Ransomware virus, blank white screen in safe mode

[properhit]

Greetings

Thank you for any help.

I have a ransomware virus. I ran FRST64.exe already in command promt like others were instructed on another thread. The log file is below.

PLease let me know if you need any additional information.

Thank you again!!

Chad

******************************************************************

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02

Ran by SYSTEM on 01-06-2013 20:15:14

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet002

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)

HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctMTE2MTQ5MTE0Ni1YTzEwKzExLUxJQysyLVNQMSsxLVNVUCszLUZMMTArMS1UVUcrMy1TUDFTMisxLVNQMVMzKzEtRERUKzUwMDE3LUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBTisyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQisxLUYxME0xMkIrMS1GMTBUQisyLVNUMTBUQkYrMQ"&"prod=55"&"ver=10.0.1416 [x]

HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)

HKU\Jerry\...\Run: [CyberLink] rundll32.exe C:\Users\Jerry\AppData\Local\CyberLink\lypwnauk.dll,jxmditllmaszdfyr [847360 2013-05-31] (SEIKO EPSON CORPORATION)

HKU\Jerry\...\Run: [{1B8618EC-CD19-46B0-AEEB-99CA1AD4046B}] rundll32 "C:\Users\Jerry\AppData\Local\Yahoo\{1B8618EC-CD19-46B0-AEEB-99CA1AD4046B}\vshmnp.dll",DllRegisterServer [534016 2013-05-31] (Autodesk, Inc.)

HKU\Jerry\...\Run: [Adobe CSS5.1 Manager] C:\Users\Jerry\AppData\Local\1c4842ad-d00a-4f35-8cd6-0ce5a264bc6aad\caddafcdceabcaad.exe [126976 2013-05-31] ()

HKU\Jerry\...\Run: [TimeServer] "C:\Users\Jerry\AppData\Roaming\Macromedia\WINB4AE.exe" [134144 2013-05-31] ()

HKU\Jerry\...\Winlogon: [shell] explorer.exe,C:\Users\Jerry\AppData\Roaming\skype.dat [123392 2011-11-16] (VSN Software LTD) <==== ATTENTION

Startup: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)

SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File

SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [x]

S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation )

S1 bikguokh; \??\C:\Windows\system32\drivers\bikguokh.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-01 20:15 - 2013-06-01 20:15 - 00000000 ____D C:\FRST

2013-06-01 16:18 - 2013-06-01 16:18 - 00000000 ____D C:\ProgramData\Geek Squad

2013-06-01 15:51 - 2013-06-01 15:51 - 00013071 ____A C:\FRST.txt

2013-06-01 15:51 - 2013-06-01 13:38 - 01916164 ____A (Farbar) C:\FRST64.exe

2013-05-31 12:19 - 2013-05-31 12:19 - 00126976 ____A C:\Users\Jerry\chrome323871.exe

2013-05-31 12:19 - 2013-05-31 12:19 - 00000000 ____A C:\Users\Jerry\windowsupdate371911.exe

2013-05-31 12:18 - 2013-05-31 12:18 - 00066048 ____A C:\Users\Jerry\notepad.exe

2013-05-31 12:18 - 2013-05-31 12:18 - 00000000 ____A C:\Users\Jerry\rundll32410364.exe

2013-05-31 12:18 - 2013-05-31 12:18 - 00000000 ____A C:\Users\Jerry\googleupdate.exe

2013-05-31 07:13 - 2013-05-31 07:13 - 00126976 ____A C:\Users\Jerry\windowsupdate.exe

2013-05-31 07:13 - 2013-05-31 07:13 - 00123392 ____A (VSN Software LTD) C:\Users\Jerry\ctfmon.exe

2013-05-31 07:13 - 2013-05-31 07:13 - 00000000 ____A C:\Users\Jerry\skype.exe

2013-05-31 07:13 - 2013-05-31 07:13 - 00000000 ____A C:\Users\Jerry\java.exe

2013-05-31 07:13 - 2013-05-31 07:13 - 00000000 ____A C:\Users\Jerry\acrobat.exe

2013-05-31 07:07 - 2013-05-31 07:08 - 00126976 ____A C:\Users\Jerry\mstsc.exe

2013-05-31 07:07 - 2013-05-31 07:07 - 00123392 ____A (VSN Software LTD) C:\Users\Jerry\acrobatreader.exe

2013-05-31 07:07 - 2013-05-31 07:07 - 00000000 ____A C:\Users\Jerry\teamviewer.exe

