Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef repairing problem


  • This topic is locked This topic is locked
25 replies to this topic

#1 hitman510

hitman510

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 20 August 2012 - 10:55 PM

Have been looking into how to fix a family members desktop. Came to visit her and discovered that her security updates haven't been renewed since april. I updated the security protocol and ran the software. in the middle of running Microsoft Security Essentials the scan showed that there was two severe problems in the computer. The report showed a Sirefef.r and Sirefef.ah Virus and Trojan and started going into a automatic shut down. Was able to restart the computer multiple times and into about the 5th minute would say that it had suffered a critical problem and is going to restart to try to fix the problem. After about the 10th time of trying to quarantine the problem, the computer shut down and wasn't able to start the windows vista os.

Found a copy of vista and started to try to boot and recover the the hard drive and found that the cd boot repair wasn't able to fix it.

Did ome research on a mac computer and found this link on how to fix it.
http://www.bleepingcomputer.com/forums/topic458098.html

After reading through and doing what Aaflac told others to do I came up with this text from the FRST.EXE run and came up with this text saved onto the flash drive.

If anyone sees or knows of how to fix this please post a reply.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 20-08-2012 20:10:47
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-02-26] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-02-26] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-02-26] (Intel Corporation)
HKLM\...\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2009-09-09] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2011-09-28] (LG Electronics)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h [42536 2012-07-04] (MindSpark)
HKLM\...\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~1\MAPSGA~2\bar\1.bin\39brmon.exe [30096 2012-07-04] (VER_COMPANY_NAME)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h [42536 2012-08-11] (MindSpark)
HKLM\...\Run: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe [30096 2012-08-11] (VER_COMPANY_NAME)
HKU\Clarence\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Clarence\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-28] (Google Inc.)
HKU\Clarence\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex [39408 2011-01-28] (Google Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Hope\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-07-21] (Hewlett-Packard Company)
HKU\Hope\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Hope\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-28] (Google Inc.)
HKU\Hope\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Hope\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Hope\...\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Hope\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-03] (Skype Technologies S.A.)
HKU\khalifani\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\khalifani\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-28] (Google Inc.)
HKU\Mikki\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mikki\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Hope\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()
Startup: C:\Users\Hope\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mikki\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 MapsGalaxy_39Service; C:\PROGRA~1\MAPSGA~2\bar\1.bin\39barsvc.exe [42504 2012-07-04] (COMPANYVERS_NAME)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 RapportMgmtService; "C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-29] (Trusteer Ltd.)
2 TelevisionFanaticService; C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe [42504 2012-08-11] (COMPANYVERS_NAME)
2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.001\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-06-11] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-06-11] (Symantec Corporation)
3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120711.001\IDSvix86.sys [382624 2012-06-14] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120711.018\NAVENG.SYS [87928 2012-06-11] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120711.018\NAVEX15.SYS [1589752 2012-06-11] (Symantec Corporation)
1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [228376 2012-08-08] ()
1 RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [71480 2012-07-29] (Trusteer Ltd.)
3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-05-28] (Trusteer Ltd.)
0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [65848 2012-07-29] (Trusteer Ltd.)
1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [166840 2012-07-29] (Trusteer Ltd.)
3 SRTSP; C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1308000.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1308000.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-06-12] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [149624 2012-04-17] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1308000.00E\SYMTDIV.SYS [345208 2012-04-17] (Symantec Corporation)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-14] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-14] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-14] (LG Electronics Inc.)
3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-19 20:00 - 2012-08-19 20:00 - 00000000 ___SD C:\32788R22FWJFW
2012-08-19 19:55 - 2012-08-19 19:56 - 00000714 ____A C:\Windows\setupact.log
2012-08-19 19:55 - 2012-08-19 19:55 - 00000000 ____A C:\Windows\setuperr.log
2012-08-19 19:53 - 2012-08-19 19:56 - 00000000 ____D C:\FRST
2012-08-19 17:03 - 2012-08-19 17:03 - 00000000 ____D C:\93a0d7a675e5ac46fade238d
2012-08-19 17:01 - 2012-08-19 17:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-19 15:03 - 2012-08-19 15:03 - 00062069 ____A C:\Users\Hope\Documents\fiberboard.odt
2012-08-17 16:57 - 2012-08-17 16:58 - 00044278 ____A C:\Users\Hope\Documents\jewels.odt
2012-08-13 17:37 - 2012-08-13 17:37 - 00067267 ____A C:\Users\Hope\Documents\dancing.odt
2012-08-11 22:48 - 2012-08-11 22:48 - 00000000 ____D C:\Users\Mikki\AppData\Local\TelevisionFanatic
2012-08-11 22:48 - 2012-08-11 22:48 - 00000000 ____D C:\Program Files\TelevisionFanatic
2012-08-09 16:26 - 2012-08-09 16:26 - 00024052 ____A C:\Users\Hope\Documents\amber 2.odt
2012-08-09 12:53 - 2012-08-09 12:53 - 00014809 ____A C:\Users\Hope\Documents\prayer for grandchildren.odt
2012-08-08 22:29 - 2012-08-08 22:29 - 00113414 ____A C:\Users\Hope\Documents\chocker.odt
2012-08-06 09:33 - 2012-08-06 19:53 - 00219300 ____A C:\Users\Hope\Documents\smokey.odt
2012-08-03 14:17 - 2012-08-03 14:17 - 00031612 ____A C:\Users\Hope\Documents\fabric bracelet.odt
2012-07-29 19:52 - 2012-07-29 19:52 - 00065848 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2012-07-29 15:38 - 2012-07-29 15:38 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-29 15:37 - 2012-07-29 15:38 - 00000000 ____D C:\Program Files\iTunes
2012-07-29 15:37 - 2012-07-29 15:37 - 00000000 ____D C:\Program Files\iPod
2012-07-28 18:51 - 2012-07-28 18:51 - 00093157 ____A C:\Users\Hope\Documents\papermache.odt
2012-07-25 22:07 - 2012-07-28 10:44 - 00113152 ____A C:\Users\Hope\Documents\purple2.odt
2012-07-25 09:01 - 2012-07-25 09:01 - 00112452 ____A C:\Users\Hope\Documents\iran 2.odt
2012-07-24 14:49 - 2012-07-24 14:49 - 00038702 ____A C:\Users\Hope\Documents\iran.odt
2012-07-22 12:20 - 2012-07-23 07:48 - 00055171 ____A C:\Users\Hope\Documents\blue.odt
2012-07-22 11:13 - 2012-07-22 11:13 - 00014715 ____A C:\Users\Hope\Documents\chicken stew.odt

