Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to boot to windows


  • Please log in to reply
36 replies to this topic

#1 Donskee

Donskee

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 24 December 2013 - 05:40 PM

Hi,

I'm writing from my laptop, the desktop is the computer in question.

 

I believe I got infected yesterday. I opened a link from an email, and saw Norton flagging 3 or 4 .exe programs.  It was not able to repair the last one, boot.cidox.  I restarted the computer, and got a message in a dos looking screen,  "missing operating system"

I ran a Norton program from USB, called "bootable recovery tool", and it scanned and identified 2 files, boot.cidox, and a Trojanfk... that I don't remember the full name for.  The Norton tool claimed to have removed the bad files, but the Computer still shows the same message "missing operating system".

I tried repairing the system through the Windows 7 installation disc I have, but when I choose repair, it tells me that the necessary files aren't available. It does take me to a "System recovery Options" window, where I can open a command prompt window.

 

Please advise on what steps I should take next.

 

I appreciate your help, and Merry Christmas/Happy Holidays.

 

Don



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:11 PM

Posted 29 December 2013 - 11:31 AM

Hi and welome.

 

Lets give it a try. It sounds like the Hard drive may  be damage.

 

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 29 December 2013 - 04:50 PM

Hi,

Thanks for the response and help. Please let me know what I should do next.

 

I wasnt able to get to the advanced boot options through F8, but I did load my install disc, and found my way to C prompt where I was able to run FRST. 

 

When I try and boot the system, I can see in the Bios that I have a x64 system, but FRST64 wont run.  It says that it's not supported.  So I ran the x32 instead, and here's the log;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2013 01
Ran by SYSTEM on MININT-UC8SEBK on 29-12-2013 12:28:25
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-10] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-10] ()
HKU\Primary User\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [ 2011-04-16] (Hewlett-Packard Company)
HKU\Primary User\...\Run: [uTorrent] - C:\Users\Primary User\AppData\Roaming\uTorrent\uTorrent.exe [ 2013-11-16] (BitTorrent Inc.)
HKU\Primary User\...\Winlogon: [Shell] Explorer.exe [ 2012-12-14] (Microsoft Corporation) <==== ATTENTION 
 
