Police Central E-crime unit - Ran FRST.exe, FRST.txt attached.

[jaemorris]

Hello folks,

 

I have the police cnetral e crime unit virus/malware on my other laptop, i cannot access any safemode at all. I have however downloaded FRST and used it in the 'repair the computer' mode. I still cannot get onto my windows though, Here is the log saved after running FRST.

 

Please help me someone

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2013 01

Ran by SYSTEM on 10-07-2013 14:11:28

Running from F:\

Windows 7 Home Premium (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7723552 2009-08-25] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-25] (Synaptics Incorporated)

HKLM\...\Run: [MDS_Menu] - "C:\Program Files\CyberLink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0" [218408 2009-02-25] (CyberLink Corp.)

HKLM\...\Run: [CLMLServer] - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)

HKLM\...\Run: [updateP2GoShortCut] - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM\...\Run: [uCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM\...\Run: [YouCam Mirror Tray icon] - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s [162912 2009-07-31] (CyberLink Corp.)

HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [246504 2010-01-11] (Sun Microsystems, Inc.)

HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)

HKLM\...\Run: [igfxTray] - C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation)

HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)

HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM\...\Run: [sweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-05-29] (SweetIM Technologies Ltd.)

HKLM\...\Run: [sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)

HKLM\...\Run: [instaLAN] - "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1485208 2010-07-28] (Affinegy, Inc.)

HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe, [x]

HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)

HKU\James\...\Run: [Reminder] - C:\Program Files\TTG\Reminder\Reminder.exe [ 2009-08-26] (DSG Retail Ltd)

HKU\James\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

HKU\James\...\Run: [msnmsgr] - ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [ 2010-11-09] (Microsoft Corporation)

HKU\James\...\Run: [skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2012-07-13] (Skype Technologies S.A.)

HKU\James\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\James\AppData\Local\Temp\chfpvmwwcmratcecy.exe [ 2013-07-09] (NVIDIA Corporation) <===== ATTENTION

HKU\James\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [ 2013-06-26] (Adobe Systems Incorporated)

HKU\James\...\Winlogon: [shell] cmd.exe [ 2009-07-13] (Microsoft Corporation) <==== ATTENTION 

HKU\James\...\Command Processor: "C:\Users\James\AppData\Local\Temp\chfpvmwwcmratcecy.exe" <===== ATTENTION!

Startup: C:\ProgramData\Start Menu\Programs\Startup\Launch.lnk

ShortcutTarget: Launch.lnk -> C:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\OSD.lnk

ShortcutTarget: OSD.lnk -> C:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_CCB0CAEC2D875359E0C287.exe ()

Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

ShortcutTarget: BBC iPlayer Desktop.lnk ->  (No File)

Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

 

========================== Services (Whitelisted) =================

 

S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)

S2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-12] (Symantec Corporation)

S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-05-27] ()

S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)

 

==================== Drivers (Whitelisted) ====================

 

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [997464 2013-01-15] (Symantec Corporation)

S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)

S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-13] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-13] (Symantec Corporation)

S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130123.001\IDSvix86.sys [386720 2012-08-31] (Symantec Corporation)

S2 LiveGpdKBFilter; C:\Windows\System32\Drivers\LiveGpdKBFilter.sys [4096 2009-05-06] (Windows ® Win 7 DDK provider)

S2 LiveIO; C:\Windows\System32\Drivers\LiveIO.sys [15312 2009-05-11] ()

S3 Livekbc; C:\Windows\System32\Drivers\Livekbc.sys [4096 2009-05-06] (Systems Internals)

S3 Livemouclass; C:\Windows\System32\Drivers\Livemouclass.sys [3968 2009-05-06] (Systems Internals)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130124.003\NAVENG.SYS [93296 2013-01-16] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130124.003\NAVEX15.SYS [1603824 2013-01-16] (Symantec Corporation)

