carlmock Posted September 26, 2013 ID:735009 Share Posted September 26, 2013 I was infected today with this FBI notice and then a white screen. I uplugged my infected computer from my internet and used the Farbar scan tool as mentioned in prior posts. what next? Link to post Share on other sites More sharing options...
kevinf80 Posted September 26, 2013 ID:735011 Share Posted September 26, 2013 Post the logs.... Link to post Share on other sites More sharing options...
carlmock Posted September 26, 2013 Author ID:735022 Share Posted September 26, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2013Ran by SYSTEM on MINWINPC on 26-09-2013 14:19:02Running from E:\Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6975520 2009-02-24] (Realtek Semiconductor)HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exeHKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-13] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterHKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [indexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [377 2013-09-26] ()HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)HKU\Carl.Office-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKU\Carl.Office-PC\...\Run: [DW6] - "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"HKU\Carl.Office-PC\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeHKU\Carl.Office-PC\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)HKU\Carl.Office-PC\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)HKU\Carl.Office-PC\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)HKU\Carl.Office-PC\...\Run: [Akamai NetSession Interface] - C:\Users\Carl.Office-PC\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)HKU\Carl.Office-PC\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exeHKU\Carl.Office-PC\...\Run: [KB8594223] - C:\Users\Carl.Office-PC\AppData\Local\KB8594223\KB8594223.exe [84089 2013-09-26] ()Startup: C:\Users\Carl.Office-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Carl.Office-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnkShortcutTarget: sidebar.lnk -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)==================== Services (Whitelisted) =================S2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-20] (Microsoft Corporation)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [121616 2013-09-04] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)S2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]==================== Drivers (Whitelisted) ====================S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2008-04-01] (LeapFrog)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [33888 2008-05-23] (Intel Corporation )S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 ivusb; system32\DRIVERS\ivusb.sys [x]S3 mfeavfk01; No ImagePathS3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-09-26 14:18 - 2013-09-26 14:18 - 00000000 ____D C:\FRST2013-09-26 09:25 - 2013-09-26 09:25 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\KB85942232013-09-23 20:37 - 2013-09-23 20:43 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\New Folder2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Roaming\CyberLink2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\ProgramData\CyberLink2013-09-20 04:33 - 2013-09-20 04:33 - 00001696 _____ C:\Users\Public\Desktop\iTunes.lnk2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iTunes2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iPod2013-09-12 10:20 - 2013-09-12 10:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-11 23:10 - 2013-07-31 06:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-09-11 23:10 - 2013-07-31 05:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-09-11 23:10 - 2013-07-31 05:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-09-11 23:10 - 2013-07-31 05:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-09-11 23:10 - 2013-07-31 05:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-09-11 23:10 - 2013-07-31 05:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-09-11 23:10 - 2013-07-31 05:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2013-09-11 23:10 - 2013-07-31 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-09-11 23:10 - 2013-07-31 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-09-11 23:10 - 2013-07-31 05:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-09-11 23:10 - 2013-07-31 05:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-09-11 23:10 - 2013-07-31 05:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-09-11 23:10 - 2013-07-31 05:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-09-11 23:10 - 2013-07-31 05:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-09-11 23:10 - 2013-07-31 05:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-09-11 23:10 - 2013-07-31 05:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-09-11 23:10 - 2013-07-31 02:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-11 23:10 - 2013-07-31 02:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-11 23:10 - 2013-07-31 02:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-11 23:10 - 2013-07-31 01:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-11 23:10 - 2013-07-31 01:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-09-11 23:10 - 2013-07-31 01:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-11 23:10 - 2013-07-31 01:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-09-11 23:10 - 2013-07-31 01:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-11 23:10 - 2013-07-31 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-11 23:10 - 2013-07-31 01:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-09-11 23:10 - 2013-07-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-09-11 23:10 - 2013-07-31 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-11 23:10 - 2013-07-31 01:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-11 23:10 - 2013-07-31 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-09-11 23:10 - 2013-07-31 01:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-09-11 23:10 - 2013-07-31 01:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-09-11 06:40 - 2013-08-07 18:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-09-11 06:40 - 2013-07-16 01:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\themeui.dll2013-09-11 06:40 - 2013-07-15 20:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll2013-09-05 16:31 - 2013-09-24 16:07 - 00000151 _____ C:\Users\Carl.Office-PC\Documents\CSSBB.pe2013-09-05 16:31 - 2013-09-05 16:31 - 00001855 _____ C:\Users\Carl.Office-PC\Desktop\CSSBB