========================== Services (Whitelisted) =================
 
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-12-10] (Adobe Systems Incorporated)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-05] (APN LLC.)
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51648 2012-07-08] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [123856 2012-07-08] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-06-28] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-06-28] (Google Inc.)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2013-07-19] (Google)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.)
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.)
S2 HPSLPSVC; C:\Users\Primary User\AppData\Local\Temp\7zS121F\HPSLPSVC64.DLL [1039360 2013-02-06] (Hewlett-Packard Co.)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-20] (Microsoft Corporation)
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-04-16] (Hewlett-Packard Company)
S3 Media Center 18 Service; C:\Program Files (x86)\J River\Media Center 18\JRService.exe [496712 2013-08-05] (JRiver, Inc.)
S2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-06-18] (Mozilla Foundation)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\diMaster.dll [567600 2013-10-07] (Symantec Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139696 2012-07-08] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139696 2012-07-08] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139696 2012-07-08] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139696 2012-07-08] (Microsoft Corporation)
S3 odserv; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 RetroExpLauncher; C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0\retrorun.exe [108064 2007-01-22] (EMC Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-03] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-10] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-12] (Symantec Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131223.002\ENG64.SYS [126040 2013-12-10] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131223.002\EX64.SYS [2099288 2013-12-10] (Symantec Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [29312 2013-05-13] (Microsoft Corporation)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-06-10] (Realtek Corporation                                            )
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-25] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-29 12:27 - 2013-12-29 12:27 - 00000000 ____D C:\FRST
2013-12-23 22:06 - 2013-12-23 22:06 - 00000000 ____D C:\NBRT
2013-12-23 15:39 - 2013-12-23 15:39 - 00081721 _____ C:\Users\Primary User\AppData\Local\csrwuail.exe
2013-12-23 12:21 - 2013-12-23 12:21 - 00012326 _____ C:\Users\Primary User\AppData\Local\kvnrlrqu
2013-12-23 12:20 - 2013-12-23 12:20 - 00012326 _____ C:\Users\Primary User\AppData\Local\oiusujph
2013-12-23 12:19 - 2013-12-23 12:19 - 00012326 _____ C:\Users\Primary User\AppData\Local\xhanmoev
2013-12-23 12:18 - 2013-12-23 12:18 - 00012326 _____ C:\Users\Primary User\AppData\Local\iwqwdpdv
2013-12-23 12:17 - 2013-12-23 12:17 - 00067992 _____ C:\Users\Primary User\AppData\Local\figbeknq
2013-12-23 12:08 - 2013-12-23 12:08 - 00000000 _____ C:\Users\Primary User\AppData\Roaming\SharedSettings.ccs
2013-12-21 01:10 - 2013-12-21 01:10 - 00181110 _____ C:\Users\Primary User\Downloads\pb balancer 1.bmp
2013-12-20 23:33 - 2013-12-20 23:33 - 00051331 _____ C:\Users\Primary User\Downloads\Checking2 (24).qfx
2013-12-20 23:33 - 2013-12-20 23:33 - 00022283 _____ C:\Users\Primary User\Downloads\Checking1 (21).qfx
2013-12-20 23:09 - 2013-12-20 23:09 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-19 12:51 - 2013-12-19 12:51 - 00050904 _____ C:\Users\Primary User\Downloads\Checking2 (23).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (20).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (19).qfx
2013-12-17 09:02 - 2013-12-17 09:02 - 00021916 _____ C:\Users\Primary User\Downloads\Checking1 (18).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (22).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (21).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (20).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (19).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (17).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (16).qfx
2013-12-16 11:16 - 2013-12-16 11:16 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (9).qfx
2013-12-16 11:15 - 2013-12-16 11:15 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (8).qfx
2013-12-16 11:14 - 2013-12-16 11:14 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (18).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (15).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (14).qfx
2013-12-14 10:52 - 2013-12-14 10:52 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (13).qfx
2013-12-14 10:50 - 2013-12-14 10:50 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (17).qfx
2013-12-12 03:05 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-12 03:05 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:03 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-12 03:03 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-12 03:03 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-12 03:03 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:03 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-12 03:03 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-12 03:03 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-12 03:03 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-12 03:03 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-12 03:03 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:03 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-12 03:03 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-12 03:03 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-12 03:03 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-12 03:03 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-12 03:03 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:03 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:03 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-12 03:03 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:03 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:03 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:03 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-12 03:03 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-12 03:03 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:03 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:03 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-12 03:03 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-12 03:03 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-12 03:03 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:03 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:03 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 04:55 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 04:55 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-11 04:55 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-11 04:55 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 04:55 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-11 04:55 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 04:55 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 04:55 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 04:55 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 04:55 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 04:55 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 04:55 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 04:55 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 04:55 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 04:55 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-11 04:55 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 04:55 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 04:55 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 04:55 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-10 11:19 - 2013-12-10 11:19 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (8).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (7).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (6).qfx
2013-12-10 11:17 - 2013-12-10 11:17 - 00023566 _____ C:\Users\Primary User\Downloads\Checking1 (12).qfx
2013-12-10 11:16 - 2013-12-10 11:16 - 00051948 _____ C:\Users\Primary User\Downloads\Checking2 (16).qfx
2013-12-06 11:42 - 2013-12-06 11:42 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (7).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (5).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (4).qfx
2013-12-06 11:40 - 2013-12-06 11:40 - 00023124 _____ C:\Users\Primary User\Downloads\Checking1 (11).qfx
2013-12-06 11:39 - 2013-12-06 11:39 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (15).qfx
2013-12-06 11:38 - 2013-12-06 11:38 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (14).qfx
2013-12-03 18:32 - 2013-12-03 18:32 - 00000000 ____D C:\ProgramData\Oracle
2013-12-03 18:32 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-03 18:31 - 2013-12-03 18:31 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-03 18:31 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-03 18:31 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-03 18:31 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-03 18:09 - 2013-12-03 18:09 - 00003088 _____ C:\{6B3C5724-06BD-4831-837C-0ACE19BB2C2B}
2013-12-01 11:03 - 2013-12-01 11:03 - 00039643 _____ C:\Users\Primary User\Documents\Ground Loops - Eliminating System Hum and Buzz   Audioholics.htm
2013-12-01 11:03 - 2013-12-01 11:03 - 00000000 ____D C:\Users\Primary User\Documents\Ground Loops - Eliminating System Hum and Buzz   Audioholics_files
 
