - 00000000 ____D C:\Program Files (x86)\Syncrosoft

2012-12-22 21:33 - 2011-04-05 18:57 - 00000000 ____D C:\Program Files (x86)\eLicenser

2012-12-22 21:33 - 2010-12-20 22:41 - 00000000 ____D C:\Users\Jim\AppData\Local\Nero

2012-12-20 21:14 - 2009-12-13 14:31 - 00000000 ____D C:\Users\Jim\Word

2012-12-20 19:48 - 2012-12-20 19:48 - 00000000 ____D C:\Program Files\eLicenser

2012-12-20 19:48 - 2011-04-05 18:57 - 00000000 ____D C:\Users\All Users\eLicenser

2012-12-18 18:43 - 2010-02-25 20:44 - 00000000 ____D C:\Users\Jim\AppData\Local\Unity

2012-12-18 17:42 - 2012-05-06 14:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-12-18 17:42 - 2009-12-12 16:25 - 00000000 ____D C:\Users\All Users\iolo

2012-12-18 17:22 - 2009-12-11 19:57 - 00000000 ____D C:\Users\Jim\AppData\Local\Google

2012-12-18 16:42 - 2009-07-13 21:13 - 00743816 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-17 08:51 - 2009-12-11 19:51 - 00000000 ____D C:\Users\All Users\Adobe

2012-12-16 09:11 - 2012-12-23 02:01 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-16 06:45 - 2012-12-23 02:01 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-16 06:13 - 2012-12-23 02:01 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-16 06:13 - 2012-12-23 02:01 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-14 14:17 - 2009-12-28 23:16 - 00002219 ____A C:\Users\Jim\Desktop\System Mechanic.lnk

2012-12-14 10:19 - 2009-12-11 19:51 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Adobe

2012-12-14 09:40 - 2012-12-14 09:40 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-12-14 09:38 - 2009-12-11 19:51 - 00000000 ____D C:\Program Files (x86)\Adobe

2012-12-14 09:37 - 2009-12-11 19:51 - 00000000 ____D C:\Users\Jim\AppData\Local\Adobe

2012-12-12 13:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2012-12-12 02:39 - 2009-12-12 12:04 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-12-12 02:36 - 2009-12-12 15:33 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-12-12 00:17 - 2012-04-05 16:28 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-12-12 00:17 - 2011-05-23 18:58 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-12-11 23:46 - 2010-09-30 17:24 - 00000000 ____D C:\Windows\System32\Macromed

2012-12-06 22:58 - 2009-12-12 16:30 - 00057144 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe

2012-12-06 22:57 - 2009-12-12 16:30 - 00025744 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe

2012-12-06 22:42 - 2012-12-14 14:17 - 02155248 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll

2012-12-06 22:42 - 2011-06-15 06:41 - 02097032 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll

2012-12-03 15:07 - 2012-12-02 21:51 - 00000000 ____D C:\Users\All Users\McAfee

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Users\Jim\AppData\Local\McAfee File Lock

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files (x86)\McAfeeMOBK

2012-12-02 22:07 - 2012-12-02 22:07 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup

2012-12-02 22:07 - 2012-12-02 22:04 - 00000000 ____D C:\Program Files\McAfee

2012-12-02 22:07 - 2012-12-02 21:51 - 00000000 ____D C:\Program Files\Common Files\McAfee

2012-12-02 22:06 - 2012-12-02 22:06 - 00000000 ____D C:\Program Files (x86)\McAfee.com

2012-12-02 22:04 - 2012-12-02 22:04 - 00000000 ____D C:\Program Files\McAfee.com

2012-12-02 21:30 - 2012-12-02 21:30 - 03177840 ____A (McAfee, Inc.) C:\Users\Jim\Downloads\MCPR.exe

2012-12-02 18:31 - 2012-08-05 12:54 - 00000000 ____D C:\Program Files\CCleaner

2012-11-30 19:38 - 2012-09-19 18:44 - 00000000 ____D C:\DVD Shrink

2012-11-30 19:37 - 2009-12-12 21:39 - 00000000 ____D C:\Users\All Users\DVD Shrink

2012-11-29 20:47 - 2012-09-19 19:41 - 00000983 ____A C:\Users\UpdatusUser\Desktop\DVD Shrink 3.2.lnk

2012-11-29 20:47 - 2012-09-19 19:41 - 00000983 ____A C:\Users\NeroMediaHomeUser.4\Desktop\DVD Shrink 3.2.lnk

2012-11-29 20:47 - 2012-09-19 19:41 - 00000983 ____A C:\Users\Jim\Desktop\DVD Shrink 3.2.lnk

2012-11-29 20:47 - 2012-09-19 19:41 - 00000983 ____A C:\Users\Administrator\Desktop\DVD Shrink 3.2.lnk

2012-11-29 20:47 - 2012-09-19 18:39 - 00000000 ____D C:\Program Files (x86)\DVD Shrink

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-19 16:14:19

Restore point made on: 2012-12-20 02:00:43

Restore point made on: 2012-12-21 02:00:33

Restore point made on: 2012-12-22 02:00:36

Restore point made on: 2012-12-22 22:09:56

Restore point made on: 2012-12-23 02:00:50

Restore point made on: 2012-12-23 02:01:47

Restore point made on: 2012-12-27 16:06:46

Restore point made on: 2012-12-27 21:45:15

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8182.3 MB

Available physical RAM: 7339.51 MB

Total Pagefile: 8180.45 MB

Available Pagefile: 7341.75 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:332.13 GB) NTFS

2 Drive e: (GRMCPRXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF

3 Drive f: (My Passport) (Fixed) (Total:465.73 GB) (Free:339.93 GB) NTFS

4 Drive g: () (Removable) (Total:1.85 GB) (Free:1.17 GB) FAT

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 465 GB 0 B

Disk 2 Online 1907 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F My Passport NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1903 MB 4032 KB

==================================================================================

Disk: 2

Partition 1

Type : 0E

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT Removable 1903 MB Healthy

=========================================================

Last Boot: 2012-12-25 12:18

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
RestoreErunt: cf
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Let me know how that goes

Link to post
Share on other sites

Still unable to find OS.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012

Ran by SYSTEM at 2012-12-28 14:59:15 Run:1

Running from G:\

==============================================

BCD not restored.

hiv-backup\DEFAULT not found.

hiv-backup\SAM not found.

hiv-backup\SECURITY not found.

hiv-backup\SOFTWARE not found.

hiv-backup\BCD not found.

hiv-backup\SYSTEM not found.

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

let's try this one then

please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2012-12-25 12:18
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Still missing OS.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012

Ran by SYSTEM at 2012-12-28 15:52:25 Run:2

Running from G:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup

DEFAULT hive was successfully restored from registry back up.

SAM hive was successfully copied to System32\config\HiveBackup

SAM hive was successfully restored from registry back up.

SECURITY hive was successfully copied to System32\config\HiveBackup

SECURITY hive was successfully restored from registry back up.

SOFTWARE hive was successfully copied to System32\config\HiveBackup

SOFTWARE hive was successfully restored from registry back up.

SYSTEM hive was successfully copied to System32\config\HiveBackup

SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.