Jump to content

Can't Boot into Safe or Normal mode, keyboard disabled


Recommended Posts

Background: Using a Windows 7 PC, Windows Backup would not run, hanging at 7% while attempting to create a shadow copy. (It was probably a month since I last ran it.) While diagnosing the issue, I noticed that System Restore was turned off and all previous restore points were deleted (I didn’t do that). I hadn’t noticed anything unusual when using the computer except for a longer time to boot up.

I use msconfig to boot in safe mode – minimal config. When booting into safe mode, the PC froze during the process – it did not fully boot into safe mode. I could only do a hard reboot, which brought up the screen to select either Run Windows Repair or Boot Normally. However, the PC won’t allow me to select – the keyboard’s arrow, enter, etc. keys do not register (even though the keyboard’s lights are on).

So after 30 seconds of waiting for input, the PC runs through Windows Repair and reboots again. It then stops at the same spot in the safe mode boot process. Repair didn’t do anything. Hard boot again leads me back to the Windows Repair process.

I was able to cancel the repair process and then select the command prompt. At that point I am able to use my keyboard again. However, I can only get to task manager. I can’t run msconfig to get back to a normal boot, not safe mode, and I can’t run explore.exe.

I ran FRST64 from a USB key – the output text file is attached.

I tried to boot Kaspersky Rescue Disk from a CD ISO image. The program initiates, but then the program asks for you to hit any key to continue. And again, the PC doesn’t recognize any keyboard input – so Kaspersky times out.

So I’m stuck being not able to boot into safe or normal mode, and having the keyboard disabled.

This is one nasty piece of malware!

Sorry, the file didn't get attached and IE froze. Here's the output of the FRST64 file:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-06-2013

Ran by SYSTEM on 04-06-2013 21:20:26

Running from J:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun [884584 2012-03-08] (Microsoft Corporation)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2782096 2010-07-25] (CANON INC.)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM-x32\...\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1213848 2010-09-14] (CANON INC.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-04-30] (Apple Inc.)

HKU\George\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s [247768 2012-08-28] (TomTom)

HKU\George\...\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart [839680 2010-06-16] ()

HKU\George\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]

HKU\George\...\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect [1040712 2012-06-14] ()

HKU\George\...\Policies\system: [LogonHoursAction] 2

HKU\George\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Mary\...\Policies\system: [LogonHoursAction] 2

HKU\Mary\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Rachel\...\Policies\system: [LogonHoursAction] 2

HKU\Rachel\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Ryan\...\Run: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-23] (Google Inc.)

HKU\Ryan\...\Policies\system: [LogonHoursAction] 2

HKU\Ryan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Startup: C:\ProgramData\Start Menu\Programs\Startup\APC UPS Status.lnk

ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

==================== Services (Whitelisted) =================

S2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)

S2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)

S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-07-09] (NETGEAR)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

S3 AtiDCM; C:\ATI\Support\10-9_vista64_win7_64_dd_ccc_enu\Bin64\atdcm64a.sys [26640 2010-08-25] (Advanced Micro Devices, Inc.)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

S1 NEOFLTR_600_13705; C:\Windows\SysWow64\Drivers\NEOFLTR_600_13705.SYS [64160 2008-11-14] (Juniper Networks)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-09-22] (CACE Technologies, Inc.)

S3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [124176 2012-11-30] (High Criteria inc.)

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

S3 yeddef64; System32\Drivers\yeddef64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-04 21:19 - 2013-06-04 21:19 - 00000000 ____D C:\FRST

2013-06-04 01:38 - 2013-06-04 01:38 - 00000000 ____D C:\Windows\pss

2013-06-03 17:45 - 2013-06-03 17:45 - 00000000 ____D C:\Users\George\AppData\Local\{902D4829-D698-4DFA-B67E-57A1CDEE4821}

2013-06-03 02:52 - 2013-06-03 02:53 - 00000000 ____D C:\Users\George\AppData\Local\{BA0082FF-B1AD-40DE-9120-DF2E2EA41030}

2013-06-02 18:41 - 2013-06-02 18:42 - 60979307 ____A C:\Users\George\Desktop\Rachel Teeter MRI.zip

2013-06-02 16:01 - 2013-06-02 16:01 - 24675388 ____A C:\Users\George\Desktop\Is-Your-Worldview-Really-Biblical.zip

2013-06-02 16:01 - 2013-06-02 16:01 - 22825539 ____A C:\Users\George\Desktop\Dealing-with-Doubts.zip

