Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Black Screen and very slow computer


  • This topic is locked This topic is locked
10 replies to this topic

#1 mtdar

mtdar

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 07 January 2013 - 10:00 PM

Hi all,

Gunto was helping me with an infection problem and has suggested that I open a new topic here for advanced help.

Here is the link to the original work that has been done with Gunto so far.

Original Link

The problems I'm having on the computer are two fold. First after I enter the username and password at the login screen the screen will be completely black (no cursor as well) for about 1-2 minutes, then the desktop will appear. After that it takes a very long time to open any programs and use the computer.


Here is the contents of the DDS.txt log file.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38
Run by fowlerpeggy at 21:47:51 on 2013-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1317 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102106p0375v175r48k1s409
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102106p0375v175r48k1s409
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
uRun: [Google Update] "C:\Users\fowlerpeggy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\fowlerpeggy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [NPSStartup] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{01CEAD71-78BE-497A-B872-0ED0D7AC9C71} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2DCF7291-ADAB-4AB6-BE40-46BB94F79BBE} : DHCPNameServer = 167.206.254.2 167.206.254.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102106p0375v175r48k1s409
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\fowlerpeggy\AppData\Roaming\Mozilla\Firefox\Profiles\3y2imwel.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\fowlerpeggy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\fowlerpeggy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\fowlerpeggy\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-04 21:59; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2010-02-22 18:05; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-4-26 793048]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-29 215040]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-6 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-29 1255736]
.
=============== Created Last 30 ================
.
2013-01-07 04:02:18 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85DC8A57-F998-48E0-BE26-23504B11EC44}\mpengine.dll
2013-01-07 04:00:55 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-01-07 04:00:54 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-01-07 04:00:52 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-01-07 04:00:51 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-01-07 04:00:51 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-07 04:00:51 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-01-07 04:00:51 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-07 04:00:51 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-01-07 04:00:51 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-01-07 04:00:50 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-01-07 04:00:50 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-01-07 03:22:59 -------- d-----w- C:\Windows\ERUNT
2013-01-07 03:22:43 -------- d-----w- C:\JRT
2013-01-06 05:04:07 -------- d-----w- C:\Users\fowlerpeggy\AppData\Roaming\SUPERAntiSpyware.com
2013-01-06 05:04:03 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-01-06 05:04:03 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2013-01-06 05:00:14 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-01-06 05:00:14 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-01-06 04:59:27 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2013-01-06 04:59:27 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2013-01-06 04:59:27 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2013-01-06 04:59:27 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2013-01-06 04:56:26 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-01-06 03:32:03 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-06 02:34:45 -------- d-----w- C:\Windows\System32\SPReview
2013-01-06 02:33:40 -------- d-----w- C:\Windows\System32\EventProviders
2013-01-06 02:25:06 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-05 04:44:32 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-01-05 04:44:18 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-01-05 03:29:59 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-05 03:29:58 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-05 02:59:37 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-01-05 02:36:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-01-05 02:36:07 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-01-05 02:26:07 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-01-05 02:26:01 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-01-05 02:26:00 3072 ----a-w- C:\Windows\System32\dpnaddr.dll
2013-01-05 02:26:00 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
2013-01-05 02:13:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-12-11 05:32:19 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-11 05:32:18 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-11 05:32:18 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-11 05:32:18 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-11 04:34:54 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-11 04:34:54 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-11 04:34:52 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-11 04:34:52 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-11 04:34:49 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-11 04:34:49 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-11 04:34:48 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-11 04:34:41 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87943ED1-D647-4511-A33C-02D3CFD00562}\gapaengine.dll
2012-12-11 03:26:39 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-12-11 03:26:39 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-12-11 03:18:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2013-01-07 04:45:58 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
2013-01-07 04:45:58 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
2013-01-06 03:32:03 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-06 02:54:22 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-01-06 02:54:21 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-01-05 02:59:12 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 21:48:56.84 ===============


Any help would be greatly appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:46 AM

