Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows boots to black screen and cursor


  • Please log in to reply
1 reply to this topic

#1 kdubz

kdubz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 18 July 2013 - 04:11 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by SYSTEM on 18-07-2013 16:32:31
Running from G:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is not loaded.

HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\lapidusr\...\Run: [DW7] - "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [13102080 2013-04-08] (The Weather Channel)
HKU\McAfeeMVSUser\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\McAfeeMVSUser\...\Run: [Install PC Performer43349.exe] - "C:\Users\lapidusr\AppData\Local\Temp\Install PC Performer43349.exe" /XML="C:\Users\lapidusr\AppData\Local\Temp\5BD1.tmp" /STP=0:2 [x] <===== ATTENTION
HKU\McAfeeMVSUser\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4895192 2012-09-03] (Exent Technologies Ltd.)
HKU\QBDataServiceUser21\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\QBDataServiceUser21\...\Run: [Install PC Performer43349.exe] - "C:\Users\lapidusr\AppData\Local\Temp\Install PC Performer43349.exe" /XML="C:\Users\lapidusr\AppData\Local\Temp\5BD1.tmp" /STP=0:2 [x] <===== ATTENTION
HKU\QBDataServiceUser21\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 [4895192 2012-09-03] (Exent Technologies Ltd.)
Startup: C:\Users\lapidusr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2443800 2012-12-06] ()
S2 CouponXplorer_5zService; C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe [42504 2013-03-14] (COMPANYVERS_NAME)
S2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [615864 2012-12-13] ()
S2 KAINTWRK45624382098437; C:\Program Files (x86)\Kaseya\INTWRK45624382098437\AgentMon.exe [847872 2013-06-10] (Kaseya International Limited)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2012-10-29] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2012-10-29] (McAfee, Inc.)
S2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [291360 2012-11-13] (McAfee, Inc.)
S4 QuickBooksDB21; C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe [679936 2010-04-27] (Intuit, Inc.)
S2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [1492344 2009-07-24] (RealVNC Ltd.)
S2 RumorServer; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [x]

==================== Drivers (Whitelisted) ====================

S3 KAPFA; C:\Windows\system32\drivers\KAPFA.SYS [33512 2013-01-04] (Kaseya)
S3 KAPFA; C:\Windows\system32\drivers\KAPFA.SYS [33512 2013-01-04] (Kaseya)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-10-29] (McAfee, Inc.)
S3 MfeAVFK; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-10-29] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-10-29] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-10-29] (McAfee, Inc.)
S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2012-10-29] (McAfee, Inc.)
S2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34048 2013-03-13] (Citrix Systems, Inc.)
S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-18 16:32 - 2013-07-18 16:32 - 00000000 ____D C:\FRST
2013-07-17 23:12 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-17 23:12 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-17 23:11 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-17 23:11 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-17 23:11 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-17 23:11 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-17 23:11 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-17 23:11 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-17 23:11 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-17 23:11 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-17 23:11 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-17 23:11 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-17 23:11 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-17 23:11 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-17 23:11 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-17 23:11 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-17 23:11 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-17 23:11 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-17 23:11 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-17 23:11 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-17 23:11 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-17 23:11 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-17 23:11 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-17 23:11 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-17 23:11 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-17 23:11 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-17 23:11 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-17 23:11 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-17 23:11 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-17 23:11 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-17 23:11 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-17 23:11 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-17 23:10 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-17 23:10 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-17 23:10 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-17 23:04 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-17 23:00 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-17 23:00 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-17 07:43 - 2013-07-17 07:43 - 00000000 ____D C:\Program Files (x86)\RealVNC
2013-07-17 07:42 - 2013-01-04 15:16 - 00033512 _____ (Kaseya) C:\Windows\System32\Drivers\KAPFA.sys
2013-07-16 09:35 - 2013-07-16 09:35 - 00086528 _____ C:\Users\lapidusr\Documents\a358f133-e2af-4fd4-bf58-8b5998835030.msg
2013-07-15 06:33 - 2013-07-15 06:33 - 00292456 _____ C:\Windows\Minidump\071513-21340-01.dmp
2013-06-24 09:47 - 2013-06-24 09:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-24 09:47 - 2013-06-24 09:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-24 09:47 - 2013-06-24 09:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-24 09:47 - 2013-06-24 09:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-24 09:47 - 2013-06-24 09:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-24 09:47 - 2013-06-24 09:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-24 09:47 - 2013-06-24 09:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck(985).dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-24 09:47 - 2013-06-24 09:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-24 09:47 - 2013-06-24 09:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-24 09:41 - 2013-06-24 09:51 - 00008121 _____ C:\Windows\IE10_main.log
2013-06-24 09:32 - 2013-06-24 09:32 - 00292456 _____ C:\Windows\Minidump\062413-47159-01.dmp
2013-06-21 08:40 - 2013-06-21 08:40 - 00055638 _____ C:\Users\lapidusr\Documents\applicationpdf