==================== One Month Modified Files and Folders =======
 
2013-12-29 12:27 - 2013-12-29 12:27 - 00000000 ____D C:\FRST
2013-12-23 22:06 - 2013-12-23 22:06 - 00000000 ____D C:\NBRT
2013-12-23 15:44 - 2013-06-19 14:48 - 01781944 _____ C:\Windows\WindowsUpdate.log
2013-12-23 15:42 - 2013-06-21 16:33 - 00000373 _____ C:\Windows\lgfwup.ini
2013-12-23 15:41 - 2013-06-21 23:26 - 00000000 ____D C:\Users\Primary User\AppData\Roaming\uTorrent
2013-12-23 15:41 - 2010-11-20 19:47 - 00083898 _____ C:\Windows\PFRO.log
2013-12-23 15:41 - 2009-07-13 20:51 - 00032377 _____ C:\Windows\setupact.log
2013-12-23 15:39 - 2013-12-23 15:39 - 00081721 _____ C:\Users\Primary User\AppData\Local\csrwuail.exe
2013-12-23 15:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64
2013-12-23 13:34 - 2009-07-13 20:45 - 00026768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 13:34 - 2009-07-13 20:45 - 00026768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 12:21 - 2013-12-23 12:21 - 00012326 _____ C:\Users\Primary User\AppData\Local\kvnrlrqu
2013-12-23 12:20 - 2013-12-23 12:20 - 00012326 _____ C:\Users\Primary User\AppData\Local\oiusujph
2013-12-23 12:19 - 2013-12-23 12:19 - 00012326 _____ C:\Users\Primary User\AppData\Local\xhanmoev
2013-12-23 12:18 - 2013-12-23 12:18 - 00012326 _____ C:\Users\Primary User\AppData\Local\iwqwdpdv
2013-12-23 12:17 - 2013-12-23 12:17 - 00067992 _____ C:\Users\Primary User\AppData\Local\figbeknq
2013-12-23 12:08 - 2013-12-23 12:08 - 00000000 _____ C:\Users\Primary User\AppData\Roaming\SharedSettings.ccs
2013-12-21 01:10 - 2013-12-21 01:10 - 00181110 _____ C:\Users\Primary User\Downloads\pb balancer 1.bmp
2013-12-20 23:33 - 2013-12-20 23:33 - 00051331 _____ C:\Users\Primary User\Downloads\Checking2 (24).qfx
2013-12-20 23:33 - 2013-12-20 23:33 - 00022283 _____ C:\Users\Primary User\Downloads\Checking1 (21).qfx
2013-12-20 23:09 - 2013-12-20 23:09 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-19 12:51 - 2013-12-19 12:51 - 00050904 _____ C:\Users\Primary User\Downloads\Checking2 (23).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (20).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (19).qfx
2013-12-17 09:02 - 2013-12-17 09:02 - 00021916 _____ C:\Users\Primary User\Downloads\Checking1 (18).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (22).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (21).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (20).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (19).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (17).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (16).qfx
2013-12-16 13:11 - 2009-07-13 21:13 - 00785878 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-16 11:16 - 2013-12-16 11:16 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (9).qfx
2013-12-16 11:15 - 2013-12-16 11:15 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (8).qfx
2013-12-16 11:14 - 2013-12-16 11:14 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (18).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (15).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (14).qfx
2013-12-14 10:52 - 2013-12-14 10:52 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (13).qfx
2013-12-14 10:50 - 2013-12-14 10:50 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (17).qfx
2013-12-14 03:02 - 2013-08-14 02:01 - 00000000 ____D C:\Windows\System32\MRT
2013-12-14 03:00 - 2013-06-19 15:43 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-12 04:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 03:24 - 2009-07-13 20:45 - 00432016 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-12 03:04 - 2013-06-19 16:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 22:11 - 2013-06-21 18:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 22:11 - 2013-06-21 18:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 11:19 - 2013-12-10 11:19 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (8).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (7).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (6).qfx
2013-12-10 11:17 - 2013-12-10 11:17 - 00023566 _____ C:\Users\Primary User\Downloads\Checking1 (12).qfx
2013-12-10 11:16 - 2013-12-10 11:16 - 00051948 _____ C:\Users\Primary User\Downloads\Checking2 (16).qfx
2013-12-08 23:14 - 2013-10-19 19:55 - 00000000 ____D C:\Users\Primary User\Documents\Craigslist pics
2013-12-06 18:03 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2013-12-06 11:42 - 2013-12-06 11:42 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (7).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (5).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (4).qfx
2013-12-06 11:40 - 2013-12-06 11:40 - 00023124 _____ C:\Users\Primary User\Downloads\Checking1 (11).qfx
2013-12-06 11:39 - 2013-12-06 11:39 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (15).qfx
2013-12-06 11:38 - 2013-12-06 11:38 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (14).qfx
2013-12-04 16:05 - 2013-06-28 10:47 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 18:32 - 2013-12-03 18:32 - 00000000 ____D C:\ProgramData\Oracle
2013-12-03 18:31 - 2013-12-03 18:31 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-03 18:26 - 2013-06-28 10:23 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-12-03 18:24 - 2013-11-25 21:50 - 00002440 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-12-03 18:09 - 2013-12-03 18:09 - 00003088 _____ C:\{6B3C5724-06BD-4831-837C-0ACE19BB2C2B}
2013-12-01 11:03 - 2013-12-01 11:03 - 00039643 _____ C:\Users\Primary User\Documents\Ground Loops - Eliminating System Hum and Buzz   Audioholics.htm
2013-12-01 11:03 - 2013-12-01 11:03 - 00000000 ____D C:\Users\Primary User\Documents\Ground Loops - Eliminating System Hum and Buzz   Audioholics_files
 