Posted 09 January 2013 - 10:23 AM

Please run the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mtdar

mtdar
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 09 January 2013 - 08:41 PM

Hi CatByte,

Thanks for taking the time to take a look at my problem. The log is listed below as requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
Ran by SYSTEM at 09-01-2013 20:35:24
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-02-03] (PC Tools)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-21] ()
HKU\fowlerpeggy\...\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [x]
HKU\fowlerpeggy\...\Run: [Google Update] "C:\Users\fowlerpeggy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-18] (Google Inc.)
HKU\fowlerpeggy\...\Run: [Facebook Update] "C:\Users\fowlerpeggy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\fowlerpeggy\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 167.206.254.2 167.206.254.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
3 GameConsoleService; "C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe" [246520 2010-07-28] (WildTangent, Inc.)
2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-02-03] (PC Tools)
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]

==================== Drivers (Whitelisted) =====================

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 PAC7302; C:\Windows\System32\Drivers\PAC7302.sys [527872 2007-11-08] (PixArt Imaging Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-09 20:34 - 2013-01-09 20:34 - 00000000 ____D C:\FRST
2013-01-07 18:50 - 2013-01-07 18:50 - 00019241 ____A C:\Users\fowlerpeggy\Downloads\DDS.txt
2013-01-07 18:49 - 2013-01-07 18:49 - 00008269 ____A C:\Users\fowlerpeggy\Downloads\Attach.txt
2013-01-07 18:49 - 2013-01-07 18:49 - 00008269 ____A C:\Users\fowlerpeggy\Desktop\attach.txt
2013-01-07 18:49 - 2013-01-07 18:48 - 00019241 ____A C:\Users\fowlerpeggy\Desktop\dds.txt
2013-01-06 20:36 - 2013-01-06 20:36 - 00000017 ____A C:\Users\fowlerpeggy\AppData\Local\resmon.resmoncfg
2013-01-06 20:04 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-01-06 20:04 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-01-06 20:04 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-01-06 20:04 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-01-06 20:04 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-01-06 20:04 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-06 20:04 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-06 20:04 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-01-06 20:04 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-01-06 20:04 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-01-06 20:04 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-01-06 20:04 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-01-06 20:04 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-01-06 20:04 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-01-06 20:04 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-01-06 20:04 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-01-06 20:04 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-01-06 20:04 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-01-06 20:04 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-01-06 20:04 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-01-06 20:04 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-01-06 20:04 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-01-06 20:04 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-01-06 20:04 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-01-06 20:00 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-01-06 20:00 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-01-06 20:00 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-01-06 20:00 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-06 20:00 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-01-06 20:00 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-01-06 20:00 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-06 20:00 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-01-06 20:00 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-01-06 20:00 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-01-06 20:00 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-01-06 19:38 - 2013-01-06 19:38 - 00001558 ____A C:\Users\fowlerpeggy\Desktop\JRT.txt
2013-01-06 19:22 - 2013-01-06 19:22 - 00000000 ____D C:\Windows\ERUNT
2013-01-06 19:22 - 2013-01-06 19:22 - 00000000 ____D C:\JRT
2013-01-06 19:19 - 2013-01-06 19:19 - 00000512 ____A C:\Users\fowlerpeggy\Desktop\eset.txt
2013-01-06 19:14 - 2013-01-06 19:14 - 00002120 ____A C:\scu.dat
2013-01-05 21:04 - 2013-01-05 21:04 - 00000000 ____D C:\Users\fowlerpeggy\AppData\Roaming\SUPERAntiSpyware.com
2013-01-05 21:04 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-01-05 21:04 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-01-05 21:03 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-01-05 21:03 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-01-05 21:03 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-01-05 21:03 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-01-05 21:03 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-01-05 21:03 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-01-05 21:03 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-01-05 21:03 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-01-05 21:03 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-01-05 21:03 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-01-05 21:03 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-01-05 21:03 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-01-05 21:03 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-01-05 21:03 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-01-05 21:00 - 2013-01-05 21:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-01-05 21:00 - 2013-01-05 21:00 - 00001817 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-01-05 21:00 - 2013-01-05 21:00 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2013-01-05 20:59 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-01-05 20:59 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-01-05 20:59 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-01-05 20:59 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-01-05 20:56 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-01-05 19:32 - 2013-01-09 17:20 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-05 19:32 - 2013-01-09 17:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-05 19:31 - 2013-01-05 19:31 - 00000000 ____D C:\Windows\System32\Macromed
