Jump to content

FBI Virus- Cannot remove and I've tried everything I can think of!


Recommended Posts

Hello All,

 

Long time reader and first time poster. I am really hoping you can help me out with this. You all seem really smart, so I figured you were my best shot. I don't have the money to take my computer to a repair shop, so this is my last effort....

 

I got the dreaded FBI Virus over the weekend. It's a white screen with the FBI notice and it took a webcam shot. I have never dealt with a virus like this before. I have tried just about everything I can think of. Here is my scenario:

 

* I am using a Lenovo desktop that runs Windows 7

 

* The virus has totally disabled my internet

 

* Anytime I go into any of the safe modes, it shuts my computer down

 

* I have tried to boot from a USB using Hitman Pro and it started loading but said I needed an internet connection (which I can't get because of the virus)

 

* I have tried to use the Farbar Recovery Tool. I saved it to the USB and it didn't do anything when I booted my computer up.

 

Is there any way to eliminate this virus WITHOUT having access to the internet on my infected computer? I have heard of burning discs on my CD burner, but not sure if that will work? I do not have a startup disc for my computer.

 

At this point I don't even care if my whole computer is wiped out. I just want it back as I need to use it on a regular basis. It's fairly new so there is not too much on it that I really need anyway.

 

Thank you all in advance for your help!!!! 

 

 

Link to post
Share on other sites

Download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

 