Files to move or delete:
====================
C:\Users\Primary User\tsMS.reg
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe
[2012-12-14 04:46] - [2012-12-14 04:46] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
 
C:\Windows\System32\winlogon.exe
[2010-11-20 19:24] - [2010-11-20 19:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
 
C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA
 
C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\User32.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
 
C:\Windows\System32\userinit.exe
[2010-11-20 19:24] - [2010-11-20 19:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53
 
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-20 19:23] - [2010-11-20 19:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
 
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-11-27 00:50:19
Restore point made on: 2013-12-03 18:28:43
Restore point made on: 2013-12-03 18:31:03
Restore point made on: 2013-12-05 03:00:18
Restore point made on: 2013-12-12 03:00:30
Restore point made on: 2013-12-14 03:00:27
Restore point made on: 2013-12-22 00:00:10
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 6143.3 MB
Available physical RAM: 5587.54 MB
Total Pagefile: 6141.58 MB
Available Pagefile: 5590.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:403.96 GB) NTFS
Drive e: (WIN7_EN_DVD_ALL_IN_ONE) (CDROM) (Total:3.67 GB) (Free:0 GB) UDF
Drive g: (CARD) (Removable) (Total:0.93 GB) (Free:0.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 953 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=952 MB) - (Type=0B)
 
 
LastRegBack: 2013-12-20 01:19
 
==================== End Of Log ============================


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:11 PM

Posted 29 December 2013 - 07:42 PM

You are using a 32bit CD, while the system is 64bit. Have you attempted to fix this computer using that CD? That may affect the system. Do you have another computer running Windows 7 64bit?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 31 December 2013 - 03:04 AM

Thanks for the reply.
I have tried unsuccessfully to repair this computer using the x32 disc, but not before this failure
I will try and find another disc, and run first again.
Thanks

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:11 PM

Posted 31 December 2013 - 12:44 PM

You can create a Repair CD using a 64bit Windows 7 machine. Here are the instructions:

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.
  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
WTSRD1.gif
  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
WTSRD2.gif
  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 01 January 2014 - 03:41 PM

Can I create this repair disc from another computer, as long as it has the optical drive?

Thanks

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:11 PM

Posted 01 January 2014 - 05:51 PM

Yes, and the system is Windows 7 64bit.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 01 January 2014 - 07:10 PM

Hi,

Ok, got a repair disc from a neighbor, ran the frst64 scan, and here is the log;

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by SYSTEM on MININT-NIPSGAA on 01-01-2014 15:58:40
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-10] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-10] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [78312 2012-05-08] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1707472 2013-11-05] (APN)
HKLM-x32\...\Run: [WD Anywhere Backup] - C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe [222432 2009-11-12] (Memeo Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWow64\Userinit.exe [x]
HKU\Primary User\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-04-16] (Hewlett-Packard Company)
HKU\Primary User\...\Run: [uTorrent] - C:\Users\Primary User\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-16] (BitTorrent Inc.)
HKU\Primary User\...\Winlogon: [Shell] Explorer.exe [2871808 2012-12-14] (Microsoft Corporation) <==== ATTENTION 
 