2013-01-05 18:34 - 2013-01-05 18:34 - 00000000 ____D C:\Windows\System32\SPReview
2013-01-05 18:33 - 2013-01-05 18:33 - 00000000 ____D C:\Windows\System32\EventProviders
2013-01-05 18:21 - 2013-01-05 18:21 - 00001481 ____A C:\Users\fowlerpeggy\Desktop\RKreport[2]_D_01052013_02d2121.txt
2013-01-05 18:20 - 2013-01-05 18:21 - 00000000 ____D C:\Users\fowlerpeggy\Desktop\RK_Quarantine
2013-01-05 18:20 - 2013-01-05 18:20 - 00001428 ____A C:\Users\fowlerpeggy\Desktop\RKreport[1]_S_01052013_02d2120.txt
2013-01-05 18:18 - 2013-01-05 18:18 - 00017802 ____A C:\Users\fowlerpeggy\Downloads\AdwCleaner[S1].txt
2013-01-05 17:09 - 2013-01-05 17:59 - 00017802 ____A C:\AdwCleaner[S1].txt
2013-01-05 14:49 - 2013-01-05 14:49 - 00761856 ____A C:\Users\fowlerpeggy\Downloads\RogueKiller.exe
2013-01-05 14:48 - 2013-01-05 14:48 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\fowlerpeggy\Downloads\mbam-setup-1.70.0.1100.exe
2013-01-05 14:48 - 2013-01-05 14:48 - 00551997 ____A C:\Users\fowlerpeggy\Downloads\adwcleaner.exe
2013-01-05 14:47 - 2013-01-05 14:47 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\fowlerpeggy\Downloads\tdsskiller.exe
2013-01-04 20:44 - 2013-01-04 20:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-01-04 20:44 - 2013-01-04 20:44 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2013-01-04 19:30 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-01-04 19:30 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-01-04 19:30 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-01-04 19:30 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-01-04 19:30 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-01-04 19:30 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-01-04 19:30 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-01-04 19:30 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-01-04 19:30 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-01-04 19:30 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-01-04 19:30 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-01-04 19:30 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-01-04 19:30 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-01-04 19:30 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-01-04 19:30 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-01-04 19:30 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-01-04 19:30 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-01-04 19:30 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-01-04 19:30 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-01-04 19:30 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-01-04 19:30 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-01-04 19:30 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-01-04 19:30 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-01-04 19:30 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-01-04 19:30 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-01-04 19:30 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-01-04 19:30 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-01-04 19:30 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-01-04 19:30 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-01-04 19:30 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-01-04 19:30 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-01-04 19:30 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-01-04 19:30 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-01-04 19:30 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-01-04 19:29 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-01-04 19:29 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-01-04 18:59 - 2013-01-04 18:59 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2013-01-04 18:59 - 2013-01-04 18:59 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-01-04 18:59 - 2013-01-04 18:59 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-01-04 18:59 - 2013-01-04 18:59 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-01-04 18:59 - 2013-01-04 18:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-01-04 18:36 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-01-04 18:36 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-01-04 18:26 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-01-04 18:26 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-01-04 18:26 - 2010-11-20 04:58 - 00003072 ____A (Microsoft Corporation) C:\Windows\System32\dpnaddr.dll
2013-01-04 18:26 - 2010-11-20 03:57 - 00002560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-01-04 18:14 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-04 18:14 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-04 18:14 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-04 18:14 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-04 18:14 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-04 18:14 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-04 18:14 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-04 18:14 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-04 18:14 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-04 18:14 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-04 18:14 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-04 18:14 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-04 18:14 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-04 18:14 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 18:14 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-04 18:13 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-10 21:32 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-12-10 21:32 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-12-10 21:32 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-12-10 21:32 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-12-10 20:34 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-12-10 20:34 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-12-10 20:34 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-12-10 20:34 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-12-10 20:34 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-12-10 20:34 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-12-10 20:34 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-12-10 20:34 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-12-10 19:26 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-12-10 19:26 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-12-10 19:18 - 2013-01-05 14:51 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-10 19:18 - 2013-01-05 14:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