Exam.lnk2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Windows\CSSBB Exam2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Program Files (x86)\CSSBB Exam-5.142013-08-29 18:08 - 2013-08-31 12:43 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\Outlook Files2013-08-27 14:03 - 2013-08-02 06:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL2013-08-27 14:03 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL==================== One Month Modified Files and Folders =======2013-09-26 14:18 - 2013-09-26 14:18 - 00000000 ____D C:\FRST2013-09-26 09:52 - 2010-04-28 04:37 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-26 09:51 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-26 09:51 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-09-26 09:51 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-09-26 09:49 - 2006-11-02 07:42 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-09-26 09:46 - 2013-02-17 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-09-26 09:46 - 2008-01-20 19:26 - 00470954 _____ C:\Windows\PFRO.log2013-09-26 09:33 - 2009-08-20 08:30 - 01231207 _____ C:\Windows\WindowsUpdate.log2013-09-26 09:25 - 2013-09-26 09:25 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\KB85942232013-09-26 08:36 - 2010-04-28 04:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-25 18:45 - 2006-11-02 04:46 - 00703516 _____ C:\Windows\System32\PerfStringBackup.INI2013-09-25 18:25 - 2013-08-03 11:16 - 00000000 ____D C:\Users\Carl.Office-PC\Desktop\Lisa jobs2013-09-24 16:30 - 2010-12-04 10:51 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\Susan2013-09-24 16:07 - 2013-09-05 16:31 - 00000151 _____ C:\Users\Carl.Office-PC\Documents\CSSBB.pe2013-09-24 04:34 - 2012-11-11 10:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-09-24 04:32 - 2009-08-25 07:54 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\PowerDVD DX2013-09-23 20:43 - 2013-09-23 20:37 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\New Folder2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Roaming\CyberLink2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\ProgramData\CyberLink2013-09-23 19:17 - 2009-08-25 07:51 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\VirtualStore2013-09-23 10:08 - 2009-10-30 16:07 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Roaming\PrimoPDF2013-09-20 04:38 - 2012-05-10 18:25 - 00000106 _____ C:\Windows\VaultMediaClient.INI2013-09-20 04:33 - 2013-09-20 04:33 - 00001696 _____ C:\Users\Public\Desktop\iTunes.lnk2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iTunes2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iPod2013-09-20 04:33 - 2013-01-09 20:37 - 00000000 ____D C:\Program Files (x86)\iTunes2013-09-20 04:27 - 2009-08-25 07:51 - 00000000 ____D C:\users\Carl.Office-PC2013-09-12 10:20 - 2013-09-12 10:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-11 23:32 - 2006-11-02 07:21 - 00429680 _____ C:\Windows\System32\FNTCACHE.DAT2013-09-11 23:14 - 2013-07-15 23:06 - 00000000 ____D C:\Windows\System32\MRT2013-09-11 23:12 - 2010-11-29 10:26 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-11 23:12 - 2006-11-02 04:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe2013-09-10 13:20 - 2009-08-25 09:59 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\Apple Computer2013-09-05 16:31 - 2013-09-05 16:31 - 00001855 _____ C:\Users\Carl.Office-PC\Desktop\CSSBB Exam.lnk2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Windows\CSSBB Exam2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Program Files (x86)\CSSBB Exam-5.142013-09-03 11:04 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV2013-08-31 12:43 - 2013-08-29 18:08 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\Outlook Files2013-08-29 13:12 - 2011-08-18 17:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-08-28 08:18 - 2009-08-25 08:22 - 00000000 ____D C:\Program Files\McAfeeSome content of TEMP:====================C:\Users\Carl.Office-PC\AppData\Local\Temp\21374781928573.exeC:\Users\Carl.Office-PC\AppData\Local\Temp\21374781928644.exeC:\Users\Carl.Office-PC\AppData\Local\Temp\MediaManager.exeC:\Users\Carl.Office-PC\AppData\Local\Temp\MSN9A41.exeC:\Users\Carl.Office-PC\AppData\Local\Temp\remove.exeC:\Users\Carl.Office-PC\AppData\Local\Temp\_isB74C.exe==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================25Restore point made on: 2013-09-05 20:00:22Restore point made on: 2013-09-06 20:00:21Restore point made on: 2013-09-07 20:00:21Restore point made on: 2013-09-11 23:00:58Restore point made on: 2013-09-12 20:00:26Restore point made on: 2013-09-12 23:00:23Restore point made on: 2013-09-13 20:00:21Restore point made on: 2013-09-14 20:00:23Restore point made on: 2013-09-15 20:00:22Restore point made on: 2013-09-16 20:00:19Restore point made on: 2013-09-17 20:00:22Restore point made on: 2013-09-18 16:18:44Restore point made on: 2013-09-18 20:00:25Restore point made on: 2013-09-19 20:00:30Restore point made on: 2013-09-20 04:27:16Restore point made on: 2013-09-20 04:47:56Restore point made on: 2013-09-20 20:11:07Restore point made on: 2013-09-21 20:00:30Restore point made on: 2013-09-22 11:21:30Restore point made on: 2013-09-22 21:15:09Restore point made on: 2013-09-23 19:41:30Restore point made on: 2013-09-23 20:43:25Restore point made on: 2013-09-24 06:00:41Restore point made on: 2013-09-24 20:04:55Restore point made on: 2013-09-25 20:00:28==================== Memory info ===========================Percentage of memory in use: 9%Total physical RAM: 6134.26 MBAvailable physical RAM: 5563.82 MBTotal Pagefile: 5944.15 MBAvailable Pagefile: 5534.48 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:916.44 GB) (Free:574.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: () (Removable) (Total:0.95 GB) (Free:0.92 GB) FATDrive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.9 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: B0000000)Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=916 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 969 MB) (Disk ID: 00000000)Partition 1: (Not Active) - (Size=969 MB) - (Type=06)LastRegBack: 2013-09-26 09:57==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted September 26, 2013 ID:735026 Share Posted September 26, 2013 Save the attached file fixlist.txt to the flashdrive where you have FRST.exe.Now please enter System Recovery Options as you did to get the original log.Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. See if your PC will now boot OK, if so run Malwarebytes, check for updates and run quick scan, post the log... Kevin fixlist.txt Link to post Share on other sites More sharing options...