S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [372224 2009-07-01] (Realtek Semiconductor Corporation                           )

S3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)

S1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)

S0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)

S0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-03-26] (Symantec Corporation)

S1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-17] (Symantec Corporation)

S1 SymNetS; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMNETS.SYS [318584 2012-04-17] (Symantec Corporation)

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-07-10 14:11 - 2013-07-10 14:11 - 00000000 ____D C:\FRST

2013-07-09 10:27 - 2013-07-09 10:27 - 01038471 ____A C:\ProgramData\2433f433

2013-07-09 10:27 - 2013-07-09 10:27 - 01038451 ____A C:\Users\James\AppData\Roaming\2433f433

2013-07-09 10:27 - 2013-07-09 10:27 - 01038441 ____A C:\Users\James\AppData\Local\2433f433

2013-06-26 13:11 - 2013-06-26 13:11 - 00000000 ____D C:\46ef2915d5a09bbbf03aad1123b9f5

2013-06-26 08:56 - 2013-06-26 08:57 - 00000000 ____D C:\Users\James\AppData\Local\{C0E71DF7-5697-41C6-91F5-CF12101EE6AF}

2013-06-25 08:40 - 2013-06-25 08:40 - 00000000 ____D C:\Users\James\AppData\Local\{56BAAA61-7191-4E3D-B0FD-2F9A512248FE}

2013-06-24 13:18 - 2013-06-24 13:18 - 00000000 ____D C:\Windows\System32\SPReview

2013-06-19 13:03 - 2013-06-19 13:04 - 00000000 ____D C:\Users\James\AppData\Local\{5EB1D08C-AA8E-4E8B-AEAB-8F8CED3A031F}

2013-06-15 10:11 - 2013-06-24 13:15 - 00080384 ____A C:\Users\James\Documents\June Expense Claim.xls

2013-06-15 10:04 - 2013-06-15 10:04 - 00080384 ____A C:\Users\James\Documents\April Expense Claim.xls

2013-06-15 10:01 - 2013-06-15 10:01 - 00000000 ____D C:\Users\James\AppData\Local\{6C1CC063-0295-4C6F-91DF-09EC30D0BF62}

2013-06-15 09:33 - 2013-06-15 09:33 - 00082432 ____A C:\Users\James\Documents\Feb petrol expenses.xls

2013-06-15 09:12 - 2013-06-15 09:12 - 00080384 ____A C:\Users\James\Documents\Expense Claim NEW.xls

 

==================== One Month Modified Files and Folders =======

 

2013-07-10 14:11 - 2013-07-10 14:11 - 00000000 ____D C:\FRST

2013-07-10 04:52 - 2011-05-24 04:32 - 00000435 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2013-07-10 04:52 - 2010-02-05 10:59 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-07-10 04:51 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-07-10 04:51 - 2009-07-13 20:39 - 00157345 ____A C:\Windows\setupact.log

2013-07-10 04:47 - 2010-02-05 10:59 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-07-10 04:43 - 2009-12-25 02:20 - 00000000 ____D C:\users\James

2013-07-09 10:49 - 2009-12-25 02:20 - 01338782 ____A C:\Windows\WindowsUpdate.log

2013-07-09 10:43 - 2009-07-13 20:34 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-09 10:43 - 2009-07-13 20:34 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-09 10:27 - 2013-07-09 10:27 - 01038471 ____A C:\ProgramData\2433f433

2013-07-09 10:27 - 2013-07-09 10:27 - 01038451 ____A C:\Users\James\AppData\Roaming\2433f433

2013-07-09 10:27 - 2013-07-09 10:27 - 01038441 ____A C:\Users\James\AppData\Local\2433f433

2013-07-09 10:16 - 2012-09-15 04:57 - 00000000 ___RD C:\Program Files\Skype

2013-07-09 10:16 - 2012-09-15 04:57 - 00000000 ____D C:\ProgramData\Skype

2013-07-09 10:15 - 2012-10-03 08:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-07-04 09:34 - 2012-09-15 04:58 - 00000000 ____D C:\Users\James\AppData\Roaming\Skype