==================== One Month Modified Files and Folders =======

2013-01-09 20:34 - 2013-01-09 20:34 - 00000000 ____D C:\FRST
2013-01-09 17:28 - 2009-11-24 00:30 - 01623857 ____A C:\Windows\WindowsUpdate.log
2013-01-09 17:20 - 2013-01-05 19:32 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 17:20 - 2013-01-05 19:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-09 17:20 - 2011-07-29 12:24 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-09 17:19 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-09 17:19 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-09 17:16 - 2011-03-07 07:34 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233928531-276291495-1129758519-1000UA.job
2013-01-09 17:16 - 2010-02-14 15:52 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-09 17:16 - 2009-07-13 21:13 - 00006206 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-09 17:11 - 2011-07-29 18:10 - 00049972 ____A C:\Windows\setupact.log
2013-01-09 17:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-07 19:16 - 2010-02-14 15:52 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-07 18:50 - 2013-01-07 18:50 - 00019241 ____A C:\Users\fowlerpeggy\Downloads\DDS.txt
2013-01-07 18:49 - 2013-01-07 18:49 - 00008269 ____A C:\Users\fowlerpeggy\Downloads\Attach.txt
2013-01-07 18:49 - 2013-01-07 18:49 - 00008269 ____A C:\Users\fowlerpeggy\Desktop\attach.txt
2013-01-07 18:48 - 2013-01-07 18:49 - 00019241 ____A C:\Users\fowlerpeggy\Desktop\dds.txt
2013-01-06 20:46 - 2012-04-14 17:22 - 00000952 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4233928531-276291495-1129758519-1000UA.job
2013-01-06 20:45 - 2012-03-27 10:29 - 00000260 ____A C:\Windows\SysWOW64\cmdVBS.vbs
2013-01-06 20:45 - 2012-03-27 10:29 - 00000256 ____A C:\Windows\SysWOW64\MSIevent.bat
2013-01-06 20:36 - 2013-01-06 20:36 - 00000017 ____A C:\Users\fowlerpeggy\AppData\Local\resmon.resmoncfg
2013-01-06 20:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-01-06 19:38 - 2013-01-06 19:38 - 00001558 ____A C:\Users\fowlerpeggy\Desktop\JRT.txt
2013-01-06 19:22 - 2013-01-06 19:22 - 00000000 ____D C:\Windows\ERUNT
2013-01-06 19:22 - 2013-01-06 19:22 - 00000000 ____D C:\JRT
2013-01-06 19:19 - 2013-01-06 19:19 - 00000512 ____A C:\Users\fowlerpeggy\Desktop\eset.txt
2013-01-06 19:14 - 2013-01-06 19:14 - 00002120 ____A C:\scu.dat
2013-01-06 18:16 - 2011-03-07 07:34 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233928531-276291495-1129758519-1000Core.job
2013-01-06 01:59 - 2009-07-13 20:45 - 00384392 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-06 01:55 - 2011-07-29 19:06 - 00021014 ____A C:\Windows\PFRO.log
2013-01-06 01:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-05 21:04 - 2013-01-05 21:04 - 00000000 ____D C:\Users\fowlerpeggy\AppData\Roaming\SUPERAntiSpyware.com
2013-01-05 21:04 - 2013-01-05 21:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-01-05 21:00 - 2013-01-05 21:00 - 00001817 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-01-05 21:00 - 2013-01-05 21:00 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2013-01-05 20:42 - 2010-02-22 15:06 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-01-05 20:35 - 2010-02-13 09:06 - 00094232 ____A C:\Users\fowlerpeggy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-05 20:33 - 2009-10-29 04:37 - 00000000 ____D C:\Program Files (x86)\Google
2013-01-05 20:03 - 2010-02-22 14:34 - 00000000 ____D C:\Users\All Users\Roxio
2013-01-05 19:31 - 2013-01-05 19:31 - 00000000 ____D C:\Windows\System32\Macromed