2013-05-31 07:07 - 2013-05-31 07:07 - 00000000 ____A C:\Users\Jerry\spoolsv.exe

2013-05-31 07:07 - 2013-05-31 07:07 - 00000000 ____A C:\Users\Jerry\msconfig.exe

2013-05-31 07:01 - 2013-05-31 07:01 - 00000000 ____A C:\Users\Jerry\vlcplayer.exe

2013-05-31 07:01 - 2013-05-31 07:01 - 00000000 ____A C:\Users\Jerry\jqs.exe

2013-05-31 07:01 - 2013-05-31 07:01 - 00000000 ____A C:\Users\Jerry\iexplore.exe

2013-05-31 07:01 - 2013-05-31 07:01 - 00000000 ____A C:\Users\Jerry\csrss.exe

2013-05-31 07:01 - 2013-05-31 07:01 - 00000000 ____A C:\Users\Jerry\alg.exe

2013-05-31 05:22 - 2013-06-01 13:54 - 00000004 ____A C:\Users\Jerry\AppData\Roaming\skype.ini

2013-05-31 05:21 - 2013-05-31 05:21 - 00126976 ____A C:\Users\Jerry\winlogon.exe

2013-05-31 05:21 - 2013-05-31 05:21 - 00123392 ____A (VSN Software LTD) C:\Users\Jerry\flashplayer.exe

2013-05-31 05:21 - 2013-05-31 05:21 - 00000000 ____A C:\Users\Jerry\rundll32.exe

2013-05-31 05:21 - 2013-05-31 05:21 - 00000000 ____A C:\Users\Jerry\icq.exe

2013-05-31 05:21 - 2013-05-31 05:21 - 00000000 ____A C:\Users\Jerry\conhost.exe

2013-05-31 05:19 - 2013-05-31 12:00 - 00000332 ___AH C:\Windows\Tasks\{8EB27D9B-285D-4410-AF38-E5C79C065423}.job

2013-05-31 05:19 - 2013-05-31 05:19 - 00000000 ____D C:\Users\Jerry\AppData\Local\1c4842ad-d00a-4f35-8cd6-0ce5a264bc6aad

2013-05-31 05:18 - 2013-05-31 05:18 - 00123392 ____A (VSN Software LTD) C:\Users\Jerry\jucheck.exe

2013-05-31 05:18 - 2013-05-31 05:18 - 00000000 ____A C:\Users\Jerry\opera.exe

2013-05-31 05:18 - 2013-05-31 05:18 - 00000000 ____A C:\Users\Jerry\firefox.exe

2013-05-31 05:18 - 2013-05-31 05:18 - 00000000 ____A C:\Users\Jerry\chrome.exe

2013-05-30 03:20 - 2013-05-31 05:31 - 00000000 ____D C:\Users\Jerry\AppData\Local\CyberLink

2013-05-29 15:17 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-29 15:17 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-29 15:17 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-29 15:17 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-29 15:17 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-29 15:17 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-29 15:17 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-29 15:17 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-29 15:17 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-29 15:17 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-29 15:17 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-29 15:17 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-29 15:17 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-29 15:17 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-29 15:17 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-29 15:17 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-29 15:17 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-29 15:17 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-29 15:17 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-29 15:17 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-29 15:17 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-05-29 15:17 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-05-29 15:17 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-29 15:17 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-05-29 15:17 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-29 15:17 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-29 15:17 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-29 15:17 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-29 15:16 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-29 15:16 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-29 15:16 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-29 12:25 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-29 12:25 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-29 12:25 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-29 12:25 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-29 12:25 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-29 12:25 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-29 12:25 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-29 12:25 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-29 12:25 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-29 12:25 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-29 12:25 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-29 12:25 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-29 12:25 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-29 12:25 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

==================== One Month Modified Files and Folders =======

2013-06-01 20:15 - 2013-06-01 20:15 - 00000000 ____D C:\FRST

2013-06-01 16:18 - 2013-06-01 16:18 - 00000000 ____D C:\ProgramData\Geek Squad

2013-06-01 15:51 - 2013-06-01 15:51 - 00013071 ____A C:\FRST.txt

2013-06-01 15:21 - 2013-01-25 15:27 - 01365898 ____A C:\Windows\WindowsUpdate.log

2013-06-01 15:14 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-01 15:14 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-01 15:11 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-01 15:07 - 2013-04-30 03:55 - 00004429 ____A C:\Windows\setupact.log

2013-06-01 15:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-01 13:54 - 2013-05-31 05:22 - 00000004 ____A C:\Users\Jerry\AppData\Roaming\skype.ini

2013-06-01 13:54 - 2011-04-04 09:27 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\SoftGrid Client