2013-07-04 09:34 - 2010-07-09 10:26 - 00000000 ____D C:\Users\James\AppData\Roaming\LimeWire

2013-07-04 09:34 - 2009-12-25 14:00 - 00000000 ____D C:\Users\James\Tracing

2013-06-26 13:11 - 2013-06-26 13:11 - 00000000 ____D C:\46ef2915d5a09bbbf03aad1123b9f5

2013-06-26 12:52 - 2009-12-25 02:27 - 00000000 ____D C:\Users\James\AppData\Local\Google

2013-06-26 09:56 - 2012-10-03 08:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-26 09:56 - 2012-10-03 08:45 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-26 08:57 - 2013-06-26 08:56 - 00000000 ____D C:\Users\James\AppData\Local\{C0E71DF7-5697-41C6-91F5-CF12101EE6AF}

2013-06-26 08:57 - 2010-12-23 07:32 - 00000000 ____D C:\Users\James\AppData\Local\Windows Live

2013-06-25 08:40 - 2013-06-25 08:40 - 00000000 ____D C:\Users\James\AppData\Local\{56BAAA61-7191-4E3D-B0FD-2F9A512248FE}

2013-06-24 13:42 - 2012-10-03 08:46 - 00002136 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-06-24 13:18 - 2013-06-24 13:18 - 00000000 ____D C:\Windows\System32\SPReview

2013-06-24 13:16 - 2010-12-28 02:08 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps

2013-06-24 13:15 - 2013-06-15 10:11 - 00080384 ____A C:\Users\James\Documents\June Expense Claim.xls

2013-06-19 13:04 - 2013-06-19 13:03 - 00000000 ____D C:\Users\James\AppData\Local\{5EB1D08C-AA8E-4E8B-AEAB-8F8CED3A031F}

2013-06-15 10:04 - 2013-06-15 10:04 - 00080384 ____A C:\Users\James\Documents\April Expense Claim.xls

2013-06-15 10:01 - 2013-06-15 10:01 - 00000000 ____D C:\Users\James\AppData\Local\{6C1CC063-0295-4C6F-91DF-09EC30D0BF62}

2013-06-15 09:33 - 2013-06-15 09:33 - 00082432 ____A C:\Users\James\Documents\Feb petrol expenses.xls

2013-06-15 09:25 - 2013-05-15 12:53 - 00081920 ____A C:\Users\James\Documents\March Expense Claim.xls

2013-06-15 09:21 - 2013-05-15 12:27 - 00081920 ____A C:\Users\James\Documents\November Expense Claim.xls

2013-06-15 09:20 - 2013-05-15 12:36 - 00081408 ____A C:\Users\James\Documents\December Expense Claim.xls

2013-06-15 09:19 - 2013-05-15 12:47 - 00081408 ____A C:\Users\James\Documents\January Expense Claim.xls

2013-06-15 09:12 - 2013-06-15 09:12 - 00080384 ____A C:\Users\James\Documents\Expense Claim NEW.xls

2013-06-15 09:02 - 2009-08-03 00:18 - 00732638 ____A C:\Windows\System32\PerfStringBackup.INI

 

==================== Known DLLs (Whitelisted) ============

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2012-12-13 01:46] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

 

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

Restore point made on: 2013-06-24 13:18:53

Restore point made on: 2013-06-26 09:07:10

Restore point made on: 2013-06-26 13:11:35

Restore point made on: 2013-07-04 09:38:24

Restore point made on: 2013-07-04 09:45:25

Restore point made on: 2013-07-09 10:47:08

 

==================== Memory info =========================== 

 