2013-01-05 19:05 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-01-05 19:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-01-05 19:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-01-05 19:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-01-05 19:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-01-05 19:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-01-05 19:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-01-05 19:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-01-05 19:05 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-01-05 19:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-01-05 19:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-01-05 19:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-01-05 19:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-01-05 19:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-01-05 19:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-01-05 19:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-01-05 19:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-01-05 19:05 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-01-05 19:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui
2013-01-05 19:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2013-01-05 19:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-01-05 19:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-01-05 19:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-01-05 19:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-01-05 19:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-01-05 18:54 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2013-01-05 18:54 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-01-05 18:34 - 2013-01-05 18:34 - 00000000 ____D C:\Windows\System32\SPReview
2013-01-05 18:33 - 2013-01-05 18:33 - 00000000 ____D C:\Windows\System32\EventProviders
2013-01-05 18:21 - 2013-01-05 18:21 - 00001481 ____A C:\Users\fowlerpeggy\Desktop\RKreport[2]_D_01052013_02d2121.txt
2013-01-05 18:21 - 2013-01-05 18:20 - 00000000 ____D C:\Users\fowlerpeggy\Desktop\RK_Quarantine
2013-01-05 18:20 - 2013-01-05 18:20 - 00001428 ____A C:\Users\fowlerpeggy\Desktop\RKreport[1]_S_01052013_02d2120.txt
2013-01-05 18:18 - 2013-01-05 18:18 - 00017802 ____A C:\Users\fowlerpeggy\Downloads\AdwCleaner[S1].txt
2013-01-05 17:59 - 2013-01-05 17:09 - 00017802 ____A C:\AdwCleaner[S1].txt
2013-01-05 14:51 - 2012-12-10 19:18 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-05 14:51 - 2012-12-10 19:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-05 14:49 - 2013-01-05 14:49 - 00761856 ____A C:\Users\fowlerpeggy\Downloads\RogueKiller.exe
2013-01-05 14:48 - 2013-01-05 14:48 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\fowlerpeggy\Downloads\mbam-setup-1.70.0.1100.exe
2013-01-05 14:48 - 2013-01-05 14:48 - 00551997 ____A C:\Users\fowlerpeggy\Downloads\adwcleaner.exe
2013-01-05 14:47 - 2013-01-05 14:47 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\fowlerpeggy\Downloads\tdsskiller.exe
2013-01-05 14:46 - 2012-04-14 17:22 - 00000930 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4233928531-276291495-1129758519-1000Core.job
2013-01-04 21:19 - 2012-04-26 15:00 - 00000416 ____A C:\Windows\SysWOW64\AppLog.log
2013-01-04 20:46 - 2009-11-24 00:31 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-04 20:45 - 2013-01-04 20:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-01-04 20:44 - 2013-01-04 20:44 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2013-01-04 19:32 - 2010-02-19 20:56 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-04 18:59 - 2013-01-04 18:59 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2013-01-04 18:59 - 2013-01-04 18:59 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-01-04 18:59 - 2013-01-04 18:59 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-01-04 18:59 - 2013-01-04 18:59 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-01-04 18:59 - 2013-01-04 18:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-01-04 18:59 - 2011-07-29 07:40 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2013-01-04 18:28 - 2011-03-07 07:34 - 00002527 ____A C:\Users\fowlerpeggy\Desktop\Google Chrome.lnk
2012-12-16 09:11 - 2013-01-04 19:30 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2013-01-04 19:29 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2013-01-04 19:30 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-16 06:13 - 2013-01-04 19:29 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-14 13:49 - 2010-09-12 13:21 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-10 19:23 - 2011-07-23 17:49 - 00000000 ____D C:\Users\All Users\ndf