carlmock Posted September 26, 2013 Author ID:735034 Share Posted September 26, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2013Ran by SYSTEM at 2013-09-26 16:13:08 Run:1Running from E:\Boot Mode: Recovery==============================================Content of fixlist:*****************StartHKU\Carl.Office-PC\...\Run: [KB8594223] - C:\Users\Carl.Office-PC\AppData\Local\KB8594223\KB8594223.exe [84089 2013-09-26] ()C:\Users\Carl.Office-PC\AppData\Local\KB8594223C:\Users\Carl.Office-PC\AppData\Local\Temp\21374781928573.exeC:\Users\Carl.Office-PC\AppData\Local\Temp\21374781928644.exeC:\Users\Carl.Office-PC\AppData\Local\Temp\MediaManager.exeC:\Users\Carl.Office-PC\AppData\Local\Temp\MSN9A41.exeC:\Users\Carl.Office-PC\AppData\Local\Temp\remove.exeC:\Users\Carl.Office-PC\AppData\Local\Temp\_isB74C.exeEnd*****************HKU\Carl.Office-PC\Software\Microsoft\Windows\CurrentVersion\Run\\KB8594223 => Value deleted successfully.C:\Users\Carl.Office-PC\AppData\Local\KB8594223 => Moved successfully.C:\Users\Carl.Office-PC\AppData\Local\Temp\21374781928573.exe => Moved successfully.C:\Users\Carl.Office-PC\AppData\Local\Temp\21374781928644.exe => Moved successfully.C:\Users\Carl.Office-PC\AppData\Local\Temp\MediaManager.exe => Moved successfully.C:\Users\Carl.Office-PC\AppData\Local\Temp\MSN9A41.exe => Moved successfully.C:\Users\Carl.Office-PC\AppData\Local\Temp\remove.exe => Moved successfully.C:\Users\Carl.Office-PC\AppData\Local\Temp\_isB74C.exe => Moved successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
carlmock Posted September 26, 2013 Author ID:735042 Share Posted September 26, 2013 tried to reboot and Im getting nothing. just a black screen. Link to post Share on other sites More sharing options...
kevinf80 Posted September 26, 2013 ID:735058 Share Posted September 26, 2013 Will it boot in Safemode? If not re-run FRST again from recovery environment Link to post Share on other sites More sharing options...