============ 3 Months Modified Files ========================

2012-08-20 17:36 - 2006-11-02 02:22 - 37224448 ____A C:\Windows\System32\config\software_previous
2012-08-20 17:36 - 2006-11-02 02:22 - 33030144 ____A C:\Windows\System32\config\system_previous
2012-08-20 17:31 - 2006-11-02 02:22 - 36700160 ____A C:\Windows\System32\config\components_previous
2012-08-20 17:31 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-08-19 20:17 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-08-19 20:17 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-08-19 20:16 - 2008-01-20 17:35 - 01318867 ____A C:\Windows\WindowsUpdate.log
2012-08-19 19:56 - 2012-08-19 19:55 - 00000714 ____A C:\Windows\setupact.log
2012-08-19 19:55 - 2012-08-19 19:55 - 00000000 ____A C:\Windows\setuperr.log
2012-08-19 15:03 - 2012-08-19 15:03 - 00062069 ____A C:\Users\Hope\Documents\fiberboard.odt
2012-08-19 09:55 - 2011-01-28 13:47 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-19 09:55 - 2011-01-28 13:47 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-18 16:02 - 2006-11-02 04:47 - 00003760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-18 16:02 - 2006-11-02 04:47 - 00003760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-18 15:07 - 2012-05-14 07:29 - 00000434 ___AH C:\Windows\Tasks\Norton Security Scan for Hope.job
2012-08-17 16:58 - 2012-08-17 16:57 - 00044278 ____A C:\Users\Hope\Documents\jewels.odt
2012-08-17 15:59 - 2011-01-28 12:53 - 00005324 ____A C:\Users\Mikki\AppData\Local\d3d9caps.dat
2012-08-17 11:57 - 2006-11-02 02:33 - 00703214 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-17 11:51 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-17 11:20 - 2006-11-02 05:01 - 00032534 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-14 19:40 - 2012-06-11 07:48 - 00002169 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-08-14 17:58 - 2012-05-10 17:26 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-13 17:37 - 2012-08-13 17:37 - 00067267 ____A C:\Users\Hope\Documents\dancing.odt
2012-08-12 22:12 - 2011-01-26 05:39 - 00009728 ____A C:\Users\Hope\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-12 06:16 - 2008-01-20 18:47 - 00037494 ____A C:\Windows\PFRO.log
2012-08-09 16:26 - 2012-08-09 16:26 - 00024052 ____A C:\Users\Hope\Documents\amber 2.odt
2012-08-09 12:53 - 2012-08-09 12:53 - 00014809 ____A C:\Users\Hope\Documents\prayer for grandchildren.odt
2012-08-08 22:29 - 2012-08-08 22:29 - 00113414 ____A C:\Users\Hope\Documents\chocker.odt
2012-08-07 14:46 - 2012-04-03 14:47 - 00000398 ____A C:\Windows\Tasks\EasyShare Registration Task.job
2012-08-06 19:53 - 2012-08-06 09:33 - 00219300 ____A C:\Users\Hope\Documents\smokey.odt
2012-08-06 18:09 - 2011-11-30 19:55 - 00021464 ____A C:\Users\Mikki\Documents\lor laura smyrl.xps
2012-08-03 14:17 - 2012-08-03 14:17 - 00031612 ____A C:\Users\Hope\Documents\fabric bracelet.odt
2012-07-29 19:52 - 2012-07-29 19:52 - 00065848 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2012-07-29 15:38 - 2012-07-29 15:38 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-28 18:51 - 2012-07-28 18:51 - 00093157 ____A C:\Users\Hope\Documents\papermache.odt
2012-07-28 10:44 - 2012-07-25 22:07 - 00113152 ____A C:\Users\Hope\Documents\purple2.odt
2012-07-25 09:01 - 2012-07-25 09:01 - 00112452 ____A C:\Users\Hope\Documents\iran 2.odt
2012-07-24 14:49 - 2012-07-24 14:49 - 00038702 ____A C:\Users\Hope\Documents\iran.odt
2012-07-23 07:48 - 2012-07-22 12:20 - 00055171 ____A C:\Users\Hope\Documents\blue.odt
2012-07-22 11:13 - 2012-07-22 11:13 - 00014715 ____A C:\Users\Hope\Documents\chicken stew.odt
2012-07-20 20:36 - 2012-07-20 20:36 - 00032231 ____A C:\Users\Hope\Documents\how to make paper beads.odt
2012-07-20 19:28 - 2012-07-20 19:28 - 00161570 ____A C:\Users\Hope\Documents\paper necklace.odt
2012-07-18 11:57 - 2012-07-18 11:57 - 00431181 ____A C:\Users\Hope\Documents\crystal earrings.odt
2012-07-15 22:12 - 2012-07-15 22:10 - 00080727 ____A C:\Users\Mikki\Documents\Patricia King.xps
2012-07-14 10:55 - 2012-07-12 22:37 - 00099992 ____A C:\Users\Hope\Documents\drop earrings.odt
2012-07-14 10:50 - 2012-07-14 10:50 - 00073086 ____A C:\Users\Hope\Documents\HAVE YOU EVER SEEN A SINK HOLE.odt
2012-07-12 15:59 - 2012-07-12 15:59 - 00155058 ____A C:\Users\Hope\Documents\uniquen2.odt
2012-07-11 07:40 - 2012-07-11 07:40 - 00089277 ____A C:\Users\Hope\Documents\chandliers.odt
2012-07-07 19:32 - 2012-07-07 19:32 - 00158749 ____A C:\Users\Hope\Documents\new jewels.odt
2012-07-07 16:49 - 2012-07-07 16:49 - 00190214 ____A C:\Users\Hope\Documents\new bracelets.odt
2012-07-05 12:27 - 2012-07-05 12:27 - 00032580 ____A C:\Users\Hope\Documents\royalty bracelet.odt
2012-07-04 12:39 - 2012-07-04 12:39 - 00058424 ____A C:\Users\Hope\Documents\earrings 9.odt
2012-07-04 12:00 - 2012-07-04 12:00 - 00064943 ____A C:\Users\Hope\Documents\earrings8.odt
2012-06-26 21:36 - 2012-06-26 21:34 - 00002061 ____A C:\Users\Public\Desktop\MP830 On-screen Manual.lnk
2012-06-26 09:37 - 2012-06-26 09:37 - 01805736 ____A (Symantec Corporation) C:\Users\Hope\Downloads\FixZeroAccess.exe
2012-06-23 15:08 - 2012-06-23 15:08 - 00049959 ____A C:\Users\Hope\Documents\coral2.odt
2012-06-20 17:27 - 2012-06-20 17:26 - 00034262 ____A C:\Users\Hope\Documents\unusual neck.odt
2012-06-14 08:46 - 2006-11-02 04:47 - 00257472 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 08:22 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-13 15:46 - 2012-06-13 15:46 - 00047751 ____A C:\Users\Hope\Documents\glass earrings.odt
2012-06-12 06:15 - 2012-06-11 07:48 - 00141944 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-06-12 06:15 - 2012-06-11 07:48 - 00007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-06-12 05:51 - 2011-01-19 15:14 - 00005324 ____A C:\Users\Hope\AppData\Local\d3d9caps.dat
2012-06-11 07:46 - 2012-03-20 11:39 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 17:42 - 2012-06-09 17:42 - 00147795 ____A C:\Users\Hope\Documents\glass bracelets.odt
2012-06-08 17:16 - 2012-06-08 17:16 - 00000136 ____A C:\Users\Hope\Desktop\Spider Solitaire - Shortcut.lnk
2012-06-02 14:19 - 2012-06-23 06:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 06:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 06:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 06:45 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 06:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-23 06:45 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-23 06:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-23 06:45 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-23 06:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 08:54 - 2012-06-02 08:54 - 10288512 ____A (Microsoft Corporation) C:\Users\Hope\Downloads\mseinstall.exe
2012-06-02 08:54 - 2012-06-02 08:54 - 10288512 ____A (Microsoft Corporation) C:\Users\Hope\Downloads\mseinstall (1).exe
2012-06-02 07:52 - 2012-06-02 07:51 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-02 07:52 - 2011-06-26 07:10 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-26 08:21 - 2012-05-26 08:21 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk