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-05 18:33:25
Restore point made on: 2013-01-05 19:35:02
Restore point made on: 2013-01-05 19:56:28
Restore point made on: 2013-01-05 20:25:38
Restore point made on: 2013-01-05 20:45:26
Restore point made on: 2013-01-06 01:45:55
Restore point made on: 2013-01-06 01:48:14
Restore point made on: 2013-01-06 01:48:33
Restore point made on: 2013-01-06 01:49:12
Restore point made on: 2013-01-06 01:54:06
Restore point made on: 2013-01-06 20:01:13
Restore point made on: 2013-01-06 20:43:03
Restore point made on: 2013-01-06 20:45:49

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2815.23 MB
Available physical RAM: 2179.33 MB
Total Pagefile: 2813.38 MB
Available Pagefile: 2169.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (eMachines) (Fixed) (Total:452.66 GB) (Free:402.16 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4 GB) NTFS
9 Drive l: (MHS-SSI) (Removable) (Total:0.96 GB) (Free:0.91 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 984 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 452 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C eMachines NTFS Partition 452 GB Healthy

=========================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 983 MB 16 KB

==================================================================================

Disk: 6
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L MHS-SSI FAT Removable 983 MB Healthy

=========================================================

Last Boot: 2013-01-05 22:57

==================== End Of Log =============================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:46 AM

Posted 09 January 2013 - 09:12 PM

nothing obvious in the log, but we need to run some other tools to make certain there is nothing hiding from us

please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 mtdar

mtdar
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 10 January 2013 - 11:27 PM

ComboFix log is posted below. I've kept it installed until you say it's ok to remove. Thanks.