carlmock Posted September 26, 2013 Author ID:735069 Share Posted September 26, 2013 rerun.. .results below Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2013Ran by SYSTEM on MINWINPC on 26-09-2013 17:29:40Running from E:\Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6975520 2009-02-24] (Realtek Semiconductor)HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exeHKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-13] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterHKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [indexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [377 2013-09-26] ()HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)HKU\Carl.Office-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKU\Carl.Office-PC\...\Run: [DW6] - "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"HKU\Carl.Office-PC\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeHKU\Carl.Office-PC\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)HKU\Carl.Office-PC\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)HKU\Carl.Office-PC\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)HKU\Carl.Office-PC\...\Run: [Akamai NetSession Interface] - C:\Users\Carl.Office-PC\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)HKU\Carl.Office-PC\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exeStartup: C:\Users\Carl.Office-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Carl.Office-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnkShortcutTarget: sidebar.lnk -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)==================== Services (Whitelisted) =================S2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-20] (Microsoft Corporation)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [121616 2013-09-04] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)S2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]==================== Drivers (Whitelisted) ====================S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2008-04-01] (LeapFrog)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [33888 2008-05-23] (Intel Corporation )S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 ivusb; system32\DRIVERS\ivusb.sys [x]S3 mfeavfk01; No ImagePathS3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-09-26 14:18 - 2013-09-26 14:18 - 00000000 ____D C:\FRST2013-09-23 20:37 - 2013-09-23 20:43 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\New Folder2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Roaming\CyberLink2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\ProgramData\CyberLink2013-09-20 04:33 - 2013-09-20 04:33 - 00001696 _____ C:\Users\Public\Desktop\iTunes.lnk2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iTunes2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iPod2013-09-12 10:20 - 2013-09-12 10:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-11 23:10 - 2013-07-31 06:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-09-11 23:10 - 2013-07-31 05:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-09-11 23:10 - 2013-07-31 05:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-09-11 23:10 - 2013-07-31 05:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-09-11 23:10 - 2013-07-31 05:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-09-11 23:10 - 2013-07-31 05:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-09-11 23:10 - 2013-07-31 05:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2013-09-11 23:10 - 2013-07-31 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-09-11 23:10 - 2013-07-31 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-09-11 23:10 - 2013-07-31 05:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-09-11 23:10 - 2013-07-31 05:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-09-11 23:10 - 2013-07-31 05:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-09-11 23:10 - 2013-07-31 05:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-09-11 23:10 - 2013-07-31 05:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-09-11 23:10 - 2013-07-31 05:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-09-11 23:10 - 2013-07-31 05:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-09-11 23:10 - 2013-07-31 02:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-11 23:10 - 2013-07-31 02:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-11 23:10 - 2013-07-31 02:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-11 23:10 - 2013-07-31 01:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-11 23:10 - 2013-07-31 01:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-09-11 23:10 - 2013-07-31 01:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-11 23:10 - 2013-07-31 01:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-09-11 23:10 - 2013-07-31 01:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-11 23:10 - 2013-07-31 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-11 23:10 - 2013-07-31 01:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-09-11 23:10 - 2013-07-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-09-11 23:10 - 2013-07-31 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-11 23:10 - 2013-07-31 01:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-11 23:10 - 2013-07-31 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-09-11 23:10 - 2013-07-31 01:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-09-11 23:10 - 2013-07-31 01:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-09-11 06:40 - 2013-08-07 18:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-09-11 06:40 - 2013-07-16 01:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\themeui.dll2013-09-11 06:40 - 2013-07-15 20:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll2013-09-05 16:31 - 2013-09-24 16:07 - 00000151 _____ C:\Users\Carl.Office-PC\Documents\CSSBB.pe2013-09-05 16:31 - 2013-09-05 16:31 - 00001855 _____ C:\Users\Carl.Office-PC\Desktop\CSSBB Exam.lnk2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Windows\CSSBB Exam2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Program Files (x86)\CSSBB Exam-5.142013-08-29 18:08 - 2013-08-31 12:43 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\Outlook Files2013-08-27 14:03 - 2013-08-02 06:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL2013-08-27 14:03 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL==================== One Month Modified Files and Folders =======2013-09-26 14:18 - 2013-09-26 14:18 - 00000000 ____D C:\FRST2013-09-26 12:32 - 2006-11-02 07:42 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-09-26 12:32 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-26 12:31 - 2010-04-28 04:37 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-26 