==================== One Month Modified Files and Folders =======

2013-07-18 16:32 - 2013-07-18 16:32 - 00000000 ____D C:\FRST
2013-07-18 16:14 - 2010-02-08 12:58 - 00000000 ____D C:\ProgramData\Recovery
2013-07-18 12:16 - 2009-07-13 20:45 - 00326704 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-17 23:21 - 2009-09-23 01:43 - 01430806 _____ C:\Windows\WindowsUpdate.log
2013-07-17 23:21 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-17 23:21 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 23:21 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-17 23:16 - 2009-07-13 21:13 - 00793184 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-17 23:13 - 2009-07-13 18:34 - 00000499 _____ C:\Windows\win.ini
2013-07-17 23:12 - 2009-12-15 09:19 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-17 23:07 - 2012-11-12 16:36 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-17 23:01 - 2013-03-13 23:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-17 23:01 - 2013-03-13 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-17 22:57 - 2012-04-26 12:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 10:52 - 2011-02-28 13:42 - 00000000 ____D C:\users\QBDataServiceUser21
2013-07-17 10:52 - 2009-12-11 06:04 - 00000000 ____D C:\users\lapidusr
2013-07-17 10:52 - 2009-08-29 11:15 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2013-07-17 10:52 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-07-17 10:52 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\addins
2013-07-17 10:52 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-17 10:52 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-17 10:52 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-17 10:52 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-17 10:52 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-07-17 10:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-07-17 10:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-07-17 10:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-07-17 10:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-07-17 10:52 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-17 10:51 - 2013-06-17 06:04 - 00000000 ____D C:\Program Files (x86)\AOL Desktop 9.7b
2013-07-17 10:51 - 2013-04-15 08:08 - 00000000 ____D C:\Program Files\DIFX
2013-07-17 10:51 - 2013-04-08 10:39 - 00000000 ____D C:\Program Files (x86)\The Weather Channel
2013-07-17 10:51 - 2013-04-03 12:39 - 00000000 ____D C:\ProgramData\Wincert
2013-07-17 10:51 - 2012-12-13 10:57 - 00000000 ____D C:\Program Files (x86)\AOL Toolbar
2013-07-17 10:51 - 2012-12-13 10:55 - 00000000 ____D C:\Program Files (x86)\AOL Desktop 9.7
2013-07-17 10:51 - 2012-12-13 10:54 - 00000000 ____D C:\Program Files (x86)\SpecialSavings
2013-07-17 10:51 - 2012-12-13 10:53 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-07-17 10:51 - 2012-12-13 10:53 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-07-17 10:51 - 2012-12-13 10:53 - 00000000 ____D C:\Program Files (x86)\Free Ride Games
2013-07-17 10:51 - 2012-07-24 06:22 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-17 10:51 - 2012-07-24 06:22 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-07-17 10:51 - 2011-12-03 11:18 - 00000000 ___SD C:\Users\lapidusr\Documents\My Data Sources
2013-07-17 10:51 - 2010-09-30 13:02 - 00000000 ____D C:\Program Files (x86)\alot
2013-07-17 10:51 - 2010-01-29 12:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-17 10:51 - 2009-12-11 09:01 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2013-07-17 10:51 - 2009-12-11 07:07 - 00000000 ____D C:\Program Files (x86)\OnTime
2013-07-17 10:51 - 2009-12-11 06:24 - 00000000 ____D C:\Program Files (x86)\azzCardfile
2013-07-17 10:51 - 2009-12-11 06:15 - 00000000 ____D C:\Cardfile
2013-07-17 10:51 - 2009-12-11 06:09 - 00000000 ____D C:\Users\lapidusr\AppData\Local\VirtualStore
2013-07-17 10:51 - 2009-08-29 11:24 - 00000000 ____D C:\Program Files (x86)\HP Games
2013-07-17 10:51 - 2009-08-29 11:01 - 00000000 __HDC C:\ProgramData\{ADCBF7A8-716E-4B21-AF03-E3F11C06C309}
2013-07-17 10:51 - 2009-08-29 10:53 - 00000000 ____D C:\Program Files\LSI SoftModem
2013-07-17 10:51 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2013-07-17 10:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2013-07-17 10:51 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-17 10:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-17 09:36 - 2012-05-23 12:23 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AE9DFA2-D158-45FA-814F-2121D935254C}
2013-07-17 08:09 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 08:09 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 07:58 - 2012-08-15 10:52 - 00000000 ____D C:\Users\lapidusr\AppData\Roaming\Dropbox