ZeroAccess:
C:\Windows\Installer\{3216c29f-d98b-7f9c-4b83-af4453bfa455}
C:\Windows\Installer\{3216c29f-d98b-7f9c-4b83-af4453bfa455}\@
C:\Windows\Installer\{3216c29f-d98b-7f9c-4b83-af4453bfa455}\L
C:\Windows\Installer\{3216c29f-d98b-7f9c-4b83-af4453bfa455}\n
C:\Windows\Installer\{3216c29f-d98b-7f9c-4b83-af4453bfa455}\U
C:\Windows\Installer\{3216c29f-d98b-7f9c-4b83-af4453bfa455}\U\00000001.@
C:\Windows\Installer\{3216c29f-d98b-7f9c-4b83-af4453bfa455}\U\80000000.@
C:\Windows\Installer\{3216c29f-d98b-7f9c-4b83-af4453bfa455}\U\800000cb.@

ZeroAccess:
C:\Users\Mikki\AppData\Local\{3216c29f-d98b-7f9c-4b83-af4453bfa455}
C:\Users\Mikki\AppData\Local\{3216c29f-d98b-7f9c-4b83-af4453bfa455}\@
C:\Users\Mikki\AppData\Local\{3216c29f-d98b-7f9c-4b83-af4453bfa455}\L
C:\Users\Mikki\AppData\Local\{3216c29f-d98b-7f9c-4b83-af4453bfa455}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3061.58 MB
Available physical RAM: 2565.59 MB
Total Pagefile: 2834.02 MB
Available Pagefile: 2617.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.95 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:359.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (20080525_094402) (CDROM) (Total:4.27 GB) (Free:0 GB) CDFS
3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 3824 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 466 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3824 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 3824 MB Healthy

==================================================================================

Last Boot: 2012-08-17 11:58

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 21 August 2012 - 09:58 AM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
C:\Windows\Installer\{3216c29f-d98b-7f9c-4b83-af4453bfa455}
C:\Users\Mikki\AppData\Local\{3216c29f-d98b-7f9c-4b83-af4453bfa455}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 hitman510

hitman510
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 21 August 2012 - 05:05 PM

Installed the fixlist.txt into the frst.exe running off the command prompt like you told me to... then restarted the computer and nothing changed... tried running the combofix from the command prompt on the advanced boot list and the computer restarted. nothing changed and I still can't get the computer to load at all.

ps. no logs were produced

Edited by hitman510, 21 August 2012 - 05:06 PM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 21 August 2012 - 05:49 PM

The Frstlog.txt should be on your flash drive

PLease do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Folder: c:\boot
cmd: bcdedit /enum all /v 
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


  • While you are still booted into System Recovery Options run FRST.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

    Click Search button and post the log it makes to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 hitman510

hitman510
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 21 August 2012 - 07:09 PM

here is the fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 2012-08-21 17:00:04 Run:2
Running from E:\

==============================================


========================= Folder: c:\boot ========================

2011-01-19 15:06 - 2012-08-21 16:55 - 0024576 __ASH () c:\boot\BCD
2011-01-19 15:06 - 2012-08-21 16:55 - 0021504 __ASH () c:\boot\BCD.LOG
2011-01-19 15:06 - 2011-01-19 15:06 - 0000000 ___AH () c:\boot\BCD.LOG1
2011-01-19 15:06 - 2011-01-19 15:06 - 0000000 ___AH () c:\boot\BCD.LOG2
2011-01-19 15:06 - 2011-01-19 15:06 - 0065536 __ASH () c:\boot\bootstat.dat
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\cs-CZ
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\da-DK
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\de-DE
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\el-GR
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\en-US
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\es-ES
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\fi-FI
2011-01-19 15:06 - 2011-01-19 15:06 - 0000000 ____D () c:\boot\Fonts
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\fr-FR
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\hu-HU
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\it-IT
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\ja-JP
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\ko-KR
2011-01-19 15:06 - 2009-04-10 22:32 - 0405992 ____A (Microsoft Corporation) c:\boot\memtest.exe
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\nb-NO
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\nl-NL
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\pl-PL
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\pt-BR
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\pt-PT
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\ru-RU
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\sv-SE
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\tr-TR
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\zh-CN
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\zh-HK
2011-01-19 15:06 - 2011-06-02 19:08 - 0000000 ____D () c:\boot\zh-TW
2011-01-19 15:06 - 2008-01-20 18:24 - 0068096 ____A (Microsoft Corporation) c:\boot\cs-CZ\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0067072 ____A (Microsoft Corporation) c:\boot\da-DK\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0070656 ____A (Microsoft Corporation) c:\boot\de-DE\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:23 - 0073216 ____A (Microsoft Corporation) c:\boot\el-GR\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:23 - 0066560 ____A (Microsoft Corporation) c:\boot\en-US\bootmgr.exe.mui
2011-01-19 15:06 - 2006-11-02 04:41 - 0036352 ____A (Microsoft Corporation) c:\boot\en-US\memtest.exe.mui
2011-01-19 15:06 - 2008-01-20 18:23 - 0069632 ____A (Microsoft Corporation) c:\boot\es-ES\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:23 - 0068096 ____A (Microsoft Corporation) c:\boot\fi-FI\bootmgr.exe.mui
2011-01-19 15:06 - 2006-09-18 13:28 - 3694080 ____A () c:\boot\Fonts\chs_boot.ttf
2011-01-19 15:06 - 2006-09-18 13:28 - 3876772 ____A () c:\boot\Fonts\cht_boot.ttf
2011-01-19 15:06 - 2006-09-18 13:28 - 1984228 ____A () c:\boot\Fonts\jpn_boot.ttf
2011-01-19 15:06 - 2006-09-18 13:28 - 2371360 ____A () c:\boot\Fonts\kor_boot.ttf
2011-01-19 15:06 - 2006-09-18 13:28 - 0047452 ____A () c:\boot\Fonts\wgl4_boot.ttf
2011-01-19 15:06 - 2008-01-20 18:23 - 0072192 ____A (Microsoft Corporation) c:\boot\fr-FR\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:25 - 0070144 ____A (Microsoft Corporation) c:\boot\hu-HU\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0070144 ____A (Microsoft Corporation) c:\boot\it-IT\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0056320 ____A (Microsoft Corporation) c:\boot\ja-JP\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0056832 ____A (Microsoft Corporation) c:\boot\ko-KR\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0067584 ____A (Microsoft Corporation) c:\boot\nb-NO\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0070144 ____A (Microsoft Corporation) c:\boot\nl-NL\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0070144 ____A (Microsoft Corporation) c:\boot\pl-PL\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0069632 ____A (Microsoft Corporation) c:\boot\pt-BR\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0069632 ____A (Microsoft Corporation) c:\boot\pt-PT\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0069120 ____A (Microsoft Corporation) c:\boot\ru-RU\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0067584 ____A (Microsoft Corporation) c:\boot\sv-SE\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:24 - 0067584 ____A (Microsoft Corporation) c:\boot\tr-TR\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:23 - 0053248 ____A (Microsoft Corporation) c:\boot\zh-CN\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:23 - 0051712 ____A (Microsoft Corporation) c:\boot\zh-HK\bootmgr.exe.mui
2011-01-19 15:06 - 2008-01-20 18:23 - 0051712 ____A (Microsoft Corporation) c:\boot\zh-TW\bootmgr.exe.mui