Percentage of memory in use: 15%

Total physical RAM: 4028.89 MB

Available physical RAM: 3406.09 MB

Total Pagefile: 4027.17 MB

Available Pagefile: 3421.35 MB

Total Virtual: 2047.88 MB

Available Virtual: 1929.21 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:456.48 GB) (Free:393.73 GB) NTFS

Drive f: () (Removable) (Total:1.9 GB) (Free:1.09 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System) (Fixed) (Total:9.28 GB) (Free:4.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CFA505BF)

Partition 1: (Active) - (Size=9 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B)

Partition 1: (Not Active) - (Size=544 GB) - (Type=72)

Partition 2: (Not Active) - (Size=923 GB) - (Type=65)

Partition 3: (Not Active) - (Size=923 GB) - (Type=79)

Partition 4: (Not Active) - (Size=-336763289600) - (Type=0D)

 

 

LastRegBack: 2013-06-25 08:57

 

==================== End Of Log ============================

 

Regards

Jamie

[Maniac]

Hello Jamie and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKU\James\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\James\AppData\Local\Temp\chfpvmwwcmratcecy.exe [ 2013-07-09] (NVIDIA Corporation) <===== ATTENTION

HKU\James\...\Winlogon: [shell] cmd.exe [ 2009-07-13] (Microsoft Corporation) <==== ATTENTION

HKU\James\...\Command Processor: "C:\Users\James\AppData\Local\Temp\chfpvmwwcmratcecy.exe" <===== ATTENTION!

2013-07-09 10:27 - 2013-07-09 10:27 - 01038471 ____A C:\ProgramData\2433f433

2013-07-09 10:27 - 2013-07-09 10:27 - 01038451 ____A C:\Users\James\AppData\Roaming\2433f433

2013-07-09 10:27 - 2013-07-09 10:27 - 01038441 ____A C:\Users\James\AppData\Local\2433f433

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

[jaemorris]

Hello Maniac, Thank you for such a swift response.

 

I have followed the steps and this is the text from the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-07-2013 01

Ran by SYSTEM at 2013-07-10 15:28:21 Run:1

Running from F:\

Boot Mode: Recovery

 

==============================================

 

HKU\James\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.

HKU\James\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKU\James\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.

C:\ProgramData\2433f433 => Moved successfully.

C:\Users\James\AppData\Roaming\2433f433 => Moved successfully.

C:\Users\James\AppData\Local\2433f433 => Moved successfully.

 

==== End of Fixlog ====

 

Have rebooted the laptop and the same screen still has the 'police central e-crime unit' come up

 

Please help =] 

[Maniac]

Please generate a new fresh FRST log file.

[jaemorris]

Excuse my ignorance Maniac, How do i generate a new log file?!

 

regards

[Maniac]

It is the same way you already post the first log file from FRST at the beginning in this thread.

[jaemorris]

I've gone back into the command prompt in 'repair the computer' and ran F:\FRST again, and its created a new log which im copying in below. should I have created a new log after i hit 'fix' button? if so shall i peform the fix.txt again?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2013 01

Ran by SYSTEM on 10-07-2013 16:46:47

Running from F:\

Windows 7 Home Premium (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7723552 2009-08-25] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-25] (Synaptics Incorporated)

HKLM\...\Run: [MDS_Menu] - "C:\Program Files\CyberLink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0" [218408 2009-02-25] (CyberLink Corp.)

HKLM\...\Run: [CLMLServer] - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)

HKLM\...\Run: [updateP2GoShortCut] - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM\...\Run: [uCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM\...\Run: [YouCam Mirror Tray icon] - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s [162912 2009-07-31] (CyberLink Corp.)

HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [246504 2010-01-11] (Sun Microsystems, Inc.)

HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)

HKLM\...\Run: [igfxTray] - C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation)

HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)

HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM\...\Run: [sweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-05-29] (SweetIM Technologies Ltd.)

HKLM\...\Run: [sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)

HKLM\...\Run: [instaLAN] - "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1485208 2010-07-28] (Affinegy, Inc.)

HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe, [x]

HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-13] (Microsoft Corporation)

HKU\James\...\Run: [Reminder] - C:\Program Files\TTG\Reminder\Reminder.exe [ 2009-08-26] (DSG Retail Ltd)

HKU\James\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

HKU\James\...\Run: [msnmsgr] - ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [ 2010-11-09] (Microsoft Corporation)

HKU\James\...\Run: [skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2012-07-13] (Skype Technologies S.A.)

HKU\James\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [ 2013-06-26] (Adobe Systems Incorporated)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Launch.lnk

ShortcutTarget: Launch.lnk -> C:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\OSD.lnk

ShortcutTarget: OSD.lnk -> C:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_CCB0CAEC2D875359E0C287.exe ()

Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

ShortcutTarget: BBC iPlayer Desktop.lnk ->  (No File)

Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

 

========================== Services (Whitelisted) =================

 

S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)

S2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-12] (Symantec Corporation)

S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2009-05-27] ()

S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)

 

==================== Drivers (Whitelisted) ====================

 

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [997464 2013-01-15] (Symantec Corporation)

S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)

S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-13] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-13] (Symantec Corporation)

S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130123.001\IDSvix86.sys [386720 2012-08-31] (Symantec Corporation)

S2 LiveGpdKBFilter; C:\Windows\System32\Drivers\LiveGpdKBFilter.sys [4096 2009-05-06] (Windows ® Win 7 DDK provider)

S2 LiveIO; C:\Windows\System32\Drivers\LiveIO.sys [15312 2009-05-11] ()

S3 Livekbc; C:\Windows\System32\Drivers\Livekbc.sys [4096 2009-05-06] (Systems Internals)

S3 Livemouclass; C:\Windows\System32\Drivers\Livemouclass.sys [3968 2009-05-06] (Systems Internals)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130124.003\NAVENG.SYS [93296 2013-01-16] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130124.003\NAVEX15.SYS [1603824 2013-01-16] (Symantec Corporation)

S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [372224 2009-07-01] (Realtek Semiconductor Corporation                           )

S3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)

S1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)

S0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)

S0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-03-26] (Symantec Corporation)

S1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-17] (Symantec Corporation)

S1 SymNetS; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMNETS.SYS [318584 2012-04-17] (Symantec Corporation)

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-07-10 14:11 - 2013-07-10 14:11 - 00000000 ____D C:\FRST

2013-06-26 13:11 - 2013-06-26 13:11 - 00000000 ____D C:\46ef2915d5a09bbbf03aad1123b9f5

2013-06-26 08:56 - 2013-06-26 08:57 - 00000000 ____D C:\Users\James\AppData\Local\{C0E71DF7-5697-41C6-91F5-CF12101EE6AF}

2013-06-25 08:40 - 2013-06-25 08:40 - 00000000 ____D C:\Users\James\AppData\Local\{56BAAA61-7191-4E3D-B0FD-2F9A512248FE}

2013-06-24 13:18 - 2013-06-24 13:18 - 00000000 ____D C:\Windows\System32\SPReview

2013-06-19 13:03 - 2013-06-19 13:04 - 00000000 ____D C:\Users\James\AppData\Local\{5EB1D08C-AA8E-4E8B-AEAB-8F8CED3A031F}

2013-06-15 10:11 - 2013-06-24 13:15 - 00080384 ____A C:\Users\James\Documents\June Expense Claim.xls

2013-06-15 10:04 - 2013-06-15 10:04 - 00080384 ____A C:\Users\James\Documents\April Expense Claim.xls

2013-06-15 10:01 - 2013-06-15 10:01 - 00000000 ____D C:\Users\James\AppData\Local\{6C1CC063-0295-4C6F-91DF-09EC30D0BF62}

2013-06-15 09:33 - 2013-06-15 09:33 - 00082432 ____A C:\Users\James\Documents\Feb petrol expenses.xls