2013-07-17 07:57 - 2012-08-15 10:58 - 00000000 ___RD C:\Users\lapidusr\Dropbox
2013-07-17 07:57 - 2010-01-29 12:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-17 07:56 - 2013-04-08 10:44 - 00000420 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-07-17 07:56 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 07:56 - 2009-07-13 20:51 - 00042952 _____ C:\Windows\setupact.log
2013-07-17 07:43 - 2013-07-17 07:43 - 00000000 ____D C:\Program Files (x86)\RealVNC
2013-07-17 07:42 - 2012-03-14 10:46 - 00000000 ____D C:\Program Files (x86)\Kaseya
2013-07-16 09:35 - 2013-07-16 09:35 - 00086528 _____ C:\Users\lapidusr\Documents\a358f133-e2af-4fd4-bf58-8b5998835030.msg
2013-07-15 10:31 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-15 10:31 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-07-15 10:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-15 07:07 - 2012-11-12 16:37 - 00002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-15 07:02 - 2012-11-12 16:36 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 07:02 - 2010-01-29 12:11 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 06:33 - 2013-07-15 06:33 - 00292456 _____ C:\Windows\Minidump\071513-21340-01.dmp
2013-07-15 06:33 - 2013-05-23 10:14 - 00000000 ____D C:\Windows\Minidump
2013-07-15 06:32 - 2013-05-23 10:13 - 239439598 _____ C:\Windows\MEMORY.DMP
2013-07-10 06:36 - 2012-04-05 09:09 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForlapidusr.job
2013-06-30 21:00 - 2010-01-15 13:42 - 00000324 _____ C:\Windows\Tasks\McQcTask.job
2013-06-27 10:02 - 2012-04-05 09:09 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForlapidusr
2013-06-27 10:02 - 2011-11-03 05:13 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-06-27 10:02 - 2010-01-04 06:42 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-06-27 10:00 - 2010-01-04 06:40 - 00000000 ____D C:\Users\lapidusr\AppData\Roaming\HpUpdate
2013-06-27 10:00 - 2010-01-04 06:40 - 00000000 ____D C:\Users\lapidusr\AppData\Roaming\HP Support Assistant
2013-06-24 17:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-24 13:02 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-24 13:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-06-24 13:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-06-24 13:01 - 2013-03-27 11:07 - 00000000 ____D C:\Users\lapidusr\AppData\Roaming\File Scout
2013-06-24 13:01 - 2012-12-13 10:53 - 00000000 ____D C:\Program Files (x86)\File Scout
2013-06-24 13:01 - 2009-08-29 11:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-06-24 13:01 - 2009-08-29 11:17 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-06-24 10:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-24 09:51 - 2013-06-24 09:41 - 00008121 _____ C:\Windows\IE10_main.log
2013-06-24 09:47 - 2013-06-24 09:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-24 09:47 - 2013-06-24 09:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-24 09:47 - 2013-06-24 09:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-24 09:47 - 2013-06-24 09:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-24 09:47 - 2013-06-24 09:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-24 09:47 - 2013-06-24 09:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-24 09:47 - 2013-06-24 09:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck(985).dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-24 09:47 - 2013-06-24 09:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-24 09:47 - 2013-06-24 09:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-24 09:47 - 2013-06-24 09:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-24 09:47 - 2013-06-24 09:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-24 09:32 - 2013-06-24 09:32 - 00292456 _____ C:\Windows\Minidump\062413-47159-01.dmp
2013-06-21 08:40 - 2013-06-21 08:40 - 00055638 _____ C:\Users\lapidusr\Documents\applicationpdf
2013-06-19 15:22 - 2013-04-08 10:34 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0
2013-06-19 15:22 - 2009-08-29 11:31 - 00000000 ____D C:\Program Files (x86)\NetZeroPreloader
2013-06-19 15:22 - 2009-08-29 11:31 - 00000000 ____D C:\Program Files (x86)\JunoPreloader
2013-06-19 15:22 - 2009-08-29 11:24 - 00000000 ___RD C:\Program Files (x86)\Online Services
2013-06-19 15:22 - 2009-08-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-06-19 15:22 - 2009-08-29 11:01 - 00000000 ____D C:\Program Files (x86)\hp
2013-06-19 15:22 - 2009-08-29 11:00 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-06-19 15:09 - 2009-12-11 12:23 - 00000000 ____D C:\Users\lapidusr\AppData\Local\AOL
2013-06-19 15:08 - 2009-12-11 12:23 - 00000000 ____D C:\ProgramData\AOL
2013-06-18 07:39 - 2011-02-17 07:00 - 00126595 _____ C:\install.log