2013-06-02 16:01 - 2013-06-02 16:01 - 16742446 ____A C:\Users\George\Desktop\The-Worldview-behind-Porn.zip

2013-06-02 14:40 - 2013-06-02 14:40 - 00000000 ____D C:\Users\George\AppData\Local\{E5EFAFF6-E571-4E75-8B56-FC467E03FC7E}

2013-06-02 03:37 - 2013-06-02 03:37 - 00000000 ____D C:\Program Files\7-Zip

2013-06-01 02:39 - 2013-06-02 02:39 - 00000000 ____D C:\Users\George\AppData\Local\{209D4AE5-233F-4570-8CC6-15FACFEEC0F0}

2013-05-31 13:35 - 2013-05-31 13:35 - 00903072 ____A (Oracle Corporation) C:\Users\Ryan\Downloads\jxpiinstall.exe

2013-05-30 18:51 - 2013-05-30 18:51 - 00138045 ____A C:\Users\George\Desktop\MindManagerTemplates.zip

2013-05-30 18:50 - 2013-05-30 18:50 - 00098573 ____A C:\Users\George\Desktop\WordTemplates.zip

2013-05-30 17:50 - 2013-05-30 17:50 - 00000000 ____D C:\Users\George\AppData\Local\{9B6809DC-FEB1-4D07-88DC-B59ADE0BF984}

2013-05-30 02:01 - 2013-05-30 02:01 - 00000000 ____D C:\Users\George\AppData\Local\{D1A0F778-92E4-48B6-9D02-86A61044C24D}

2013-05-29 01:24 - 2013-05-29 01:24 - 00000000 ____D C:\Users\George\AppData\Local\{3790DE57-BA2E-4DD4-BCF8-208CC5DE5836}

2013-05-27 17:11 - 2013-05-27 17:11 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

2013-05-25 04:14 - 2013-05-25 04:15 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-05-25 04:11 - 2013-05-25 04:11 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2013-05-25 04:08 - 2013-05-25 04:11 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-25 04:08 - 2013-05-25 04:11 - 00000000 ____D C:\Program Files\iTunes

2013-05-25 04:08 - 2013-05-25 04:11 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-05-25 04:08 - 2013-05-25 04:08 - 00000000 ____D C:\Program Files\iPod

2013-05-24 04:54 - 2013-05-28 02:41 - 00000000 ____D C:\Users\George\AppData\Local\{1E1765F9-1A14-4751-84A4-A6EE953190CD}

2013-05-23 16:53 - 2013-05-23 16:53 - 00000000 ____D C:\Users\George\AppData\Local\{C132B434-961F-49C9-A2C6-F00C71253D30}

2013-05-23 02:24 - 2013-05-23 02:24 - 00000000 ____D C:\Program Files (x86)\DataVault

2013-05-22 16:11 - 2013-05-22 16:11 - 00000000 ____D C:\Users\George\AppData\Local\{C64EDFD8-9E36-44AE-BBF3-B09C136ABA39}

2013-05-22 02:50 - 2013-05-22 02:50 - 00000000 ____D C:\Users\George\AppData\Local\{F6AE6F3B-BDCA-4255-87B6-99852297AA29}

2013-05-21 01:47 - 2013-05-21 01:47 - 00000000 ____D C:\Users\George\AppData\Local\{E71B5DAF-BB74-4E1B-B9E2-5618F3CD0663}

2013-05-19 04:38 - 2013-05-21 01:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2013-05-19 02:20 - 2013-05-19 14:21 - 00000000 ____D C:\Users\George\AppData\Local\{0F458B13-B7B9-4884-838E-204BD9D425D9}

2013-05-18 01:51 - 2013-05-18 01:51 - 00000000 ____D C:\Users\George\AppData\Local\{C7C4C4A7-F508-4148-B3A7-CD9A68E94706}

2013-05-15 16:18 - 2013-05-15 16:18 - 00000000 ____D C:\Users\George\AppData\Local\{2772B1D2-EDA1-45D2-85F2-F7424A1EA9C6}

