Jump to content

Moneypak FBI Virus white screen


Recommended Posts

I've looked through a few of the previous topics on this, and ran the frst.exe scan already.  The log I received follow.  Please help!  Thanks

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 15:39:46
Running from G:\
Windows Vista ™ Ultimate (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet004
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2007-05-24] ( )
HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-26] (Intel Corporation)
HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-01-12] (Google)
HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-10-09] ( )
HKLM\...\Run: [DellSupportCenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM\...\Run: [NMSSupport] - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [439512 2007-06-27] (Intel Corporation)
HKLM\...\Run: [CCUTRAYICON] - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [215256 2007-06-27] (Intel® Corporation)
HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-05-06] (SigmaTel, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [56080 2007-04-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [seagate Dashboard] - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2010-07-06] ()
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [ApnUpdater] - "C:\Program Files\Ask.com\Updater\Updater.exe" [x]
HKLM\...\Run: [sendori Tray] - C:\Program Files\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [295512 2013-05-03] (RealNetworks, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe
HKU\Administrator\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\chagedorn\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\gisuser\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\IUSR_NMPR\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\JimH\...\Run: [DellSupportCenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [ 2009-05-21] (SupportSoft, Inc.)
HKU\JimH\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\JimH.NETRONLINE\...\Run: [DellSupportCenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [ 2009-05-21] (SupportSoft, Inc.)
HKU\JimH.NETRONLINE\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\JimH.NETRONLINE\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2007-08-30] (Macrovision Corporation)
HKU\JimH.NETRONLINE\...\Run: [Google Update] - C:\Users\JimH.NETRONLINE\AppData\Local\Google\Update\GoogleUpdate.exe [ 2009-05-06] (Google Inc.)
HKU\JimH.NETRONLINE\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [ 2010-03-30] ()
HKU\JimH.NETRONLINE\...\Run: [Akamai NetSession Interface] - C:\Users\JimH.NETRONLINE\AppData\Local\Akamai\netsession_win.exe [ 2013-06-05] (Akamai Technologies, Inc.)
HKU\JimH.NETRONLINE\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\JimH.NETRONLINE\...\Winlogon: [shell] C:\Users\JimH.NETRONLINE\AppData\Roaming\dlc.xmm,explorer.exe <==== ATTENTION
BootExecute: autocheck autochk * lsdelete

========================== Services (Whitelisted) =================

S2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
S2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [223448 2007-06-27] (Intel® Corporation)
S2 Application Sendori; C:\Program Files\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S3 DHTRACE; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [39640 2007-06-27] (Intel® Corporation)
S2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2007-02-12] ()
S2 FLEXlm Service 1; C:\Program Files\Leica Geosystems\Shared\bin\ntx86\lmgrd.exe [1443632 2013-03-26] (Flexera Software LLC)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-01-12] (Google)
S2 gupdate1c99048f72006a8; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-16] (Google Inc.)
S2 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [59096 2007-06-27] (Intel® Corporation)
S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-21] (Lavasoft Limited                                                  )
S2 lmadmin; C:\Program Files\FlexNet Publisher License Server Manager\lmadmin.exe [8027952 2013-03-20] (Flexera Software LLC)
S2 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [268504 2007-06-27] ()
S2 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [157912 2007-06-27] (Intel® Corporation)
S2 NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [317656 2007-06-27] (Intel® Corporation)
S2 QualityManager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [272600 2007-06-27] (Intel® Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S2 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [446680 2007-06-27] (Intel® Corporation)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-07-06] (Memeo)
S2 Service Sendori; C:\Program Files\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
S2 sndappv2; C:\Program Files\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-05-06] (SigmaTel, Inc.)
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [x]