2013-06-01 13:53 - 2011-04-04 07:34 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-01 13:38 - 2013-06-01 15:51 - 01916164 ____A (Farbar) C:\FRST64.exe

2013-05-31 12:59 - 2011-04-04 07:34 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-31 12:58 - 2012-06-08 13:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-31 12:20 - 2010-07-26 15:12 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\Macromedia

2013-05-31 12:19 - 2013-05-31 12:19 - 00126976 ____A C:\Users\Jerry\chrome323871.exe

2013-05-31 12:19 - 2013-05-31 12:19 - 00000000 ____A C:\Users\Jerry\windowsupdate371911.exe

2013-05-31 12:19 - 2010-07-26 15:00 - 00000000 ____D C:\users\Jerry

2013-05-31 12:18 - 2013-05-31 12:18 - 00066048 ____A C:\Users\Jerry\notepad.exe

2013-05-31 12:18 - 2013-05-31 12:18 - 00000000 ____A C:\Users\Jerry\rundll32410364.exe

2013-05-31 12:18 - 2013-05-31 12:18 - 00000000 ____A C:\Users\Jerry\googleupdate.exe

2013-05-31 12:00 - 2013-05-31 05:19 - 00000332 ___AH C:\Windows\Tasks\{8EB27D9B-285D-4410-AF38-E5C79C065423}.job

2013-05-31 07:13 - 2013-05-31 07:13 - 00126976 ____A C:\Users\Jerry\windowsupdate.exe

2013-05-31 07:13 - 2013-05-31 07:13 - 00123392 ____A (VSN Software LTD) C:\Users\Jerry\ctfmon.exe

2013-05-31 07:13 - 2013-05-31 07:13 - 00000000 ____A C:\Users\Jerry\skype.exe

2013-05-31 07:13 - 2013-05-31 07:13 - 00000000 ____A C:\Users\Jerry\java.exe

2013-05-31 07:13 - 2013-05-31 07:13 - 00000000 ____A C:\Users\Jerry\acrobat.exe

2013-05-31 07:08 - 2013-05-31 07:07 - 00126976 ____A C:\Users\Jerry\mstsc.exe

2013-05-31 07:07 - 2013-05-31 07:07 - 00123392 ____A (VSN Software LTD) C:\Users\Jerry\acrobatreader.exe

2013-05-31 07:07 - 2013-05-31 07:07 - 00000000 ____A C:\Users\Jerry\teamviewer.exe

2013-05-31 07:07 - 2013-05-31 07:07 - 00000000 ____A C:\Users\Jerry\spoolsv.exe

2013-05-31 07:07 - 2013-05-31 07:07 - 00000000 ____A C:\Users\Jerry\msconfig.exe

2013-05-31 07:01 - 2013-05-31 07:01 - 00000000 ____A C:\Users\Jerry\vlcplayer.exe

2013-05-31 07:01 - 2013-05-31 07:01 - 00000000 ____A C:\Users\Jerry\jqs.exe

2013-05-31 07:01 - 2013-05-31 07:01 - 00000000 ____A C:\Users\Jerry\iexplore.exe

2013-05-31 07:01 - 2013-05-31 07:01 - 00000000 ____A C:\Users\Jerry\csrss.exe

2013-05-31 07:01 - 2013-05-31 07:01 - 00000000 ____A C:\Users\Jerry\alg.exe

2013-05-31 06:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-05-31 05:31 - 2013-05-30 03:20 - 00000000 ____D C:\Users\Jerry\AppData\Local\CyberLink

2013-05-31 05:21 - 2013-05-31 05:21 - 00126976 ____A C:\Users\Jerry\winlogon.exe

2013-05-31 05:21 - 2013-05-31 05:21 - 00123392 ____A (VSN Software LTD) C:\Users\Jerry\flashplayer.exe

2013-05-31 05:21 - 2013-05-31 05:21 - 00000000 ____A C:\Users\Jerry\rundll32.exe

2013-05-31 05:21 - 2013-05-31 05:21 - 00000000 ____A C:\Users\Jerry\icq.exe

2013-05-31 05:21 - 2013-05-31 05:21 - 00000000 ____A C:\Users\Jerry\conhost.exe

2013-05-31 05:19 - 2013-05-31 05:19 - 00000000 ____D C:\Users\Jerry\AppData\Local\1c4842ad-d00a-4f35-8cd6-0ce5a264bc6aad

2013-05-31 05:18 - 2013-05-31 05:18 - 00123392 ____A (VSN Software LTD) C:\Users\Jerry\jucheck.exe