12:29 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-09-26 12:29 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-09-26 10:33 - 2006-11-02 07:27 - 00247421 _____ C:\Windows\setupact.log2013-09-26 09:46 - 2013-02-17 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-09-26 09:46 - 2008-01-20 19:26 - 00470954 _____ C:\Windows\PFRO.log2013-09-26 09:33 - 2009-08-20 08:30 - 01231207 _____ C:\Windows\WindowsUpdate.log2013-09-26 08:36 - 2010-04-28 04:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-25 18:45 - 2006-11-02 04:46 - 00703516 _____ C:\Windows\System32\PerfStringBackup.INI2013-09-25 18:25 - 2013-08-03 11:16 - 00000000 ____D C:\Users\Carl.Office-PC\Desktop\Lisa jobs2013-09-24 16:30 - 2010-12-04 10:51 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\Susan2013-09-24 16:07 - 2013-09-05 16:31 - 00000151 _____ C:\Users\Carl.Office-PC\Documents\CSSBB.pe2013-09-24 04:34 - 2012-11-11 10:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-09-24 04:32 - 2009-08-25 07:54 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\PowerDVD DX2013-09-23 20:43 - 2013-09-23 20:37 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\New Folder2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Roaming\CyberLink2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\ProgramData\CyberLink2013-09-23 19:17 - 2009-08-25 07:51 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\VirtualStore2013-09-23 10:08 - 2009-10-30 16:07 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Roaming\PrimoPDF2013-09-20 04:38 - 2012-05-10 18:25 - 00000106 _____ C:\Windows\VaultMediaClient.INI2013-09-20 04:33 - 2013-09-20 04:33 - 00001696 _____ C:\Users\Public\Desktop\iTunes.lnk2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iTunes2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iPod2013-09-20 04:33 - 2013-01-09 20:37 - 00000000 ____D C:\Program Files (x86)\iTunes2013-09-20 04:27 - 2009-08-25 07:51 - 00000000 ____D C:\users\Carl.Office-PC2013-09-12 10:20 - 2013-09-12 10:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-11 23:32 - 2006-11-02 07:21 - 00429680 _____ C:\Windows\System32\FNTCACHE.DAT2013-09-11 23:14 - 2013-07-15 23:06 - 00000000 ____D C:\Windows\System32\MRT2013-09-11 23:12 - 2010-11-29 10:26 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-11 23:12 - 2006-11-02 04:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe2013-09-10 13:20 - 2009-08-25 09:59 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\Apple Computer2013-09-05 16:31 - 2013-09-05 16:31 - 00001855 _____ C:\Users\Carl.Office-PC\Desktop\CSSBB Exam.lnk2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Windows\CSSBB Exam2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Program Files (x86)\CSSBB Exam-5.142013-09-03 11:04 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV2013-08-31 12:43 - 2013-08-29 18:08 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\Outlook Files2013-08-29 13:12 - 2011-08-18 17:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-08-28 08:18 - 2009-08-25 08:22 - 00000000 ____D C:\Program Files\McAfee==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================25Restore point made on: 2013-09-05 20:00:22Restore point made on: 2013-09-06 20:00:21Restore point made on: 2013-09-07 20:00:21Restore point made on: 2013-09-11 23:00:58Restore point made on: 2013-09-12 20:00:26Restore point made on: 2013-09-12 23:00:23Restore point made on: 2013-09-13 20:00:21Restore point made on: 2013-09-14 20:00:23Restore point made on: 2013-09-15 20:00:22Restore point made on: 2013-09-16 20:00:19Restore point made on: 2013-09-17 20:00:22Restore point made on: 2013-09-18 16:18:44Restore point made on: 2013-09-18 20:00:25Restore point made on: 2013-09-19 20:00:30Restore point made on: 2013-09-20 04:27:16Restore point made on: 2013-09-20 04:47:56Restore point made on: 2013-09-20 20:11:07Restore point made on: 2013-09-21 20:00:30Restore point made on: 2013-09-22 11:21:30Restore point made on: 2013-09-22 21:15:09Restore point made on: 2013-09-23 19:41:30Restore point made on: 2013-09-23 20:43:25Restore point made on: 2013-09-24 06:00:41Restore point made on: 2013-09-24 20:04:55Restore point made on: 2013-09-25 20:00:28==================== Memory info ===========================Percentage of memory in use: 9%Total physical RAM: 6134.26 MBAvailable physical RAM: 5563.02 MBTotal Pagefile: 5944.15 MBAvailable Pagefile: 5537.98 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:916.44 GB) (Free:575.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: () (Removable) (Total:0.95 GB) (Free:0.92 GB) FATDrive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.9 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: B0000000)Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=916 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 969 MB) (Disk ID: 00000000)Partition 1: (Not Active) - (Size=969 MB) - (Type=06)LastRegBack: 2013-09-26 10:38==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted September 26, 2013 ID:735074 Share Posted September 26, 2013 Delete the last fixlist.txt from your flashdrive.... Save the new attached file fixlist.txt to the flashdrive where you have FRST.exe.Now please enter System Recovery Options as you did to get the original log.Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. See if your PC will now boot OK....fixlist.txt Link to post Share on other sites More sharing options...
carlmock Posted September 26, 2013 Author ID:735098 Share Posted September 26, 2013 windows is starting up but then suggests going into repair mode to run startup repair. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2013Ran by SYSTEM at 2013-09-26 17:59:18 Run:2Running from E:\Boot Mode: Recovery==============================================Content of fixlist:*****************StartLastRegBack: 2013-09-26 09:57End*****************DEFAULT hive was successfully copied to System32\config\HiveBackupDEFAULT hive was successfully restored from registry back up.SAM hive was successfully copied to System32\config\HiveBackupSAM hive was successfully restored from registry back up.SECURITY hive was successfully copied to System32\config\HiveBackupSECURITY hive was successfully restored from registry back up.SOFTWARE hive was successfully copied to System32\config\HiveBackupSOFTWARE hive was successfully restored from registry back up.SYSTEM hive was successfully copied to System32\config\HiveBackupSYSTEM hive was successfully restored from registry back up.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
kevinf80 Posted September 26, 2013 ID:735099 Share Posted September 26, 2013 Can you run Start up repair? Link to post Share on other sites More sharing options...