ComboFix 13-01-11.01 - fowlerpeggy 01/10/2013 22:27:36.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1621 [GMT -5:00]
Running from: c:\users\fowlerpeggy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\fowlerpeggy\AppData\Local\{81E1B5E7-6AC0-4403-94AB-C955E2EB0176}
c:\users\fowlerpeggy\AppData\Local\{81E1B5E7-6AC0-4403-94AB-C955E2EB0176}\chrome.manifest
c:\users\fowlerpeggy\AppData\Local\{81E1B5E7-6AC0-4403-94AB-C955E2EB0176}\chrome\content\overlay.xul
c:\users\fowlerpeggy\AppData\Local\{81E1B5E7-6AC0-4403-94AB-C955E2EB0176}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-11 04:21 . 2013-01-11 04:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 03:27 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B30D314D-20AF-4A02-9B13-7A360FF6D702}\mpengine.dll
2013-01-10 04:34 . 2013-01-10 04:34 -------- d-----w- C:\FRST
2013-01-10 01:22 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 04:00 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-07 04:00 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-07 04:00 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-07 04:00 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-07 04:00 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-07 04:00 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-07 04:00 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-07 04:00 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-07 04:00 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-07 04:00 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-07 04:00 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-07 03:22 . 2013-01-07 03:22 -------- d-----w- c:\windows\ERUNT
2013-01-07 03:22 . 2013-01-07 03:22 -------- d-----w- C:\JRT
2013-01-06 05:04 . 2013-01-06 05:04 -------- d-----w- c:\users\fowlerpeggy\AppData\Roaming\SUPERAntiSpyware.com
2013-01-06 05:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-06 05:04 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-06 05:00 . 2013-01-06 05:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-06 05:00 . 2013-01-06 05:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-06 04:59 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-06 04:59 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-06 04:59 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-01-06 04:59 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-01-06 04:56 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-06 03:32 . 2013-01-10 01:20 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-06 03:31 . 2013-01-06 03:31 -------- d-----w- c:\windows\system32\Macromed
2013-01-06 02:34 . 2013-01-06 02:34 -------- d-----w- c:\windows\system32\SPReview
2013-01-06 02:33 . 2013-01-06 02:33 -------- d-----w- c:\windows\system32\EventProviders
2013-01-05 04:44 . 2013-01-05 04:44 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-01-05 04:44 . 2013-01-05 04:45 -------- d-----w- c:\program files\NVIDIA Corporation
2013-01-05 03:29 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-05 03:29 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-01-05 02:59 . 2013-01-05 02:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-05 02:59 . 2013-01-05 02:59 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-05 02:59 . 2013-01-05 02:59 -------- d-----w- c:\program files (x86)\Java
2013-01-05 02:36 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-05 02:36 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-01-05 02:26 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-01-05 02:26 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-01-05 02:26 . 2010-11-20 12:58 3072 ----a-w- c:\windows\system32\dpnaddr.dll
2013-01-05 02:26 . 2010-11-20 11:57 2560 ----a-w- c:\windows\SysWow64\dpnaddr.dll
2013-01-05 02:13 . 2012-10-04 14:46 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 01:20 . 2011-07-29 20:24 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-07 04:45 . 2012-03-27 18:29 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2013-01-07 04:45 . 2012-03-27 18:29 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2013-01-06 02:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-01-06 02:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-01-05 03:32 . 2010-02-20 04:56 67413224 ----a-w- c:\windows\system32\MRT.exe
2013-01-05 02:59 . 2011-07-29 15:40 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-14 21:49 . 2010-09-12 21:21 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-23 11:04 . 2012-12-11 04:34 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87943ED1-D647-4511-A33C-02D3CFD00562}\gapaengine.dll
2012-10-16 08:38 . 2012-12-11 03:26 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-11 03:26 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-11 03:26 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\fowlerpeggy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-02-03 103896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-30 1255736]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-02-03 793048]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 01:20]
.
2013-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4233928531-276291495-1129758519-1000Core.job
- c:\users\fowlerpeggy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-15 21:41]
.
2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4233928531-276291495-1129758519-1000UA.job
- c:\users\fowlerpeggy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-15 21:41]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 23:52]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 23:52]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233928531-276291495-1129758519-1000Core.job
- c:\users\fowlerpeggy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 21:07]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233928531-276291495-1129758519-1000UA.job
- c:\users\fowlerpeggy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-07 21:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=1
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102106p0375v175r48k1s409
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\fowlerpeggy\AppData\Roaming\Mozilla\Firefox\Profiles\3y2imwel.default\
FF - ExtSQL: 2013-01-04 21:59; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2010-02-22 18:05; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AutoStartNPSAgent - c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Toolbar-Locked - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4233928531-276291495-1129758519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4233928531-276291495-1129758519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-10 23:25:00
ComboFix-quarantined-files.txt 2013-01-11 04:25
.
Pre-Run: 431,370,506,240 bytes free
Post-Run: 435,798,769,664 bytes free
.
- - End Of File - - 70422CC2FC2686A1F9989CF1B58FA387

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:46 AM

Posted 11 January 2013 - 07:31 AM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 mtdar

mtdar
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 13 January 2013 - 08:48 AM

Hi, sorry I'm not trying to double guess, but the next steps you want me to do I did with Gunto already. Did you still want me to do them?

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:46 AM

Posted 13 January 2013 - 10:53 AM

yes, please do, let's make sure those scans come back clean, if the main infection remains, often minor infections can respawn,so I want to make sure nothing has regenerated.

If everything comes back clean, it is more of a reassurance that the main infection has been dealt with.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 mtdar

mtdar
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 15 January 2013 - 12:52 PM

I was up to the Malwarebytes scan and then my computer came up with a bad pool error message and froze. I rebooted it, but now the computer won't go into the operating system. I think I'm going to have to do a system restore. I was hoping not to have to but it doesn't look like that's the case. Thanks for the help anyway. It's appreciated.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:46 AM

Posted 15 January 2013 - 06:41 PM

try tapping F8 until the options menu appears then arrow up to "Last Known Good Configuration"

If that doesn't work, do the following:


Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:46 AM

Posted 02 February 2013 - 10:41 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users