2013-05-31 05:18 - 2013-05-31 05:18 - 00000000 ____A C:\Users\Jerry\opera.exe

2013-05-31 05:18 - 2013-05-31 05:18 - 00000000 ____A C:\Users\Jerry\firefox.exe

2013-05-31 05:18 - 2013-05-31 05:18 - 00000000 ____A C:\Users\Jerry\chrome.exe

2013-05-31 01:57 - 2010-10-02 10:16 - 00000000 __RSD C:\Users\Jerry\Documents\My Stationery

2013-05-31 01:51 - 2011-02-07 10:00 - 00000000 ____D C:\Users\Jerry\AppData\Local\Yahoo

2013-05-30 18:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-05-30 03:22 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp

2013-05-30 03:20 - 2012-01-11 05:35 - 00000000 ____D C:\Users\Jerry\AppData\Local\{6077A8E1-8F0B-422C-ADF6-E02DD9B148F8}

2013-05-30 03:09 - 2009-07-13 20:45 - 00332432 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-29 15:22 - 2010-07-28 06:38 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-29 15:02 - 2012-07-24 11:43 - 00000212 ____A C:\Users\Jerry\Desktop\Yahoo Email.url

2013-05-02 12:45 - 2012-06-12 12:59 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForJerry.job

2013-05-02 07:29 - 2010-07-28 05:51 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

Files to move or delete:

====================

C:\Users\Jerry\acrobat.exe

C:\Users\Jerry\acrobatreader.exe

C:\Users\Jerry\alg.exe

C:\Users\Jerry\chrome.exe

C:\Users\Jerry\chrome323871.exe

C:\Users\Jerry\conhost.exe

C:\Users\Jerry\csrss.exe

C:\Users\Jerry\ctfmon.exe

C:\Users\Jerry\firefox.exe

C:\Users\Jerry\flashplayer.exe

C:\Users\Jerry\googleupdate.exe

C:\Users\Jerry\icq.exe

C:\Users\Jerry\iexplore.exe

C:\Users\Jerry\java.exe

C:\Users\Jerry\jqs.exe

C:\Users\Jerry\jucheck.exe

C:\Users\Jerry\msconfig.exe

C:\Users\Jerry\mstsc.exe

C:\Users\Jerry\notepad.exe

C:\Users\Jerry\opera.exe

C:\Users\Jerry\rundll32.exe

C:\Users\Jerry\rundll32410364.exe

C:\Users\Jerry\skype.exe

C:\Users\Jerry\spoolsv.exe

C:\Users\Jerry\teamviewer.exe

C:\Users\Jerry\vlcplayer.exe

C:\Users\Jerry\windowsupdate.exe

C:\Users\Jerry\windowsupdate371911.exe

C:\Users\Jerry\winlogon.exe

C:\Users\Jerry\AppData\Roaming\skype.dat

C:\Users\Jerry\AppData\Roaming\skype.ini

C:\Windows\Tasks\{8EB27D9B-285D-4410-AF38-E5C79C065423}.job

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-03 06:48:32

Restore point made on: 2013-04-07 12:14:06

Restore point made on: 2013-04-10 13:48:33

Restore point made on: 2013-04-15 05:37:32

Restore point made on: 2013-04-24 11:18:50

Restore point made on: 2013-04-25 04:39:57

Restore point made on: 2013-04-25 05:29:28

Restore point made on: 2013-04-30 04:07:57

Restore point made on: 2013-04-30 04:42:46

Restore point made on: 2013-05-03 13:21:26

Restore point made on: 2013-05-07 06:32:18

Restore point made on: 2013-05-10 10:14:18

Restore point made on: 2013-05-13 18:36:06

Restore point made on: 2013-05-29 12:41:10

Restore point made on: 2013-05-29 15:16:16

==================== Memory info ===========================

Percentage of memory in use: 36%

Total physical RAM: 1790.49 MB

Available physical RAM: 1132.96 MB

Total Pagefile: 1790.49 MB

Available Pagefile: 1114.29 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.77 GB) (Free:407.77 GB) NTFS (Disk=0 Partition=2)

Drive e: (FACTORY_IMAGE) (Fixed) (Total:9.89 GB) (Free:1.48 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]

Drive g: (NEW DISK) (Removable) (Total:14.89 GB) (Free:7.41 GB) FAT32 (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS

Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

Last Boot: 2013-05-29 13:02

==================== End Of Log ============================

[MrCharlie]

Looking at it now.....MrC

[MrCharlie]

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

MrC

[properhit]

I am going to try this now. Thank you very much!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!