carlmock Posted September 26, 2013 Author ID:735107 Share Posted September 26, 2013 yes... runing a system restore. it wouldnt allow me to do a startup repair. Link to post Share on other sites More sharing options...
kevinf80 Posted September 26, 2013 ID:735119 Share Posted September 26, 2013 Let me know how that goes, FRST log shows 25 restore points.... Link to post Share on other sites More sharing options...
carlmock Posted September 27, 2013 Author ID:735136 Share Posted September 27, 2013 got a system restor failed due to an unspecified error. system cannot find the file specified. Link to post Share on other sites More sharing options...
kevinf80 Posted September 27, 2013 ID:735253 Share Posted September 27, 2013 That will probably be down to the infection, OK see if can create and run Kaspersky Rescue CD, please read the instructions thoroughly a couple of times or even print them off: Kaspersky Rescue CDSTEP A: Download and create a bootable Kaspersky Rescue Disk CD 1. Download the Kaspersky Rescue Disk ISOimage from below. KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will open a new page from where you can download Kaspersky Rescue Disk ISO) 2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that) IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download ImgBurn)3. You can now insert your blank DVD/CD in your burner. 4. Install ImgBurn by following the prompts and then start this program. 5. Click on the Write image file to disc button. 6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso) 7. Click on the big Write button. 8. The disc creation process will now start and it will take around 5-10 minutes to complete. STEP B: Configure the computer to boot from CD-ROM On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot: 1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot: 2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device. 3. Insert your Kaspersky Rescue Disk and restart your computer. STEP C: Boot your computer from Kaspersky Rescue Disk 1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process 2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard. 3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER. 4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard. 5. Once the actions described above have been performed, the Kasprsky operating system will start. STEP D: Launch Kaspersky WindowsUnlocker to remove the malicious registry changes This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk. 1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker. IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard. 2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode. STEP E: Scan your system with Kaspersky Rescue Disk 1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update. 2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated. 3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan. 4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side. 5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed. 6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer. 7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply. Kevin Link to post Share on other sites More sharing options...
carlmock Posted September 27, 2013 Author ID:735375 Share Posted September 27, 2013 ok.. dumb question. the down computer is windows based but my laptop that is going to be making the back up disc is a mac. I dont see imgburn for mac. Link to post Share on other sites More sharing options...
kevinf80 Posted September 27, 2013 ID:735390 Share Posted September 27, 2013 I have absolutely no experience with a Mac, do you have any friends with a windows PC that can make Kaspersky CD for you? Link to post Share on other sites More sharing options...
kevinf80 Posted September 27, 2013 ID:735393 Share Posted September 27, 2013 Couple of links to check out for your Mac, courtesy of AdvancedSetup http://www.oit.umass.edu/support/computer-classrooms/burn-a-dmg-or-iso-file-disk-macintosh http://en.kioskea.net/faq/4524-mac-osx-how-to-burn-iso-image Link to post Share on other sites More sharing options...
carlmock Posted September 28, 2013 Author ID:735537 Share Posted September 28, 2013 its scanning my system and is supposed to be done in 18 hours. I was able to borrow my neighbors lap top. so far it has found 4 infected files Link to post Share on other sites More sharing options...
kevinf80 Posted September 28, 2013 ID:735541 Share Posted September 28, 2013 Thanks for the update, let me know how you progress... Link to post Share on other sites More sharing options...
carlmock Posted September 28, 2013 Author ID:735559 Share Posted September 28, 2013 thanks for all your help. hopefully it works and I have a working computer. my wife transferred all these photos off her camera the day before and I fear they may be lost since I dont know if it was backed up or not. hackers suck Link to post Share on other sites More sharing options...
kevinf80 Posted September 28, 2013 ID:735578 Share Posted September 28, 2013 Let me know what happens when the scan is finished.... Link to post Share on other sites More sharing options...
carlmock Posted September 29, 2013 Author ID:735714 Share Posted September 29, 2013 rescue disk did its thing and windows still wont start. Deleted about 8 virus. Link to post Share on other sites More sharing options...
kevinf80 Posted September 29, 2013 ID:735718 Share Posted September 29, 2013 Can you run FRST again from recovery environment and post fresh log please... Link to post Share on other sites More sharing options...