2013-05-15 01:52 - 2013-05-15 01:52 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-15 01:52 - 2013-05-15 01:52 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-15 01:52 - 2013-05-15 01:52 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-15 01:52 - 2013-05-15 01:52 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-15 01:52 - 2013-05-15 01:52 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-05-15 01:52 - 2013-05-15 01:52 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-05-15 01:52 - 2013-05-15 01:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-05-15 01:52 - 2013-05-15 01:52 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-05-15 01:52 - 2013-05-15 01:52 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-05-15 01:52 - 2013-05-15 01:52 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-05-15 01:52 - 2013-05-15 01:52 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-05-15 01:50 - 2013-05-15 01:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-15 01:48 - 2013-05-15 01:56 - 00007201 ____A C:\Windows\IE10_main.log

2013-05-15 00:57 - 2013-05-15 00:57 - 00000000 ____D C:\Users\George\AppData\Local\{7C1825D3-3065-48BF-B921-9F31D5EC664B}

2013-05-15 00:51 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-15 00:51 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-15 00:51 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 00:51 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 00:51 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-15 00:51 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 00:51 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 00:51 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 00:51 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 00:51 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-15 00:51 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-15 00:51 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-15 00:51 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-15 00:51 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-13 15:40 - 2013-05-27 17:16 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype

2013-05-10 15:13 - 2013-05-14 12:12 - 00000000 ____D C:\Users\George\AppData\Local\{90F3E76E-7598-4358-B921-312C8B90D533}

2013-05-09 16:28 - 2013-05-09 16:28 - 00367104 ____A C:\Users\Ryan\Downloads\abc.ppt

2013-05-09 01:01 - 2013-05-09 01:01 - 00000000 ____D C:\Users\George\AppData\Local\{F2951D4D-ACBA-45E6-ADE5-3DBA2CE0B4F6}

2013-05-07 17:02 - 2013-05-07 17:02 - 00000000 ____D C:\Users\George\AppData\Local\{7C23E3FB-3396-47C8-AC45-F6CC5B7DD070}

2013-05-07 01:32 - 2013-05-07 01:32 - 00000000 ____D C:\Users\George\AppData\Local\{2E0B1F09-1F35-4ACE-860B-C16AF04B9D80}

2013-05-05 04:04 - 2013-05-05 04:04 - 00548376 ____A C:\Users\George\Desktop\Autoruns.zip

2013-05-05 03:55 - 2013-05-05 03:56 - 00915392 ____A (Antibody Software ) C:\Users\George\Desktop\wiztree_1_05_setup.exe

==================== One Month Modified Files and Folders =======

2013-06-04 21:19 - 2013-06-04 21:19 - 00000000 ____D C:\FRST

2013-06-04 01:38 - 2013-06-04 01:38 - 00000000 ____D C:\Windows\pss

2013-06-04 01:38 - 2010-09-12 03:44 - 01622601 ____A C:\Windows\WindowsUpdate.log

2013-06-04 01:35 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-04 01:35 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-04 01:28 - 2010-09-20 01:32 - 00000632 _RASH C:\Users\George\ntuser.pol

2013-06-04 01:28 - 2010-09-12 03:44 - 00000000 ____D C:\users\George

2013-06-04 01:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-04 01:27 - 2009-07-13 20:51 - 00159917 ____A C:\Windows\setupact.log

2013-06-04 01:09 - 2012-05-23 11:09 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-800631827-658899332-1411411241-1005UA.job

2013-06-04 00:09 - 2009-07-13 21:13 - 00739918 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-03 23:56 - 2012-04-15 03:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-03 17:45 - 2013-06-03 17:45 - 00000000 ____D C:\Users\George\AppData\Local\{902D4829-D698-4DFA-B67E-57A1CDEE4821}

2013-06-03 14:29 - 2010-09-20 18:33 - 00001230 _RASH C:\Users\Ryan\ntuser.pol

2013-06-03 14:29 - 2010-09-20 18:33 - 00000000 ____D C:\users\Ryan

2013-06-03 02:53 - 2013-06-03 02:52 - 00000000 ____D C:\Users\George\AppData\Local\{BA0082FF-B1AD-40DE-9120-DF2E2EA41030}

2013-06-02 18:43 - 2007-02-24 09:40 - 00664576 __ASH C:\Users\George\Desktop\Thumbs.db

2013-06-02 18:42 - 2013-06-02 18:41 - 60979307 ____A C:\Users\George\Desktop\Rachel Teeter MRI.zip

2013-06-02 16:25 - 2010-09-12 16:45 - 00000000 ____D C:\Users\George\AppData\Roaming\Skype

2013-06-02 16:01 - 2013-06-02 16:01 - 24675388 ____A C:\Users\George\Desktop\Is-Your-Worldview-Really-Biblical.zip