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Kevin

Link to post
Share on other sites

Thanks for your help Kevin! Anything you can do to help me would be more appreciated than you know!!!!! Here is what the log showed:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Brian (administrator) on BRIAN-PC on 27-09-2013 20:23:52
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12850792 2011-09-05] (Realtek Semiconductor)
HKLM\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Epson Stylus NX230(Network)] - C:\Users\Brian\AppData\Local\Temp\E_SA36C.tmp [188 2012-08-07] ()
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [4480456 2012-05-31] (Binary Fortress Software)
HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.)
HKCU\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Brian\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 46a7b747d65847d099bd19d59a0fb91a-9a4ef77324d7db274ffc1cb4c1b164964864bdbf --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012
HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Brian\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 46a7b747d65847d099bd19d59a0fb91a-9a4ef77324d7db274ffc1cb4c1b164964864bdbf --CMPID 0913a
HKCU\...\Run: [Jing] - C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)
HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\Brian\AppData\Roaming\cache.dat [135168 2013-08-01] () <==== ATTENTION
MountPoints2: {fd90874e-8997-11e1-a80f-806e6f6e6963} - D:\.\DR\DRS\SYS\CDAmbass.exe
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [jmekey] - C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [LVT] - C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe [1260128 2011-12-16] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [updateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\i7n71xh8.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 FastbootService; C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe [199264 2011-12-16] (1206 Lab)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-09-22] (SurfRight B.V.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)
S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [69216 2011-12-16] (Windows ® Win 7 DDK provider)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-27 20:23 - 2013-09-27 20:23 - 00000000 ____D C:\FRST
2013-09-22 22:47 - 2013-09-22 22:54 - 00001821 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-22 22:47 - 2013-09-22 22:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-22 22:47 - 2013-09-22 22:47 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-22 21:33 - 2013-09-22 21:33 - 00003416 ____N C:\bootsqm.dat
2013-09-22 21:33 - 2013-09-22 21:33 - 00000000 __SHD C:\found.000
2013-09-22 01:21 - 2013-09-25 21:14 - 00000004 _____ C:\Users\Brian\AppData\Roaming\cache.ini
2013-09-20 08:57 - 2013-09-20 08:57 - 00000000 ____D C:\Users\Brian\AppData\Local\TechSmith
2013-09-20 08:56 - 2013-09-20 08:56 - 06692840 _____ C:\Users\Brian\Downloads\jing.exe
2013-09-20 08:56 - 2013-09-20 08:56 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-09-19 18:40 - 2013-09-19 18:40 - 00000000 ____D C:\DR
2013-09-13 03:05 - 2013-08-09 22:22 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-13 03:05 - 2013-08-09 22:22 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-13 03:05 - 2013-08-09 22:22 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-13 03:05 - 2013-08-09 22:21 - 19246592 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-13 03:05 - 2013-08-09 22:21 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-13 03:05 - 2013-08-09 22:21 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-13 03:05 - 2013-08-09 22:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-13 03:05 - 2013-08-09 20:59 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-13 03:05 - 2013-08-09 20:59 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 02048000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-13 03:05 - 2013-08-09 20:58 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-13 03:05 - 2013-08-09 20:17 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-13 03:05 - 2013-08-09 20:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-13 03:05 - 2013-08-09 19:27 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-13 03:05 - 2013-08-09 19:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 03:04 - 2013-08-09 20:58 - 14332928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-12 07:51 - 2013-08-07 18:20 - 03155456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-12 07:51 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-12 07:51 - 2013-08-01 19:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-09-12 07:51 - 2013-08-01 19:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-09-12 07:51 - 2013-08-01 19:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-09-12 07:51 - 2013-08-01 19:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-09-12 07:51 - 2013-08-01 19:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-09-12 07:51 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-12 07:51 - 2013-08-01 19:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-09-12 07:51 - 2013-08-01 19:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-12 07:51 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-09-12 07:51 - 2013-08-01 18:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-09-12 07:51 - 2013-08-01 18:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-09-12 07:51 - 2013-08-01 18:51 - 00135168 _____ C:\Users\Brian\AppData\Roaming\cache.dat
2013-09-12 07:51 - 2013-08-01 18:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-09-12 07:51 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-09-12 07:51 - 2013-08-01 18:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-12 07:51 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-09-12 07:51 - 2013-08-01 17:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-09-12 07:51 - 2013-08-01 17:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-09-12 07:51 - 2013-08-01 17:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-09-12 07:51 - 2013-08-01 17:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-09-12 07:51 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 07:51 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 07:51 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-12 07:51 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-12 07:51 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-09-12 07:51 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-09-12 07:43 - 2013-09-12 07:43 - 00280552 _____ C:\windows\Minidump\091213-21746-01.dmp
2013-09-10 16:50 - 2013-09-10 16:50 - 00280552 _____ C:\windows\Minidump\091013-24882-01.dmp
2013-09-01 14:22 - 2013-09-01 14:26 - 00013032 ____H C:\Users\Brian\Desktop\~WRL2219.tmp
2013-08-31 17:32 - 2013-08-31 17:32 - 00000000 ____D C:\Users\Brian\AppData\Local\{FF1A1B62-703A-4DCA-8654-543190308AF1}
2013-08-31 17:32 - 2013-08-31 17:32 - 00000000 ____D C:\Users\Brian\AppData\Local\{FDA3FFD1-CFE8-4732-A9AE-A126B967C593}
2013-08-28 17:52 - 2013-08-28 17:52 - 00001069 _____ C:\Users\Brian\Desktop\Scratch.lnk
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Users\Brian\Documents\Scratch Projects
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scratch
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Program Files (x86)\Scratch