Files to move or delete:
====================
C:\Users\lapidusr\GoToAssistDownloadHelper.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!

==================== Restore Points  =========================

Restore point made on: 2013-07-15 23:00:43
Restore point made on: 2013-07-16 23:00:44
Restore point made on: 2013-07-17 07:48:37
Restore point made on: 2013-07-17 23:00:46

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 2942.49 MB
Available physical RAM: 2355.68 MB
Total Pagefile: 2940.64 MB
Available Pagefile: 2355.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:454.76 GB) (Free:390.58 GB) NTFS (Disk=0 Partition=2)
Drive e: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:2.02 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive f: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:1.86 GB) (Free:0.05 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00DF0B9E)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

LastRegBack: 2013-06-24 16:53

==================== End Of Log ============================

 

 

Hey,

We have a computer that is booting to a black screen and cursor. This screen appears at the point when the login screen should load. I have attached the results of a farbar recovery scan. There definitely appear to be some issues, can any one advise?


Edited by hamluis, 18 July 2013 - 04:44 PM.
Pasted attach data in, moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:29 AM

Posted 20 July 2013 - 08:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open Notepad and paste the following in it.

HKU\McAfeeMVSUser\...\Run: [Install PC Performer43349.exe] - "C:\Users\lapidusr\AppData\Local\Temp\Install PC Performer43349.exe" /XML="C:\Users\lapidusr\AppData\Local\Temp\5BD1.tmp" /STP=0:2 [x]
HKU\McAfeeMVSUser\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\QBDataServiceUser21\...\Run: [Install PC Performer43349.exe] - "C:\Users\lapidusr\AppData\Local\Temp\Install PC Performer43349.exe" /XML="C:\Users\lapidusr\AppData\Local\Temp\5BD1.tmp" /STP=0:2 [x]
HKU\QBDataServiceUser21\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000
S2 CouponXplorer_5zService; C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe
S2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe
S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys
S2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys


Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

Restart the computer normally.

Download using this computer, in normal mode or safe mode and run these tools.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users