2013-06-15 09:12 - 2013-06-15 09:12 - 00080384 ____A C:\Users\James\Documents\Expense Claim NEW.xls

 

==================== One Month Modified Files and Folders =======

 

2013-07-10 14:11 - 2013-07-10 14:11 - 00000000 ____D C:\FRST

2013-07-10 06:34 - 2009-12-25 02:20 - 01340836 ____A C:\Windows\WindowsUpdate.log

2013-07-10 06:34 - 2009-07-13 20:34 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-10 06:34 - 2009-07-13 20:34 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-10 06:31 - 2011-05-24 04:32 - 00000435 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2013-07-10 06:31 - 2010-02-05 10:59 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-07-10 06:31 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-07-10 06:30 - 2009-07-13 20:39 - 00157457 ____A C:\Windows\setupact.log

2013-07-10 04:47 - 2010-02-05 10:59 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-07-10 04:43 - 2009-12-25 02:20 - 00000000 ____D C:\users\James

2013-07-09 10:16 - 2012-09-15 04:57 - 00000000 ___RD C:\Program Files\Skype

2013-07-09 10:16 - 2012-09-15 04:57 - 00000000 ____D C:\ProgramData\Skype

2013-07-09 10:15 - 2012-10-03 08:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-07-04 09:34 - 2012-09-15 04:58 - 00000000 ____D C:\Users\James\AppData\Roaming\Skype

2013-07-04 09:34 - 2010-07-09 10:26 - 00000000 ____D C:\Users\James\AppData\Roaming\LimeWire

2013-07-04 09:34 - 2009-12-25 14:00 - 00000000 ____D C:\Users\James\Tracing

2013-06-26 13:11 - 2013-06-26 13:11 - 00000000 ____D C:\46ef2915d5a09bbbf03aad1123b9f5

2013-06-26 12:52 - 2009-12-25 02:27 - 00000000 ____D C:\Users\James\AppData\Local\Google

2013-06-26 09:56 - 2012-10-03 08:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-26 09:56 - 2012-10-03 08:45 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-26 08:57 - 2013-06-26 08:56 - 00000000 ____D C:\Users\James\AppData\Local\{C0E71DF7-5697-41C6-91F5-CF12101EE6AF}

2013-06-26 08:57 - 2010-12-23 07:32 - 00000000 ____D C:\Users\James\AppData\Local\Windows Live

2013-06-25 08:40 - 2013-06-25 08:40 - 00000000 ____D C:\Users\James\AppData\Local\{56BAAA61-7191-4E3D-B0FD-2F9A512248FE}

2013-06-24 13:42 - 2012-10-03 08:46 - 00002136 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-06-24 13:18 - 2013-06-24 13:18 - 00000000 ____D C:\Windows\System32\SPReview

2013-06-24 13:16 - 2010-12-28 02:08 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps

2013-06-24 13:15 - 2013-06-15 10:11 - 00080384 ____A C:\Users\James\Documents\June Expense Claim.xls

2013-06-19 13:04 - 2013-06-19 13:03 - 00000000 ____D C:\Users\James\AppData\Local\{5EB1D08C-AA8E-4E8B-AEAB-8F8CED3A031F}

2013-06-15 10:04 - 2013-06-15 10:04 - 00080384 ____A C:\Users\James\Documents\April Expense Claim.xls

2013-06-15 10:01 - 2013-06-15 10:01 - 00000000 ____D C:\Users\James\AppData\Local\{6C1CC063-0295-4C6F-91DF-09EC30D0BF62}

2013-06-15 09:33 - 2013-06-15 09:33 - 00082432 ____A C:\Users\James\Documents\Feb petrol expenses.xls

2013-06-15 09:25 - 2013-05-15 12:53 - 00081920 ____A C:\Users\James\Documents\March Expense Claim.xls