====== End of Folder: ======

========= bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {bc5a8754-2420-11e0-a885-948dd636aef4}
resumeobject {bc5a8755-2420-11e0-a885-948dd636aef4}
displayorder {bc5a8754-2420-11e0-a885-948dd636aef4}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
resume No

Windows Boot Loader
-------------------
identifier {bc5a8754-2420-11e0-a885-948dd636aef4}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice partition=C:
systemroot \Windows
resumeobject {bc5a8755-2420-11e0-a885-948dd636aef4}
nx OptIn

Resume from Hibernate
---------------------
identifier {bc5a8755-2420-11e0-a885-948dd636aef4}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device partition=C:
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

========= End of CMD: =========


==== End of Fixlog ====

here is the FRST.txt log

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 21-08-2012 17:00:24
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-02-26] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-02-26] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-02-26] (Intel Corporation)
HKLM\...\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2009-09-09] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2011-09-28] (LG Electronics)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h [42536 2012-07-04] (MindSpark)
HKLM\...\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~1\MAPSGA~2\bar\1.bin\39brmon.exe [30096 2012-07-04] (VER_COMPANY_NAME)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h [42536 2012-08-11] (MindSpark)
HKLM\...\Run: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe [30096 2012-08-11] (VER_COMPANY_NAME)
HKU\Clarence\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Clarence\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-28] (Google Inc.)
HKU\Clarence\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex [39408 2011-01-28] (Google Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Hope\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-07-21] (Hewlett-Packard Company)
HKU\Hope\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Hope\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-28] (Google Inc.)
HKU\Hope\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Hope\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Hope\...\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Hope\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-03] (Skype Technologies S.A.)
HKU\khalifani\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\khalifani\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-28] (Google Inc.)
HKU\Mikki\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mikki\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Hope\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()
Startup: C:\Users\Hope\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mikki\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 MapsGalaxy_39Service; C:\PROGRA~1\MAPSGA~2\bar\1.bin\39barsvc.exe [42504 2012-07-04] (COMPANYVERS_NAME)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 RapportMgmtService; "C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-29] (Trusteer Ltd.)
2 TelevisionFanaticService; C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe [42504 2012-08-11] (COMPANYVERS_NAME)
2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.001\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-06-11] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-06-11] (Symantec Corporation)
3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120711.001\IDSvix86.sys [382624 2012-06-14] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120711.018\NAVENG.SYS [87928 2012-06-11] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120711.018\NAVEX15.SYS [1589752 2012-06-11] (Symantec Corporation)
1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [228376 2012-08-08] ()
1 RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [71480 2012-07-29] (Trusteer Ltd.)
3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-05-28] (Trusteer Ltd.)
0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [65848 2012-07-29] (Trusteer Ltd.)
1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [166840 2012-07-29] (Trusteer Ltd.)
3 SRTSP; C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1308000.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1308000.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-06-12] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [149624 2012-04-17] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1308000.00E\SYMTDIV.SYS [345208 2012-04-17] (Symantec Corporation)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-14] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-14] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-14] (LG Electronics Inc.)
3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-19 20:00 - 2012-08-19 20:00 - 00000000 ___SD C:\32788R22FWJFW
2012-08-19 19:55 - 2012-08-19 19:56 - 00000714 ____A C:\Windows\setupact.log
2012-08-19 19:55 - 2012-08-19 19:55 - 00000000 ____A C:\Windows\setuperr.log
2012-08-19 19:53 - 2012-08-19 19:56 - 00000000 ____D C:\FRST
2012-08-19 17:03 - 2012-08-19 17:03 - 00000000 ____D C:\93a0d7a675e5ac46fade238d
2012-08-19 17:01 - 2012-08-19 17:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-19 15:03 - 2012-08-19 15:03 - 00062069 ____A C:\Users\Hope\Documents\fiberboard.odt
2012-08-17 16:57 - 2012-08-17 16:58 - 00044278 ____A C:\Users\Hope\Documents\jewels.odt
2012-08-13 17:37 - 2012-08-13 17:37 - 00067267 ____A C:\Users\Hope\Documents\dancing.odt
2012-08-11 22:48 - 2012-08-11 22:48 - 00000000 ____D C:\Users\Mikki\AppData\Local\TelevisionFanatic
2012-08-11 22:48 - 2012-08-11 22:48 - 00000000 ____D C:\Program Files\TelevisionFanatic
2012-08-09 16:26 - 2012-08-09 16:26 - 00024052 ____A C:\Users\Hope\Documents\amber 2.odt
2012-08-09 12:53 - 2012-08-09 12:53 - 00014809 ____A C:\Users\Hope\Documents\prayer for grandchildren.odt
2012-08-08 22:29 - 2012-08-08 22:29 - 00113414 ____A C:\Users\Hope\Documents\chocker.odt
2012-08-06 09:33 - 2012-08-06 19:53 - 00219300 ____A C:\Users\Hope\Documents\smokey.odt
2012-08-03 14:17 - 2012-08-03 14:17 - 00031612 ____A C:\Users\Hope\Documents\fabric bracelet.odt
2012-07-29 19:52 - 2012-07-29 19:52 - 00065848 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2012-07-29 15:38 - 2012-07-29 15:38 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-29 15:37 - 2012-07-29 15:38 - 00000000 ____D C:\Program Files\iTunes
2012-07-29 15:37 - 2012-07-29 15:37 - 00000000 ____D C:\Program Files\iPod
2012-07-28 18:51 - 2012-07-28 18:51 - 00093157 ____A C:\Users\Hope\Documents\papermache.odt
2012-07-25 22:07 - 2012-07-28 10:44 - 00113152 ____A C:\Users\Hope\Documents\purple2.odt
2012-07-25 09:01 - 2012-07-25 09:01 - 00112452 ____A C:\Users\Hope\Documents\iran 2.odt
2012-07-24 14:49 - 2012-07-24 14:49 - 00038702 ____A C:\Users\Hope\Documents\iran.odt
2012-07-22 12:20 - 2012-07-23 07:48 - 00055171 ____A C:\Users\Hope\Documents\blue.odt
2012-07-22 11:13 - 2012-07-22 11:13 - 00014715 ____A C:\Users\Hope\Documents\chicken stew.odt