2013-06-02 16:01 - 2013-06-02 16:01 - 22825539 ____A C:\Users\George\Desktop\Dealing-with-Doubts.zip

2013-06-02 16:01 - 2013-06-02 16:01 - 16742446 ____A C:\Users\George\Desktop\The-Worldview-behind-Porn.zip

2013-06-02 15:15 - 2007-01-06 15:17 - 00000000 ____D C:\Users\George\Documents\Commentaries

2013-06-02 14:40 - 2013-06-02 14:40 - 00000000 ____D C:\Users\George\AppData\Local\{E5EFAFF6-E571-4E75-8B56-FC467E03FC7E}

2013-06-02 13:56 - 2012-01-21 13:47 - 00116544 ____R C:\Users\George\Documents\DataVault.dat

2013-06-02 13:56 - 2012-01-21 13:40 - 00000000 ____D C:\Users\George\Documents\Automatic backups

2013-06-02 13:50 - 2012-04-01 18:17 - 00000000 ____D C:\ProgramData\pdf995

2013-06-02 13:27 - 2008-07-13 04:04 - 00000000 ____D C:\Users\George\Documents\Career & Job

2013-06-02 13:20 - 2007-03-15 08:30 - 00000000 ____D C:\Users\George\Documents\Marriage, Family, & Parenting Info

2013-06-02 12:09 - 2012-05-23 11:09 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-800631827-658899332-1411411241-1005Core.job

2013-06-02 03:37 - 2013-06-02 03:37 - 00000000 ____D C:\Program Files\7-Zip

2013-06-02 03:32 - 2007-03-15 07:38 - 00000000 ____D C:\Users\George\Documents\Ryan Info

2013-06-02 02:39 - 2013-06-01 02:39 - 00000000 ____D C:\Users\George\AppData\Local\{209D4AE5-233F-4570-8CC6-15FACFEEC0F0}

2013-06-01 13:05 - 2011-04-16 14:31 - 00000000 ____D C:\ProgramData\CanonIJPLM

2013-05-31 13:35 - 2013-05-31 13:35 - 00903072 ____A (Oracle Corporation) C:\Users\Ryan\Downloads\jxpiinstall.exe

2013-05-30 18:51 - 2013-05-30 18:51 - 00138045 ____A C:\Users\George\Desktop\MindManagerTemplates.zip

2013-05-30 18:50 - 2013-05-30 18:50 - 00098573 ____A C:\Users\George\Desktop\WordTemplates.zip

2013-05-30 17:50 - 2013-05-30 17:50 - 00000000 ____D C:\Users\George\AppData\Local\{9B6809DC-FEB1-4D07-88DC-B59ADE0BF984}

2013-05-30 02:01 - 2013-05-30 02:01 - 00000000 ____D C:\Users\George\AppData\Local\{D1A0F778-92E4-48B6-9D02-86A61044C24D}

2013-05-29 02:40 - 2010-09-12 16:45 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-05-29 02:40 - 2010-09-12 16:45 - 00000000 ____D C:\ProgramData\Skype

2013-05-29 02:36 - 2007-01-06 09:36 - 00000000 ____D C:\Users\George\Documents\Work Files

2013-05-29 01:24 - 2013-05-29 01:24 - 00000000 ____D C:\Users\George\AppData\Local\{3790DE57-BA2E-4DD4-BCF8-208CC5DE5836}

2013-05-28 02:41 - 2013-05-24 04:54 - 00000000 ____D C:\Users\George\AppData\Local\{1E1765F9-1A14-4751-84A4-A6EE953190CD}

2013-05-27 17:16 - 2013-05-13 15:40 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype

2013-05-27 17:11 - 2013-05-27 17:11 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk

2013-05-25 04:15 - 2013-05-25 04:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-05-25 04:11 - 2013-05-25 04:11 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2013-05-25 04:11 - 2013-05-25 04:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-25 04:11 - 2013-05-25 04:08 - 00000000 ____D C:\Program Files\iTunes

2013-05-25 04:11 - 2013-05-25 04:08 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-05-25 04:08 - 2013-05-25 04:08 - 00000000 ____D C:\Program Files\iPod

2013-05-24 09:15 - 2007-03-15 08:25 - 00000000 ____D C:\Users\George\Documents\Health, Fitness, & Medical Info

2013-05-24 09:10 - 2011-02-19 12:41 - 00000000 ____D C:\Users\George\AppData\Roaming\TaxCut