==================== Drivers (Whitelisted) ====================

S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas32.sys [25088 2008-02-14] (Dell Inc.)
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2007-12-08] (Intel Corporation)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-07-21] (Lavasoft AB)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28688 2007-04-11] (Logitech, Inc.)
S2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [5376 2007-02-18] (Gteko Ltd.)
S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-05-06] (SigmaTel, Inc.)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [14552 2007-06-27] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S2 DS1410D; SYSTEM32\drivers\DS1410D.SYS [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 15:28 - 2009-04-10 22:27 - 00627200 _____ (Microsoft Corporation) C:\sethc.exe
2013-08-29 09:25 - 2013-08-29 09:26 - 00000050 _____ C:\Users\JimH.NETRONLINE\imagine_history_082913_102509.txt
2013-08-29 08:01 - 2013-08-29 08:23 - 00000000 ____D C:\ProgramData\wmfb
2013-08-28 23:26 - 2013-08-29 07:42 - 00000000 ____D C:\ProgramData\6Vn3a333
2013-08-28 14:36 - 2013-08-28 15:00 - 00001087 _____ C:\Users\JimH.NETRONLINE\imagine_history_082813_153628.txt
2013-08-26 15:03 - 2013-08-26 15:03 - 19102896 _____ C:\Users\JimH.NETRONLINE\Downloads\DRVR_Network_Intel_A07-615P2_setup_ZPE.exe
2013-08-08 13:56 - 2013-08-08 14:07 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2013-08-29 14:35 - 2011-08-12 18:40 - 00000064 _____ C:\Windows\System32\rp_stats.dat
2013-08-29 14:35 - 2011-08-12 18:40 - 00000044 _____ C:\Windows\System32\rp_rules.dat
2013-08-29 14:35 - 2007-12-08 01:42 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-08-29 14:33 - 2006-11-02 04:46 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 14:33 - 2006-11-02 04:46 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 14:32 - 2010-01-14 14:30 - 00051384 _____ C:\aaw7boot.log
2013-08-29 14:32 - 2008-05-01 06:27 - 00055178 _____ C:\Windows\System32\Drivers\stwrte.log
2013-08-29 14:30 - 2010-03-30 14:11 - 00000000 ____D C:\Users\JimH.NETRONLINE\AppData\Local\PMB Files
2013-08-29 14:03 - 2006-11-02 04:59 - 00049244 _____ C:\Windows\PFRO.log
2013-08-29 13:44 - 2007-12-14 15:40 - 00000136 _____ C:\Windows\System32\config\netlogon.ftl
2013-08-29 13:36 - 2007-12-08 01:36 - 01207712 _____ C:\Windows\WindowsUpdate.log
2013-08-29 09:26 - 2013-08-29 09:25 - 00000050 _____ C:\Users\JimH.NETRONLINE\imagine_history_082913_102509.txt
2013-08-29 09:25 - 2007-12-14 16:21 - 00000000 ____D C:\users\JimH.NETRONLINE
2013-08-29 08:57 - 2013-05-30 10:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-29 08:57 - 2013-05-29 00:38 - 00000000 ____D C:\Users\JimH.NETRONLINE\AppData\Local\Akamai
2013-08-29 08:57 - 2012-05-07 10:39 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-29 08:57 - 2010-03-30 14:11 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-29 08:57 - 2009-04-03 08:03 - 00000000 ___HD C:\users\IUSR_NMPR
2013-08-29 08:57 - 2008-09-19 09:07 - 00000000 ____D C:\users\chagedorn
2013-08-29 08:57 - 2008-03-27 09:27 - 00000000 ____D C:\Program Files\Bulk Rename Utility
2013-08-29 08:57 - 2007-12-14 16:35 - 00000000 ____D C:\users\Administrator
2013-08-29 08:57 - 2007-12-14 15:14 - 00000000 ____D C:\users\JimH
2013-08-29 08:57 - 2006-11-02 04:35 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-29 08:57 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-08-29 08:57 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-08-29 08:57 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-08-29 08:57 - 2006-11-02 02:22 - 98828288 _____ C:\Windows\System32\config\software_previous
2013-08-29 08:57 - 2006-11-02 02:22 - 26476544 _____ C:\Windows\System32\config\system_previous
2013-08-29 08:51 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-08-29 08:51 - 2006-11-02 02:22 - 44564480 _____ C:\Windows\System32\config\components_previous
2013-08-29 08:51 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\sam_previous
2013-08-29 08:37 - 2013-03-22 07:38 - 00000000 ____D C:\ProgramData\Sendori
2013-08-29 08:34 - 2009-02-11 12:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-29 08:23 - 2013-08-29 08:01 - 00000000 ____D C:\ProgramData\wmfb
2013-08-29 07:47 - 2006-11-02 02:22 - 05767168 _____ C:\Windows\System32\config\default_previous
2013-08-29 07:42 - 2013-08-28 23:26 - 00000000 ____D C:\ProgramData\6Vn3a333
2013-08-29 07:38 - 2006-11-02 02:22 - 00262144 _____ C:\Windows\System32\config\security_previous
2013-08-28 23:26 - 2007-12-08 02:07 - 00000000 ____D C:\Program Files\Google
2013-08-28 18:51 - 2009-10-28 09:35 - 00000680 _____ C:\Users\JimH.NETRONLINE\AppData\Local\d3d9caps.dat
2013-08-28 15:00 - 2013-08-28 14:36 - 00001087 _____ C:\Users\JimH.NETRONLINE\imagine_history_082813_153628.txt
2013-08-28 15:00 - 2011-01-13 13:46 - 00000000 ____D C:\LPS_DATA
2013-08-28 14:38 - 2008-03-21 07:51 - 00000000 ____D C:\Users\JimH.NETRONLINE\.imagine920
2013-08-27 14:44 - 2006-11-02 02:33 - 00768826 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-26 15:03 - 2013-08-26 15:03 - 19102896 _____ C:\Users\JimH.NETRONLINE\Downloads\DRVR_Network_Intel_A07-615P2_setup_ZPE.exe
2013-08-23 15:58 - 2007-12-14 17:22 - 00000000 ____D C:\JH
2013-08-23 15:57 - 2013-07-02 18:02 - 00029038 _____ C:\Users\JimH.NETRONLINE\imagine_history_070213_190216.txt
2013-08-22 13:20 - 2013-04-23 12:30 - 00002094 _____ C:\Users\JimH.NETRONLINE\Desktop\Google Chrome.lnk
2013-08-21 15:59 - 2007-12-18 09:06 - 00000000 ____D C:\Users\JimH.NETRONLINE\.imagine910
2013-08-20 18:30 - 2013-06-12 01:30 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-08-20 18:30 - 2012-05-17 16:16 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-08-20 18:30 - 2011-06-29 23:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-08-08 14:07 - 2013-08-08 13:56 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