============ 3 Months Modified Files ========================

2012-08-20 17:36 - 2006-11-02 02:22 - 37224448 ____A C:\Windows\System32\config\software_previous
2012-08-20 17:36 - 2006-11-02 02:22 - 33030144 ____A C:\Windows\System32\config\system_previous
2012-08-20 17:31 - 2006-11-02 02:22 - 36700160 ____A C:\Windows\System32\config\components_previous
2012-08-20 17:31 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-08-19 20:17 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-08-19 20:17 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-08-19 20:16 - 2008-01-20 17:35 - 01318867 ____A C:\Windows\WindowsUpdate.log
2012-08-19 19:56 - 2012-08-19 19:55 - 00000714 ____A C:\Windows\setupact.log
2012-08-19 19:55 - 2012-08-19 19:55 - 00000000 ____A C:\Windows\setuperr.log
2012-08-19 15:03 - 2012-08-19 15:03 - 00062069 ____A C:\Users\Hope\Documents\fiberboard.odt
2012-08-19 09:55 - 2011-01-28 13:47 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-19 09:55 - 2011-01-28 13:47 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-18 16:02 - 2006-11-02 04:47 - 00003760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-18 16:02 - 2006-11-02 04:47 - 00003760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-18 15:07 - 2012-05-14 07:29 - 00000434 ___AH C:\Windows\Tasks\Norton Security Scan for Hope.job
2012-08-17 16:58 - 2012-08-17 16:57 - 00044278 ____A C:\Users\Hope\Documents\jewels.odt
2012-08-17 15:59 - 2011-01-28 12:53 - 00005324 ____A C:\Users\Mikki\AppData\Local\d3d9caps.dat
2012-08-17 11:57 - 2006-11-02 02:33 - 00703214 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-17 11:51 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-17 11:20 - 2006-11-02 05:01 - 00032534 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-14 19:40 - 2012-06-11 07:48 - 00002169 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-08-14 17:58 - 2012-05-10 17:26 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-13 17:37 - 2012-08-13 17:37 - 00067267 ____A C:\Users\Hope\Documents\dancing.odt
2012-08-12 22:12 - 2011-01-26 05:39 - 00009728 ____A C:\Users\Hope\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-12 06:16 - 2008-01-20 18:47 - 00037494 ____A C:\Windows\PFRO.log
2012-08-09 16:26 - 2012-08-09 16:26 - 00024052 ____A C:\Users\Hope\Documents\amber 2.odt
2012-08-09 12:53 - 2012-08-09 12:53 - 00014809 ____A C:\Users\Hope\Documents\prayer for grandchildren.odt
2012-08-08 22:29 - 2012-08-08 22:29 - 00113414 ____A C:\Users\Hope\Documents\chocker.odt
2012-08-07 14:46 - 2012-04-03 14:47 - 00000398 ____A C:\Windows\Tasks\EasyShare Registration Task.job
2012-08-06 19:53 - 2012-08-06 09:33 - 00219300 ____A C:\Users\Hope\Documents\smokey.odt
2012-08-06 18:09 - 2011-11-30 19:55 - 00021464 ____A C:\Users\Mikki\Documents\lor laura smyrl.xps
2012-08-03 14:17 - 2012-08-03 14:17 - 00031612 ____A C:\Users\Hope\Documents\fabric bracelet.odt
2012-07-29 19:52 - 2012-07-29 19:52 - 00065848 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2012-07-29 15:38 - 2012-07-29 15:38 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-28 18:51 - 2012-07-28 18:51 - 00093157 ____A C:\Users\Hope\Documents\papermache.odt
2012-07-28 10:44 - 2012-07-25 22:07 - 00113152 ____A C:\Users\Hope\Documents\purple2.odt
2012-07-25 09:01 - 2012-07-25 09:01 - 00112452 ____A C:\Users\Hope\Documents\iran 2.odt
2012-07-24 14:49 - 2012-07-24 14:49 - 00038702 ____A C:\Users\Hope\Documents\iran.odt
2012-07-23 07:48 - 2012-07-22 12:20 - 00055171 ____A C:\Users\Hope\Documents\blue.odt
2012-07-22 11:13 - 2012-07-22 11:13 - 00014715 ____A C:\Users\Hope\Documents\chicken stew.odt
2012-07-20 20:36 - 2012-07-20 20:36 - 00032231 ____A C:\Users\Hope\Documents\how to make paper beads.odt
2012-07-20 19:28 - 2012-07-20 19:28 - 00161570 ____A C:\Users\Hope\Documents\paper necklace.odt
2012-07-18 11:57 - 2012-07-18 11:57 - 00431181 ____A C:\Users\Hope\Documents\crystal earrings.odt
2012-07-15 22:12 - 2012-07-15 22:10 - 00080727 ____A C:\Users\Mikki\Documents\Patricia King.xps
2012-07-14 10:55 - 2012-07-12 22:37 - 00099992 ____A C:\Users\Hope\Documents\drop earrings.odt
2012-07-14 10:50 - 2012-07-14 10:50 - 00073086 ____A C:\Users\Hope\Documents\HAVE YOU EVER SEEN A SINK HOLE.odt
2012-07-12 15:59 - 2012-07-12 15:59 - 00155058 ____A C:\Users\Hope\Documents\uniquen2.odt
2012-07-11 07:40 - 2012-07-11 07:40 - 00089277 ____A C:\Users\Hope\Documents\chandliers.odt
2012-07-07 19:32 - 2012-07-07 19:32 - 00158749 ____A C:\Users\Hope\Documents\new jewels.odt
2012-07-07 16:49 - 2012-07-07 16:49 - 00190214 ____A C:\Users\Hope\Documents\new bracelets.odt
2012-07-05 12:27 - 2012-07-05 12:27 - 00032580 ____A C:\Users\Hope\Documents\royalty bracelet.odt
2012-07-04 12:39 - 2012-07-04 12:39 - 00058424 ____A C:\Users\Hope\Documents\earrings 9.odt
2012-07-04 12:00 - 2012-07-04 12:00 - 00064943 ____A C:\Users\Hope\Documents\earrings8.odt
2012-06-26 21:36 - 2012-06-26 21:34 - 00002061 ____A C:\Users\Public\Desktop\MP830 On-screen Manual.lnk
2012-06-26 09:37 - 2012-06-26 09:37 - 01805736 ____A (Symantec Corporation) C:\Users\Hope\Downloads\FixZeroAccess.exe
2012-06-23 15:08 - 2012-06-23 15:08 - 00049959 ____A C:\Users\Hope\Documents\coral2.odt
2012-06-20 17:27 - 2012-06-20 17:26 - 00034262 ____A C:\Users\Hope\Documents\unusual neck.odt
2012-06-14 08:46 - 2006-11-02 04:47 - 00257472 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 08:22 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-13 15:46 - 2012-06-13 15:46 - 00047751 ____A C:\Users\Hope\Documents\glass earrings.odt
2012-06-12 06:15 - 2012-06-11 07:48 - 00141944 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-06-12 06:15 - 2012-06-11 07:48 - 00007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-06-12 05:51 - 2011-01-19 15:14 - 00005324 ____A C:\Users\Hope\AppData\Local\d3d9caps.dat
2012-06-11 07:46 - 2012-03-20 11:39 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 17:42 - 2012-06-09 17:42 - 00147795 ____A C:\Users\Hope\Documents\glass bracelets.odt
2012-06-08 17:16 - 2012-06-08 17:16 - 00000136 ____A C:\Users\Hope\Desktop\Spider Solitaire - Shortcut.lnk
2012-06-02 14:19 - 2012-06-23 06:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 06:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 06:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 06:45 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 06:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-23 06:45 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-23 06:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-23 06:45 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-23 06:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 08:54 - 2012-06-02 08:54 - 10288512 ____A (Microsoft Corporation) C:\Users\Hope\Downloads\mseinstall.exe
2012-06-02 08:54 - 2012-06-02 08:54 - 10288512 ____A (Microsoft Corporation) C:\Users\Hope\Downloads\mseinstall (1).exe
2012-06-02 07:52 - 2012-06-02 07:51 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-02 07:52 - 2011-06-26 07:10 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-26 08:21 - 2012-05-26 08:21 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3061.58 MB
Available physical RAM: 2574.06 MB
Total Pagefile: 2835.98 MB
Available Pagefile: 2622.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.95 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:360.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (20080525_094402) (CDROM) (Total:4.27 GB) (Free:0 GB) CDFS
3 Drive e: () (Removable) (Total:3.73 GB) (Free:2.6 GB) FAT32
9 Drive k: (Demon Drive) (Fixed) (Total:931.48 GB) (Free:375.69 GB) exFAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 3824 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 Online 932 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 466 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3824 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 3824 MB Healthy