2013-05-24 06:23 - 2007-03-15 07:26 - 00000000 ____D C:\Users\George\Documents\Miscellaneous

2013-05-23 16:53 - 2013-05-23 16:53 - 00000000 ____D C:\Users\George\AppData\Local\{C132B434-961F-49C9-A2C6-F00C71253D30}

2013-05-23 02:24 - 2013-05-23 02:24 - 00000000 ____D C:\Program Files (x86)\DataVault

2013-05-22 16:11 - 2013-05-22 16:11 - 00000000 ____D C:\Users\George\AppData\Local\{C64EDFD8-9E36-44AE-BBF3-B09C136ABA39}

2013-05-22 02:50 - 2013-05-22 02:50 - 00000000 ____D C:\Users\George\AppData\Local\{F6AE6F3B-BDCA-4255-87B6-99852297AA29}

2013-05-21 12:40 - 2012-04-25 02:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-05-21 01:52 - 2013-05-19 04:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2013-05-21 01:47 - 2013-05-21 01:47 - 00000000 ____D C:\Users\George\AppData\Local\{E71B5DAF-BB74-4E1B-B9E2-5618F3CD0663}

2013-05-19 17:11 - 2007-03-15 07:38 - 00000000 ____D C:\Users\George\Documents\Rachel Info

2013-05-19 14:21 - 2013-05-19 02:20 - 00000000 ____D C:\Users\George\AppData\Local\{0F458B13-B7B9-4884-838E-204BD9D425D9}

2013-05-19 02:28 - 2011-12-17 15:42 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster

2013-05-18 02:31 - 2012-09-15 02:43 - 00000000 __SHD C:\Users\George\UserData

2013-05-18 01:51 - 2013-05-18 01:51 - 00000000 ____D C:\Users\George\AppData\Local\{C7C4C4A7-F508-4148-B3A7-CD9A68E94706}

2013-05-15 16:18 - 2013-05-15 16:18 - 00000000 ____D C:\Users\George\AppData\Local\{2772B1D2-EDA1-45D2-85F2-F7424A1EA9C6}

2013-05-15 13:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-05-15 02:15 - 2010-09-12 10:53 - 00000000 __SHD C:\Users\George\IECompatCache

2013-05-15 02:14 - 2010-09-12 10:53 - 00000000 __SHD C:\Users\George\PrivacIE

2013-05-15 02:14 - 2010-09-12 10:23 - 00000000 __SHD C:\Users\George\IETldCache

2013-05-15 02:11 - 2010-09-12 04:05 - 00161714 ____A C:\Windows\PFRO.log

2013-05-15 02:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-05-15 01:56 - 2013-05-15 01:48 - 00007201 ____A C:\Windows\IE10_main.log

2013-05-15 01:56 - 2012-04-15 03:02 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-15 01:56 - 2011-05-16 17:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-15 01:52 - 2013-05-15 01:52 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-15 01:52 - 2013-05-15 01:52 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-15 01:52 - 2013-05-15 01:52 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-15 01:52 - 2013-05-15 01:52 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-15 01:52 - 2013-05-15 01:52 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-05-15 01:52 - 2013-05-15 01:52 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-05-15 01:52 - 2013-05-15 01:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-05-15 01:52 - 2013-05-15 01:52 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-05-15 01:52 - 2013-05-15 01:52 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-05-15 01:52 - 2013-05-15 01:52 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-05-15 01:52 - 2013-05-15 01:52 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-05-15 01:52 - 2013-05-15 01:52 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-05-15 01:52 - 2013-05-15 01:52 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-05-15 01:51 - 2013-05-15 01:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-15 01:51 - 2013-04-11 17:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak

2013-05-15 01:28 - 2009-07-13 20:45 - 00311544 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-15 01:16 - 2010-09-12 03:53 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 00:57 - 2013-05-15 00:57 - 00000000 ____D C:\Users\George\AppData\Local\{7C1825D3-3065-48BF-B921-9F31D5EC664B}

2013-05-14 12:12 - 2013-05-10 15:13 - 00000000 ____D C:\Users\George\AppData\Local\{90F3E76E-7598-4358-B921-312C8B90D533}

2013-05-10 20:09 - 2010-09-26 11:22 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Mozilla

2013-05-09 16:28 - 2013-05-09 16:28 - 00367104 ____A C:\Users\Ryan\Downloads\abc.ppt