Files to move or delete:
====================
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{35730390-6696-bc54-5b84-516ef35a13b8}
C:\Users\JimH\AppData\Local\Temp\100005f.exe
C:\Users\JimH\AppData\Local\Temp\uf6pvhyo.exe
C:\Users\JimH\AppData\Local\Temp\{D0C51410-E6BA-4A2C-A2F2-8989EF1B5A96}\{8A2BBC6F-2EE2-479D-9664-54C4847BB200}\isrt.dll
C:\Users\JimH\AppData\Local\Temp\VSD536C.tmp\dotnetfx\dotnetchk.exe
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\MstrHD.dll
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\Setup.exe
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\SPHlpr.dll
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\3-YT\ytb_7.0.4.0_ypsr_1.14_logi_uber_setup_.exe
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\1-SetPoint\ISSetup.dll
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\1-SetPoint\setup.exe
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\1-SetPoint\_Setup.dll
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\1-SetPoint\Redist\instmsiw.exe
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\1-SetPoint\Redist\vcredist_x86.exe
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\1-SetPoint\Redist\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\JimH\AppData\Local\Temp\pft936B.tmp\1-SetPoint\CDDRV\CDDRV_Installer.exe
C:\Users\JimH\AppData\Local\Temp\pft3785.tmp\INS9XMSI.EXE
C:\Users\JimH\AppData\Local\Temp\pft3785.tmp\INSNTMSI.EXE
C:\Users\JimH\AppData\Local\Temp\pft3785.tmp\setup.exe
C:\Users\JimH\AppData\Local\Temp\isp7E47.tmp\_Setup.dll
C:\Users\JimH\AppData\Local\Temp\IS5F8E.tmp\install.exe
C:\Users\JimH\AppData\Local\Temp\IS5F8E.tmp\InstMsi.exe
C:\Users\JimH\AppData\Local\Temp\IS5F8E.tmp\InstMsiW.exe
C:\Users\JimH\AppData\Local\Temp\bye58E8.tmp\Disk1\setup.exe
C:\Users\JimH.NETRONLINE\AppData\Local\Temp\_is3D38.exe
C:\Users\JimH.NETRONLINE\AppData\Local\Temp\{8A1DE114-F94E-43B9-8B6F-3F53D5850434}\ISSetup.dll
C:\Users\JimH.NETRONLINE\AppData\Local\Temp\{8A1DE114-F94E-43B9-8B6F-3F53D5850434}\_Setup.dll
C:\Users\JimH.NETRONLINE\AppData\Local\Temp\MozUpdater-11\updater.exe
C:\Users\JimH.NETRONLINE\AppData\Local\Temp\Marvell 9128\9128\MarvellRAID\MRUSetup.exe
C:\Users\JimH.NETRONLINE\AppData\Local\Temp\Marvell 9128\9128\Driver\drvSetup.exe
C:\Users\JimH.NETRONLINE\AppData\Local\Temp\Marvell 9128\9128\Driver\miniport\i386\mv91xxm.dll
C:\Users\JimH.NETRONLINE\AppData\Local\Temp\Marvell 9128\9128\Driver\miniport\Floppy64\mv91xxm.dll
C:\Users\JimH.NETRONLINE\AppData\Local\Temp\Marvell 9128\9128\Driver\miniport\Floppy32\mv91xxm.dll
C:\Users\JimH.NETRONLINE\AppData\Local\Temp\Marvell 9128\9128\Driver\miniport\amd64\mv91xxm.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-14 23:00:28
Restore point made on: 2013-08-15 23:00:24
Restore point made on: 2013-08-16 23:00:24
Restore point made on: 2013-08-17 23:00:20
Restore point made on: 2013-08-18 23:00:21
Restore point made on: 2013-08-19 23:00:24
Restore point made on: 2013-08-20 23:00:27
Restore point made on: 2013-08-21 23:00:26
Restore point made on: 2013-08-22 23:00:24
Restore point made on: 2013-08-23 23:00:32
Restore point made on: 2013-08-24 23:00:31
Restore point made on: 2013-08-25 23:00:30
Restore point made on: 2013-08-26 23:00:27
Restore point made on: 2013-08-27 23:01:56
Restore point made on: 2013-08-28 16:40:25