==================================================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 32 KB

==================================================================================

Disk: 7
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K Demon Drive exFAT Partition 932 GB Healthy

==================================================================================

Last Boot: 2012-08-17 11:58

======================= End Of Log ==========================

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 21 August 2012 - 07:17 PM

what happens when you try and boot normally?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 hitman510

hitman510
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 21 August 2012 - 07:18 PM

Please keep in mind that I cannot load any of the os and have been running command prompts from the advanced boot loading window...

#8 hitman510

hitman510
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 21 August 2012 - 07:22 PM

when I try to boot normally te computer get through the HP start window then tries to load the os on the hard drive. from there it goes into load options asking if I would like to load in safe mode or in one of the other options and when i choose any of the options it goes to the microsoft loading window and restarts.

#9 hitman510

hitman510
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 21 August 2012 - 07:23 PM

in order for me to get to the advanced options through an install cd after running a system repair.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 21 August 2012 - 07:29 PM

ok

try this

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2012-08-17 11:58
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.



  • While you are still booted into System Recovery Options run FRST.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

    Click Search button and post the log it makes to your reply.



let me know if you are able to reboot normally now

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 hitman510

hitman510
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 21 August 2012 - 07:38 PM

Here is the fixlog and the computer is still in a restart position.


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 2012-08-21 17:32:02 Run:3
Running from E:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 21 August 2012 - 07:43 PM

do you have the search log as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 hitman510

hitman510
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 21 August 2012 - 07:48 PM

search.txt

Farbar Recovery Scan Tool Version: 19-08-2012 01
Ran by SYSTEM at 2012-08-21 14:43:12
Running from E:\