carlmock Posted September 29, 2013 Author ID:735795 Share Posted September 29, 2013 here you go Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2013Ran by SYSTEM on MINWINPC on 29-09-2013 11:34:44Running from D:\WIN_VISTA Service Pack 1 (X64) OS Language: English(US)Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [339968 2009-04-10] (Microsoft Corporation)HKLM\...\Winlogon: [userinit]HKLM-x32\...\Winlogon: [userinit] [x]HKLM\...\Winlogon: [shell] [0 ] () <=== ATTENTIONHKLM-x32\...\Winlogon: [shell] [0 ] () <=== ATTENTIONHKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?HKU\Carl.Office-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKU\Carl.Office-PC\...\Run: [DW6] - "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"HKU\Carl.Office-PC\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeHKU\Carl.Office-PC\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)HKU\Carl.Office-PC\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)HKU\Carl.Office-PC\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)HKU\Carl.Office-PC\...\Run: [Akamai NetSession Interface] - C:\Users\Carl.Office-PC\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)HKU\Carl.Office-PC\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exeStartup: C:\Users\Carl.Office-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Carl.Office-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnkShortcutTarget: sidebar.lnk -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)==================== Services (Whitelisted) =================S2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-20] (Microsoft Corporation)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [121616 2013-09-04] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)S2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )S2 0154201380200929mcinstcleanup; C:\Windows\TEMP\015420~1.EXE -cleanup -nolog [x]S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]==================== Drivers (Whitelisted) ====================S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2008-04-01] (LeapFrog)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [33888 2008-05-23] (Intel Corporation )S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 ivusb; system32\DRIVERS\ivusb.sys [x]S3 mfeavfk01; No ImagePathS3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-09-26 17:59 - 2013-09-26 17:59 - 00000000 ____D C:\Windows\System32\config\HiveBackup2013-09-26 14:18 - 2013-09-26 14:18 - 00000000 ____D C:\FRST2013-09-23 20:37 - 2013-09-23 20:43 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\New Folder2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Roaming\CyberLink2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\ProgramData\CyberLink2013-09-20 04:33 - 2013-09-20 04:33 - 00001696 _____ C:\Users\Public\Desktop\iTunes.lnk2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iTunes2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iPod2013-09-12 10:20 - 2013-09-12 10:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-11 23:10 - 2013-07-31 06:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-09-11 23:10 - 2013-07-31 05:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-09-11 23:10 - 2013-07-31 05:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-09-11 23:10 - 2013-07-31 05:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-09-11 23:10 - 2013-07-31 05:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-09-11 23:10 - 2013-07-31 05:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-09-11 23:10 - 2013-07-31 05:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2013-09-11 23:10 - 2013-07-31 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-09-11 23:10 - 2013-07-31 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-09-11 23:10 - 2013-07-31 05:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-09-11 23:10 - 2013-07-31 05:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-09-11 23:10 - 2013-07-31 05:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-09-11 23:10 - 2013-07-31 05:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-09-11 23:10 - 2013-07-31 05:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-09-11 23:10 - 2013-07-31 05:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-09-11 23:10 - 2013-07-31 05:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-09-11 23:10 - 2013-07-31 02:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-11 23:10 - 2013-07-31 02:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-11 23:10 - 2013-07-31 02:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-11 23:10 - 2013-07-31 01:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-11 23:10 - 2013-07-31 01:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-09-11 23:10 - 2013-07-31 01:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-11 23:10 - 2013-07-31 01:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-09-11 23:10 - 2013-07-31 01:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-11 23:10 - 2013-07-31 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-11 23:10 - 2013-07-31 01:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-09-11 23:10 - 2013-07-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-09-11 23:10 - 2013-07-31 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-11 23:10 - 2013-07-31 01:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-11 23:10 - 2013-07-31 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-09-11 23:10 - 2013-07-31 01:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-09-11 23:10 - 2013-07-31 01:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-09-11 06:40 - 2013-08-07 18:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-09-11 06:40 - 2013-07-16 01:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\themeui.dll2013-09-11 06:40 - 2013-07-15 20:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll2013-09-05 16:31 - 2013-09-24 16:07 - 00000151 _____ C:\Users\Carl.Office-PC\Documents\CSSBB.pe2013-09-05 16:31 - 2013-09-05 16:31 - 00001855 _____ C:\Users\Carl.Office-PC\Desktop\CSSBB Exam.lnk2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Windows\CSSBB Exam2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Program Files (x86)\CSSBB Exam-5.14==================== One Month Modified Files and Folders =======2013-09-26 17:59 - 2013-09-26 17:59 - 00000000 ____D C:\Windows\System32\config\HiveBackup2013-09-26 14:18 - 2013-09-26 14:18 - 00000000 ____D C:\FRST2013-09-26 14:01 - 2008-01-20 19:26 - 00563956 _____ C:\Windows\PFRO.log2013-09-26 12:32 - 2006-11-02 07:42 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-09-26 12:32 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-26 12:31 - 2010-04-28 04:37 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-26 12:29 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-09-26 12:29 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-09-26 10:33 - 2006-11-02 07:27 - 00247421 _____ C:\Windows\setupact.log2013-09-26 09:46 - 2013-02-17 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-09-26 09:33 - 2009-08-20 08:30 - 01231207 _____ C:\Windows\WindowsUpdate.log2013-09-26 08:36 - 2010-04-28 04:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-25 18:45 - 2006-11-02 04:46 - 00703516 _____ C:\Windows\System32\PerfStringBackup.INI2013-09-25 18:25 - 2013-08-03 11:16 - 00000000 ____D C:\Users\Carl.Office-PC\Desktop\Lisa jobs2013-09-24 16:30 - 2010-12-04 10:51 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\Susan2013-09-24 16:07 - 2013-09-05 16:31 - 00000151 _____ C:\Users\Carl.Office-PC\Documents\CSSBB.pe2013-09-24 04:34 - 2012-11-11 10:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-09-24 04:32 - 2009-08-25 07:54 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\PowerDVD DX2013-09-23 20:43 - 2013-09-23 20:37 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\New Folder2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Roaming\CyberLink2013-09-23 19:17 - 2013-09-23 19:17 - 00000000 ____D C:\ProgramData\CyberLink2013-09-23 19:17 - 2009-08-25 07:51 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\VirtualStore2013-09-23 10:08 - 2009-10-30 16:07 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Roaming\PrimoPDF2013-09-20 04:38 - 2012-05-10 18:25 - 00000106 _____ C:\Windows\VaultMediaClient.INI2013-09-20 04:33 - 2013-09-20 04:33 - 00001696 _____ C:\Users\Public\Desktop\iTunes.lnk2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iTunes2013-09-20 04:33 - 2013-09-20 04:33 - 00000000 ____D C:\Program Files\iPod2013-09-20 04:33 - 2013-01-09 20:37 - 00000000 ____D C:\Program Files (x86)\iTunes2013-09-20 04:27 - 2009-08-25 07:51 - 00000000 ____D C:\users\Carl.Office-PC2013-09-12 10:20 - 2013-09-12 10:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-11 23:32 - 2006-11-02 07:21 - 00429680 _____ C:\Windows\System32\FNTCACHE.DAT2013-09-11 23:14 - 2013-07-15 23:06 - 00000000 ____D C:\Windows\System32\MRT2013-09-11 23:12 - 2010-11-29 10:26 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-11 23:12 - 2006-11-02 04:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe2013-09-10 13:20 - 2009-08-25 09:59 - 00000000 ____D C:\Users\Carl.Office-PC\AppData\Local\Apple Computer2013-09-05 16:31 - 2013-09-05 16:31 - 00001855 _____ C:\Users\Carl.Office-PC\Desktop\CSSBB Exam.lnk2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Windows\CSSBB Exam2013-09-05 16:31 - 2013-09-05 16:31 - 00000000 ____D C:\Program Files (x86)\CSSBB Exam-5.142013-09-03 11:04 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV2013-08-31 12:43 - 2013-08-29 18:08 - 00000000 ____D C:\Users\Carl.Office-PC\Documents\Outlook Files==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: <===== ATTENTION!HKLM\...\exefile\DefaultIcon: <===== ATTENTION!HKLM\...\exefile\open\command: <===== ATTENTION!==================== Restore Points =========================25Restore point made on: 2013-09-05 20:00:22Restore point made on: 2013-09-06 20:00:21Restore point made on: 2013-09-07 20:00:21Restore point made on: 2013-09-11 23:00:58Restore point made on: 2013-09-12 20:00:26Restore point made on: 2013-09-12 23:00:23Restore point made on: 2013-09-13 20:00:21Restore point made on: 2013-09-14 20:00:23Restore point made on: 2013-09-15 20:00:22Restore point made on: 2013-09-16 20:00:19Restore point made on: 2013-09-17 20:00:22Restore point made on: 2013-09-18 16:18:44Restore point made on: 2013-09-18 20:00:25Restore point made on: 2013-09-19 20:00:30Restore point made on: 2013-09-20 04:27:16Restore point made on: 2013-09-20 04:47:56Restore point made on: 2013-09-20 20:11:07Restore point made on: 2013-09-21 20:00:30Restore point made on: 2013-09-22 11:21:30Restore point made on: 2013-09-22 21:15:09Restore point made on: 2013-09-23 19:41:30Restore point made on: 2013-09-23 20:43:25Restore point made on: 2013-09-24 06:00:41Restore point made on: 2013-09-24 20:04:55Restore point made on: 2013-09-25 20:00:28==================== Memory info ===========================Percentage of memory in use: 9%Total physical RAM: 6134.26 MBAvailable physical RAM: 5562.32 MBTotal Pagefile: 5944.15 MBAvailable Pagefile: 5536.32 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:916.44 GB) (Free:573.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: () (Removable) (Total:0.95 GB) (Free:0.92 GB) FATDrive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.67 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: B0000000)Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=916 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 969 MB) (Disk ID: 00000000)Partition 1: (Not Active) - (Size=969 MB) - (Type=06)LastRegBack: 2013-09-26 10:38==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Recommended Posts