2013-05-09 01:01 - 2013-05-09 01:01 - 00000000 ____D C:\Users\George\AppData\Local\{F2951D4D-ACBA-45E6-ADE5-3DBA2CE0B4F6}

2013-05-07 17:02 - 2013-05-07 17:02 - 00000000 ____D C:\Users\George\AppData\Local\{7C23E3FB-3396-47C8-AC45-F6CC5B7DD070}

2013-05-07 01:32 - 2013-05-07 01:32 - 00000000 ____D C:\Users\George\AppData\Local\{2E0B1F09-1F35-4ACE-860B-C16AF04B9D80}

2013-05-05 15:29 - 2013-05-04 03:10 - 00000000 ____D C:\Users\George\AppData\Local\{DAB8F31F-BAF4-4CE1-AAD3-7503B5BFA0C4}

2013-05-05 04:04 - 2013-05-05 04:04 - 00548376 ____A C:\Users\George\Desktop\Autoruns.zip

2013-05-05 03:56 - 2013-05-05 03:55 - 00915392 ____A (Antibody Software ) C:\Users\George\Desktop\wiztree_1_05_setup.exe

Files to move or delete:

====================

C:\Users\George\PCPE Setup.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 4029.92 MB

Available physical RAM: 3439.23 MB

Total Pagefile: 4028.07 MB

Available Pagefile: 3442.41 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:293.39 GB) (Free:106.93 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]

Drive i: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

Drive j: (Cruzer) (Removable) (Total:14.92 GB) (Free:11.64 GB) FAT32 (Disk=5 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E686F016)

Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)

Partition 2: (Active) - (Size=293 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=5 GB) - (Type=DB)

========================================================

Disk: 5 (Size: 15 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

Last Boot: 2013-06-03 17:10

==================== End Of Log ============================

Link to post
Share on other sites

Hello and welcome to the MalwareBytes forums.

My name is Maurice Naggar.

I will be helping you today.

If this is not your computer, or if it belongs to a company or organization then please Stop and tell me.

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

Please carefully follow this procedure

Please download the attached fixlist.txt and SAVE / copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on this particular system. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

After that is completed, remove the USB-flash-thumb drive, plus any CD/DVD, plus disconnect any external storage drive.

Restart Windows fresh. For our purposes, normal mode Windows will do fine. Simply be sure to login with an administrator-level-rights account.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Task 3

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/index.php?showtopic=114351

Do NOT turn off the firewall

Double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

When done, DDS will open two (2) logs: DDS.txt & Attach.txt

Save both reports to your desktop.

Please attach following logs in your next reply:

DDS.txt

Attach.txt

NEXT:

Download & SAVE to your Desktop Tigzy's RogueKiller http://tigzy.geekstogo.com/Tools/RogueKiller.exe

Quit all programs that you may have started.

Please disconnect any USB or external storage drives from the computer before you run this scan!

For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

For Windows XP, double-click to start.

When prompted to accept the EULA, please do so.

Wait until Prescan has finished ... <<-----

Then Click on Scan button at upper right of screen.

Wait until the Status box shows "Scan Finished"

Attach the log into your next reply.

The log should be found in RKreport[1].txt on your Desktop

Do NOT press any Fix button.

Exit/Close RogueKiller

Fixlist.txt

Link to post
Share on other sites

Hi Maurice, I've resolved the issue while waiting for a reply. Here's the steps I took just in case anyone else runs into a similar issue:

- Ran CHKDSK again -- it found more disk errors that it corrected

- Ran CHKDSK again -- no errors

- Swapped to a different keyboard -- now the keyboard works all the time

- Ran Kaspersky Rescue Disk -- no issues found

- At this point, I'm still not able to boot into safe or normal mode

- Ran System Restore from backup on external drive

- NOW, able to boot in safe mode

- Ran Malwarebytes (full scan) -- found no issues

- Able to boot into Normal mode

However, the system still appeared to be unstable. Froze on Windows Update for example requiring a hard boot. Was not abe to consistently boot up with doing a system repair. So at this point, I thought the issue was the hard drive, not malware. I replaced the hard drive with a new one, restored a system image from a month ago, and then attached the old drive as a slave to the new one. I was then able to transfer new & updated files since the backup to the new hard drive from the old one.

I then ran Western Digital's Drive Diagnostics on the old drive. It determined the drive was definitely defective and needed to be replaced. Thankfully, it was functional enough to get files off of it.

I also confirmed through scans that there wasn't any malware on the system.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.