================== Search: "fixlist.txt" ===================

=== End Of Search ===

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 21-08-2012 17:32:31
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-02-26] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-02-26] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-02-26] (Intel Corporation)
HKLM\...\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2009-09-09] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2011-09-28] (LG Electronics)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h [42536 2012-07-04] (MindSpark)
HKLM\...\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~1\MAPSGA~2\bar\1.bin\39brmon.exe [30096 2012-07-04] (VER_COMPANY_NAME)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h [42536 2012-08-11] (MindSpark)
HKLM\...\Run: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe [30096 2012-08-11] (VER_COMPANY_NAME)
HKU\Clarence\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Clarence\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-28] (Google Inc.)
HKU\Clarence\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex [39408 2011-01-28] (Google Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Hope\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-07-21] (Hewlett-Packard Company)
HKU\Hope\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Hope\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-28] (Google Inc.)
HKU\Hope\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Hope\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Hope\...\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Hope\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-03] (Skype Technologies S.A.)
HKU\khalifani\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\khalifani\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-28] (Google Inc.)
HKU\Mikki\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mikki\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Hope\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE ()
Startup: C:\Users\Hope\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mikki\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 MapsGalaxy_39Service; C:\PROGRA~1\MAPSGA~2\bar\1.bin\39barsvc.exe [42504 2012-07-04] (COMPANYVERS_NAME)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 RapportMgmtService; "C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-29] (Trusteer Ltd.)
2 TelevisionFanaticService; C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe [42504 2012-08-11] (COMPANYVERS_NAME)
2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.001\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [132768 2012-06-06] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-06-11] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-06-11] (Symantec Corporation)
3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120711.001\IDSvix86.sys [382624 2012-06-14] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120711.018\NAVENG.SYS [87928 2012-06-11] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120711.018\NAVEX15.SYS [1589752 2012-06-11] (Symantec Corporation)
1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys [228376 2012-08-08] ()
1 RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [71480 2012-07-29] (Trusteer Ltd.)
3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-05-28] (Trusteer Ltd.)
0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [65848 2012-07-29] (Trusteer Ltd.)
1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [166840 2012-07-29] (Trusteer Ltd.)
3 SRTSP; C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS [574112 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS [32928 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1308000.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1308000.00E\SYMEFA.SYS [924320 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-06-12] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [149624 2012-04-17] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1308000.00E\SYMTDIV.SYS [345208 2012-04-17] (Symantec Corporation)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-14] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-14] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-14] (LG Electronics Inc.)
3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-21 17:32 - 2012-08-21 17:32 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-08-19 20:00 - 2012-08-19 20:00 - 00000000 ___SD C:\32788R22FWJFW
2012-08-19 19:55 - 2012-08-19 19:56 - 00000714 ____A C:\Windows\setupact.log
2012-08-19 19:55 - 2012-08-19 19:55 - 00000000 ____A C:\Windows\setuperr.log
2012-08-19 19:53 - 2012-08-19 19:56 - 00000000 ____D C:\FRST
2012-08-19 17:03 - 2012-08-19 17:03 - 00000000 ____D C:\93a0d7a675e5ac46fade238d
2012-08-19 17:01 - 2012-08-19 17:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-19 15:03 - 2012-08-19 15:03 - 00062069 ____A C:\Users\Hope\Documents\fiberboard.odt
2012-08-17 16:57 - 2012-08-17 16:58 - 00044278 ____A C:\Users\Hope\Documents\jewels.odt
2012-08-13 17:37 - 2012-08-13 17:37 - 00067267 ____A C:\Users\Hope\Documents\dancing.odt
2012-08-11 22:48 - 2012-08-11 22:48 - 00000000 ____D C:\Users\Mikki\AppData\Local\TelevisionFanatic
2012-08-11 22:48 - 2012-08-11 22:48 - 00000000 ____D C:\Program Files\TelevisionFanatic
2012-08-09 16:26 - 2012-08-09 16:26 - 00024052 ____A C:\Users\Hope\Documents\amber 2.odt
2012-08-09 12:53 - 2012-08-09 12:53 - 00014809 ____A C:\Users\Hope\Documents\prayer for grandchildren.odt
2012-08-08 22:29 - 2012-08-08 22:29 - 00113414 ____A C:\Users\Hope\Documents\chocker.odt
2012-08-06 09:33 - 2012-08-06 19:53 - 00219300 ____A C:\Users\Hope\Documents\smokey.odt
2012-08-03 14:17 - 2012-08-03 14:17 - 00031612 ____A C:\Users\Hope\Documents\fabric bracelet.odt
2012-07-29 19:52 - 2012-07-29 19:52 - 00065848 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2012-07-29 15:38 - 2012-07-29 15:38 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-29 15:37 - 2012-07-29 15:38 - 00000000 ____D C:\Program Files\iTunes
2012-07-29 15:37 - 2012-07-29 15:37 - 00000000 ____D C:\Program Files\iPod
2012-07-28 18:51 - 2012-07-28 18:51 - 00093157 ____A C:\Users\Hope\Documents\papermache.odt
2012-07-25 22:07 - 2012-07-28 10:44 - 00113152 ____A C:\Users\Hope\Documents\purple2.odt
2012-07-25 09:01 - 2012-07-25 09:01 - 00112452 ____A C:\Users\Hope\Documents\iran 2.odt
2012-07-24 14:49 - 2012-07-24 14:49 - 00038702 ____A C:\Users\Hope\Documents\iran.odt
2012-07-22 12:20 - 2012-07-23 07:48 - 00055171 ____A C:\Users\Hope\Documents\blue.odt
2012-07-22 11:13 - 2012-07-22 11:13 - 00014715 ____A C:\Users\Hope\Documents\chicken stew.odt