2013-06-15 09:21 - 2013-05-15 12:27 - 00081920 ____A C:\Users\James\Documents\November Expense Claim.xls

2013-06-15 09:20 - 2013-05-15 12:36 - 00081408 ____A C:\Users\James\Documents\December Expense Claim.xls

2013-06-15 09:19 - 2013-05-15 12:47 - 00081408 ____A C:\Users\James\Documents\January Expense Claim.xls

2013-06-15 09:12 - 2013-06-15 09:12 - 00080384 ____A C:\Users\James\Documents\Expense Claim NEW.xls

2013-06-15 09:02 - 2009-08-03 00:18 - 00732638 ____A C:\Windows\System32\PerfStringBackup.INI

 

==================== Known DLLs (Whitelisted) ============

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2012-12-13 01:46] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

 

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

Restore point made on: 2013-06-24 13:18:53

Restore point made on: 2013-06-26 09:07:10

Restore point made on: 2013-06-26 13:11:35

Restore point made on: 2013-07-04 09:38:24

Restore point made on: 2013-07-04 09:45:25

Restore point made on: 2013-07-09 10:47:08

 

==================== Memory info =========================== 

 

Percentage of memory in use: 15%

Total physical RAM: 4028.89 MB

Available physical RAM: 3407.8 MB

Total Pagefile: 4027.17 MB

Available Pagefile: 3418.16 MB

Total Virtual: 2047.88 MB

Available Virtual: 1941.91 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:456.48 GB) (Free:393.73 GB) NTFS

Drive f: () (Removable) (Total:1.9 GB) (Free:1.09 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System) (Fixed) (Total:9.28 GB) (Free:4.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CFA505BF)

Partition 1: (Active) - (Size=9 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B)

Partition 1: (Not Active) - (Size=544 GB) - (Type=72)

Partition 2: (Not Active) - (Size=923 GB) - (Type=65)

Partition 3: (Not Active) - (Size=923 GB) - (Type=79)

Partition 4: (Not Active) - (Size=-336763289600) - (Type=0D)

 

 

LastRegBack: 2013-06-25 08:57

 

==================== End Of Log ============================

 

regards

[Maniac]

Boot back into System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

volsnap.sys

Click Search button and post the log (Search.txt) it makes to your reply.

[Maniac]

The script was updated. Sorry!

[jaemorris]

Results from searching Volsnap.sys

 

Farbar Recovery Scan Tool (x86) Version: 09-07-2013 01

Ran by SYSTEM at 2013-07-10 17:13:10

Running from F:\

Boot Mode: Recovery

 

================== Search: "volsnap.sys" ===================

 

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

[2012-04-16 02:41] - [2010-11-20 04:30] - 0245632 ____A (Microsoft Corporation) F497F67932C6FA693D7DE2780631CFE7

 

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.21320_none_16526fd7765a2629\volsnap.sys

[2012-12-13 01:46] - [2012-09-06 11:18] - 0245616 ____A (Microsoft Corporation) 295954C522A057D3E590EE38246789CE

 

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.17122_none_15cad1ba5d3abbe6\volsnap.sys

[2012-12-13 01:46] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

 

C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

[2009-07-13 15:11] - [2009-07-13 17:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FD

 

C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_73593b5de1f7705b\volsnap.sys

[2012-12-13 01:46] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

 

C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys

[2009-07-13 15:11] - [2009-07-13 17:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FD

 

C:\Windows\System32\drivers\volsnap.sys

[2012-12-13 01:46] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

 

C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

[2011-06-21 04:53] - [2010-11-20 04:30] - 0245632 ____A (Microsoft Corporation) F497F67932C6FA693D7DE2780631CFE7

 

=== End Of Search ===

[jaemorris]

bump

[Maniac]

Don't bump your thread. I'm not here all the time, but monitor your thread too.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys C:\Windows\System32\Drivers\volsnap.sys

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!