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4029.14 MB
Available physical RAM: 3557.46 MB
Total Pagefile: 3896.63 MB
Available Pagefile: 3686.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.72 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1847.97 GB) (Free:626.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (VISTA_32_ULTIMATE) (CDROM) (Total:2.84 GB) (Free:0 GB) CDFS
Drive f: (NETR04-300GB) (Fixed) (Total:279.47 GB) (Free:178.61 GB) NTFS
Drive g: (Silver Toshiba) (Fixed) (Total:931.51 GB) (Free:408.1 GB) NTFS
Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=-214776676352) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 279 GB) (Disk ID: D10282ED)
Partition 1: (Not Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 8A448069)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)


LastRegBack: 2013-08-29 08:42

==================== End Of Log ============================

Link to post
Share on other sites

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........run MBAR
If not...rescan with FRST and post the new log

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.
more-reply-options.jpg

New window that comes up.
choose-files1.jpg


~~~~~~~~~~~~~~~~~~~~~~~

Note: YOU MUST RUN THIS!!!
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Link to post
Share on other sites

Restarting now.  Here's the log I got.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-08-2013
Ran by SYSTEM at 2013-08-29 16:11:06 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\JimH.NETRONLINE\...\Winlogon: [shell] C:\Users\JimH.NETRONLINE\AppData\Roaming\dlc.xmm,explorer.exe
C:\Program Files\Google\Desktop\Install\{35730390-6696-bc54-5b84-516ef35a13b8}
C:\Users\JimH.NETRONLINE\AppData\Roaming\dlc.xmm

*****************

HKU\JimH.NETRONLINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
"C:\Program Files\Google\Desktop\Install\{35730390-6696-bc54-5b84-516ef35a13b8}" => Could not move.
C:\Users\JimH.NETRONLINE\AppData\Roaming\dlc.xmm => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.