============ 3 Months Modified Files ========================

2012-08-20 17:36 - 2006-11-02 02:22 - 37224448 ____A C:\Windows\System32\config\software_previous
2012-08-20 17:36 - 2006-11-02 02:22 - 33030144 ____A C:\Windows\System32\config\system_previous
2012-08-20 17:31 - 2006-11-02 02:22 - 36700160 ____A C:\Windows\System32\config\components_previous
2012-08-20 17:31 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-08-19 20:17 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-08-19 20:17 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-08-19 20:16 - 2008-01-20 17:35 - 01318867 ____A C:\Windows\WindowsUpdate.log
2012-08-19 19:56 - 2012-08-19 19:55 - 00000714 ____A C:\Windows\setupact.log
2012-08-19 19:55 - 2012-08-19 19:55 - 00000000 ____A C:\Windows\setuperr.log
2012-08-19 15:03 - 2012-08-19 15:03 - 00062069 ____A C:\Users\Hope\Documents\fiberboard.odt
2012-08-19 09:55 - 2011-01-28 13:47 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-19 09:55 - 2011-01-28 13:47 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-18 16:02 - 2006-11-02 04:47 - 00003760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-18 16:02 - 2006-11-02 04:47 - 00003760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-18 15:07 - 2012-05-14 07:29 - 00000434 ___AH C:\Windows\Tasks\Norton Security Scan for Hope.job
2012-08-17 16:58 - 2012-08-17 16:57 - 00044278 ____A C:\Users\Hope\Documents\jewels.odt
2012-08-17 15:59 - 2011-01-28 12:53 - 00005324 ____A C:\Users\Mikki\AppData\Local\d3d9caps.dat
2012-08-17 11:57 - 2006-11-02 02:33 - 00703214 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-17 11:51 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-17 11:20 - 2006-11-02 05:01 - 00032534 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-14 19:40 - 2012-06-11 07:48 - 00002169 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-08-14 17:58 - 2012-05-10 17:26 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-13 17:37 - 2012-08-13 17:37 - 00067267 ____A C:\Users\Hope\Documents\dancing.odt
2012-08-12 22:12 - 2011-01-26 05:39 - 00009728 ____A C:\Users\Hope\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-12 06:16 - 2008-01-20 18:47 - 00037494 ____A C:\Windows\PFRO.log
2012-08-09 16:26 - 2012-08-09 16:26 - 00024052 ____A C:\Users\Hope\Documents\amber 2.odt
2012-08-09 12:53 - 2012-08-09 12:53 - 00014809 ____A C:\Users\Hope\Documents\prayer for grandchildren.odt
2012-08-08 22:29 - 2012-08-08 22:29 - 00113414 ____A C:\Users\Hope\Documents\chocker.odt
2012-08-07 14:46 - 2012-04-03 14:47 - 00000398 ____A C:\Windows\Tasks\EasyShare Registration Task.job
2012-08-06 19:53 - 2012-08-06 09:33 - 00219300 ____A C:\Users\Hope\Documents\smokey.odt
2012-08-06 18:09 - 2011-11-30 19:55 - 00021464 ____A C:\Users\Mikki\Documents\lor laura smyrl.xps
2012-08-03 14:17 - 2012-08-03 14:17 - 00031612 ____A C:\Users\Hope\Documents\fabric bracelet.odt
2012-07-29 19:52 - 2012-07-29 19:52 - 00065848 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2012-07-29 15:38 - 2012-07-29 15:38 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-28 18:51 - 2012-07-28 18:51 - 00093157 ____A C:\Users\Hope\Documents\papermache.odt
2012-07-28 10:44 - 2012-07-25 22:07 - 00113152 ____A C:\Users\Hope\Documents\purple2.odt
2012-07-25 09:01 - 2012-07-25 09:01 - 00112452 ____A C:\Users\Hope\Documents\iran 2.odt
2012-07-24 14:49 - 2012-07-24 14:49 - 00038702 ____A C:\Users\Hope\Documents\iran.odt
2012-07-23 07:48 - 2012-07-22 12:20 - 00055171 ____A C:\Users\Hope\Documents\blue.odt
2012-07-22 11:13 - 2012-07-22 11:13 - 00014715 ____A C:\Users\Hope\Documents\chicken stew.odt
2012-07-20 20:36 - 2012-07-20 20:36 - 00032231 ____A C:\Users\Hope\Documents\how to make paper beads.odt
2012-07-20 19:28 - 2012-07-20 19:28 - 00161570 ____A C:\Users\Hope\Documents\paper necklace.odt
2012-07-18 11:57 - 2012-07-18 11:57 - 00431181 ____A C:\Users\Hope\Documents\crystal earrings.odt
2012-07-15 22:12 - 2012-07-15 22:10 - 00080727 ____A C:\Users\Mikki\Documents\Patricia King.xps
2012-07-14 10:55 - 2012-07-12 22:37 - 00099992 ____A C:\Users\Hope\Documents\drop earrings.odt
2012-07-14 10:50 - 2012-07-14 10:50 - 00073086 ____A C:\Users\Hope\Documents\HAVE YOU EVER SEEN A SINK HOLE.odt
2012-07-12 15:59 - 2012-07-12 15:59 - 00155058 ____A C:\Users\Hope\Documents\uniquen2.odt
2012-07-11 07:40 - 2012-07-11 07:40 - 00089277 ____A C:\Users\Hope\Documents\chandliers.odt
2012-07-07 19:32 - 2012-07-07 19:32 - 00158749 ____A C:\Users\Hope\Documents\new jewels.odt
2012-07-07 16:49 - 2012-07-07 16:49 - 00190214 ____A C:\Users\Hope\Documents\new bracelets.odt
2012-07-05 12:27 - 2012-07-05 12:27 - 00032580 ____A C:\Users\Hope\Documents\royalty bracelet.odt
2012-07-04 12:39 - 2012-07-04 12:39 - 00058424 ____A C:\Users\Hope\Documents\earrings 9.odt
2012-07-04 12:00 - 2012-07-04 12:00 - 00064943 ____A C:\Users\Hope\Documents\earrings8.odt
2012-06-26 21:36 - 2012-06-26 21:34 - 00002061 ____A C:\Users\Public\Desktop\MP830 On-screen Manual.lnk
2012-06-26 09:37 - 2012-06-26 09:37 - 01805736 ____A (Symantec Corporation) C:\Users\Hope\Downloads\FixZeroAccess.exe
2012-06-23 15:08 - 2012-06-23 15:08 - 00049959 ____A C:\Users\Hope\Documents\coral2.odt
2012-06-20 17:27 - 2012-06-20 17:26 - 00034262 ____A C:\Users\Hope\Documents\unusual neck.odt
2012-06-14 08:46 - 2006-11-02 04:47 - 00257472 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 08:22 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-13 15:46 - 2012-06-13 15:46 - 00047751 ____A C:\Users\Hope\Documents\glass earrings.odt
2012-06-12 06:15 - 2012-06-11 07:48 - 00141944 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-06-12 06:15 - 2012-06-11 07:48 - 00007468 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-06-12 05:51 - 2011-01-19 15:14 - 00005324 ____A C:\Users\Hope\AppData\Local\d3d9caps.dat
2012-06-11 07:46 - 2012-03-20 11:39 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-09 17:42 - 2012-06-09 17:42 - 00147795 ____A C:\Users\Hope\Documents\glass bracelets.odt
2012-06-08 17:16 - 2012-06-08 17:16 - 00000136 ____A C:\Users\Hope\Desktop\Spider Solitaire - Shortcut.lnk
2012-06-02 14:19 - 2012-06-23 06:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 06:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 06:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 06:45 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 06:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-23 06:45 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-23 06:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-23 06:45 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-23 06:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 08:54 - 2012-06-02 08:54 - 10288512 ____A (Microsoft Corporation) C:\Users\Hope\Downloads\mseinstall.exe
2012-06-02 08:54 - 2012-06-02 08:54 - 10288512 ____A (Microsoft Corporation) C:\Users\Hope\Downloads\mseinstall (1).exe
2012-06-02 07:52 - 2012-06-02 07:51 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-02 07:52 - 2011-06-26 07:10 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-26 08:21 - 2012-05-26 08:21 - 00001726 ____A C:\Users\Public\Desktop\QuickTime Player.lnk


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3061.58 MB
Available physical RAM: 2569.99 MB
Total Pagefile: 2835.98 MB
Available Pagefile: 2621.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.95 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:359.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (20080525_094402) (CDROM) (Total:4.27 GB) (Free:0 GB) CDFS
3 Drive e: () (Removable) (Total:3.73 GB) (Free:2.6 GB) FAT32
9 Drive k: (Demon Drive) (Fixed) (Total:931.48 GB) (Free:375.69 GB) exFAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 Online 3824 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 Online 932 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 466 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3824 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 3824 MB Healthy

==================================================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 32 KB

==================================================================================

Disk: 7
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K Demon Drive exFAT Partition 932 GB Healthy

==================================================================================

Last Boot: 2012-08-17 11:58

======================= End Of Log ==========================

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:35 AM

Posted 21 August 2012 - 07:50 PM

I'm looking for the results of the search for services.exe


While you are still booted into System Recovery Options run FRST.

Type the following in the edit box after "Search:" so it looks like this:

Search: services.exe

Click Search button and post the log it makes to your reply.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 hitman510

hitman510
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 21 August 2012 - 07:59 PM

thats all I had but let me run it again and see if I can get more.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users