==================== One Month Modified Files and Folders =======

2013-09-27 20:28 - 2009-07-13 22:13 - 00778834 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-27 20:23 - 2013-09-27 20:23 - 00000000 ____D C:\FRST
2013-09-25 21:14 - 2013-09-22 01:21 - 00000004 _____ C:\Users\Brian\AppData\Roaming\cache.ini
2013-09-25 21:12 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-25 21:12 - 2009-07-13 21:51 - 00058068 _____ C:\windows\setupact.log
2013-09-23 17:58 - 2009-07-13 21:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 17:58 - 2009-07-13 21:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-22 22:54 - 2013-09-22 22:47 - 00001821 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-22 22:47 - 2013-09-22 22:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-22 22:47 - 2013-09-22 22:47 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-22 21:33 - 2013-09-22 21:33 - 00003416 ____N C:\bootsqm.dat
2013-09-22 21:33 - 2013-09-22 21:33 - 00000000 __SHD C:\found.000
2013-09-22 01:38 - 2012-04-18 13:07 - 01231529 _____ C:\windows\WindowsUpdate.log
2013-09-22 01:27 - 2012-08-06 21:43 - 00000000 ____D C:\ProgramData\AVG2012
2013-09-22 01:20 - 2012-08-04 11:16 - 00000000 ____D C:\Users\Brian\AppData\Local\Google
2013-09-22 00:44 - 2013-03-14 18:15 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 22:50 - 2013-04-16 19:03 - 00185856 _____ C:\Users\Brian\Desktop\Budget NEW.xlsx
2013-09-21 21:47 - 2012-08-06 21:43 - 00000000 ____D C:\windows\system32\Drivers\AVG
2013-09-21 08:07 - 2009-07-13 22:32 - 00000000 ____D C:\windows\system32\FxsTmp
2013-09-20 08:57 - 2013-09-20 08:57 - 00000000 ____D C:\Users\Brian\AppData\Local\TechSmith
2013-09-20 08:56 - 2013-09-20 08:56 - 06692840 _____ C:\Users\Brian\Downloads\jing.exe
2013-09-20 08:56 - 2013-09-20 08:56 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-09-20 08:56 - 2012-08-04 11:12 - 00000000 ____D C:\Users\Brian
2013-09-19 18:40 - 2013-09-19 18:40 - 00000000 ____D C:\DR
2013-09-19 17:44 - 2013-03-14 18:15 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 17:44 - 2012-12-28 16:38 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 17:44 - 2012-12-28 16:38 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 21:28 - 2012-08-06 22:05 - 00000000 ____D C:\Users\Brian\AppData\Local\Adobe
2013-09-13 17:54 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2013-09-13 16:35 - 2012-08-04 11:12 - 00000000 ___RD C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 16:35 - 2012-08-04 11:12 - 00000000 ___RD C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 03:22 - 2010-11-20 20:47 - 00051974 _____ C:\windows\PFRO.log
2013-09-13 03:22 - 2009-07-13 21:45 - 00428512 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-13 03:04 - 2012-08-06 19:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 07:43 - 2013-09-12 07:43 - 00280552 _____ C:\windows\Minidump\091213-21746-01.dmp
2013-09-12 07:43 - 2012-11-11 08:24 - 561292169 _____ C:\windows\MEMORY.DMP
2013-09-12 07:43 - 2012-11-11 08:24 - 00000000 ____D C:\windows\Minidump
2013-09-10 16:50 - 2013-09-10 16:50 - 00280552 _____ C:\windows\Minidump\091013-24882-01.dmp
2013-09-07 01:07 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-09-01 14:26 - 2013-09-01 14:22 - 00013032 ____H C:\Users\Brian\Desktop\~WRL2219.tmp
2013-08-31 19:06 - 2012-08-04 11:12 - 00000000 ____D C:\Users\Brian\AppData\Local\VirtualStore
2013-08-31 17:32 - 2013-08-31 17:32 - 00000000 ____D C:\Users\Brian\AppData\Local\{FF1A1B62-703A-4DCA-8654-543190308AF1}
2013-08-31 17:32 - 2013-08-31 17:32 - 00000000 ____D C:\Users\Brian\AppData\Local\{FDA3FFD1-CFE8-4732-A9AE-A126B967C593}
2013-08-28 17:52 - 2013-08-28 17:52 - 00001069 _____ C:\Users\Brian\Desktop\Scratch.lnk
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Users\Brian\Documents\Scratch Projects
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Scratch
2013-08-28 17:52 - 2013-08-28 17:52 - 00000000 ____D C:\Program Files (x86)\Scratch

Files to move or delete:
====================
C:\Users\Brian\AppData\Roaming\cache.dat
C:\Users\Brian\AppData\Roaming\cache.ini
ZeroAccess:
C:\Users\Brian\AppData\Local\Google\Desktop\Install
C:\ProgramData\flashax10.exe

Some content of TEMP:
====================
C:\Users\Brian\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Brian\AppData\Local\Temp\OEC Trader 3.5.6.2.exe
C:\Users\Brian\AppData\Local\Temp\OEC Trader 3.5.6.3.exe
C:\Users\Brian\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-21 00:23

==================== End Of Log ============================

Link to post
Share on other sites

Save the the attached file fixlist.txt to your flashdrive, same place as FRST.exe

Now please enter System Recovery Options as you did to get the initial log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

See if your system will now boot to normal mode, if so continue:

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

Zip up and attach the following file to your reply :- C:\windows\Minidump\091213-21746-01.dmp

 

Let me see the logs in next reply..

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.