==================== Services (Whitelisted) =================
 
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-05] (APN LLC.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink)
S2 HPSLPSVC; C:\Users\Primary User\AppData\Local\Temp\7zS121F\HPSLPSVC64.DLL [1039360 2013-02-06] (Hewlett-Packard Co.)
S3 Media Center 18 Service; C:\Program Files (x86)\J River\Media Center 18\JRService.exe [496712 2013-08-05] (JRiver, Inc.)
S2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
S2 RetroExpLauncher; C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0\retrorun.exe [108064 2007-01-22] (EMC Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-03] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-10] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-12] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131223.002\ENG64.SYS [126040 2013-12-10] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131223.002\EX64.SYS [2099288 2013-12-10] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-25] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-29 12:27 - 2013-12-29 12:27 - 00000000 ____D C:\FRST
2013-12-23 22:06 - 2013-12-23 22:06 - 00000000 ____D C:\NBRT
2013-12-23 15:39 - 2013-12-23 15:39 - 00081721 _____ C:\Users\Primary User\AppData\Local\csrwuail.exe
2013-12-23 12:21 - 2013-12-23 12:21 - 00012326 _____ C:\Users\Primary User\AppData\Local\kvnrlrqu
2013-12-23 12:20 - 2013-12-23 12:20 - 00012326 _____ C:\Users\Primary User\AppData\Local\oiusujph
2013-12-23 12:19 - 2013-12-23 12:19 - 00012326 _____ C:\Users\Primary User\AppData\Local\xhanmoev
2013-12-23 12:18 - 2013-12-23 12:18 - 00012326 _____ C:\Users\Primary User\AppData\Local\iwqwdpdv
2013-12-23 12:17 - 2013-12-23 12:17 - 00067992 _____ C:\Users\Primary User\AppData\Local\figbeknq
2013-12-23 12:08 - 2013-12-23 12:08 - 00000000 _____ C:\Users\Primary User\AppData\Roaming\SharedSettings.ccs
2013-12-21 01:10 - 2013-12-21 01:10 - 00181110 _____ C:\Users\Primary User\Downloads\pb balancer 1.bmp
2013-12-20 23:33 - 2013-12-20 23:33 - 00051331 _____ C:\Users\Primary User\Downloads\Checking2 (24).qfx
2013-12-20 23:33 - 2013-12-20 23:33 - 00022283 _____ C:\Users\Primary User\Downloads\Checking1 (21).qfx
2013-12-20 23:09 - 2013-12-20 23:09 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-19 12:51 - 2013-12-19 12:51 - 00050904 _____ C:\Users\Primary User\Downloads\Checking2 (23).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (20).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (19).qfx
2013-12-17 09:02 - 2013-12-17 09:02 - 00021916 _____ C:\Users\Primary User\Downloads\Checking1 (18).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (22).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (21).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (20).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (19).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (17).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (16).qfx
2013-12-16 11:16 - 2013-12-16 11:16 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (9).qfx
2013-12-16 11:15 - 2013-12-16 11:15 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (8).qfx
2013-12-16 11:14 - 2013-12-16 11:14 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (18).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (15).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (14).qfx
2013-12-14 10:52 - 2013-12-14 10:52 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (13).qfx
2013-12-14 10:50 - 2013-12-14 10:50 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (17).qfx
2013-12-12 03:05 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-12 03:05 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:03 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-12 03:03 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-12 03:03 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-12 03:03 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:03 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-12 03:03 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-12 03:03 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-12 03:03 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-12 03:03 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-12 03:03 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:03 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-12 03:03 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-12 03:03 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-12 03:03 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-12 03:03 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-12 03:03 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:03 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:03 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-12 03:03 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:03 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:03 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:03 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-12 03:03 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-12 03:03 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:03 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:03 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-12 03:03 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-12 03:03 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-12 03:03 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:03 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:03 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 04:55 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 04:55 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-11 04:55 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-11 04:55 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 04:55 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-11 04:55 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 04:55 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 04:55 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 04:55 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 04:55 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 04:55 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 04:55 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 04:55 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 04:55 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 04:55 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-11 04:55 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 04:55 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 04:55 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 04:55 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-10 11:19 - 2013-12-10 11:19 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (8).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (7).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (6).qfx
2013-12-10 11:17 - 2013-12-10 11:17 - 00023566 _____ C:\Users\Primary User\Downloads\Checking1 (12).qfx
2013-12-10 11:16 - 2013-12-10 11:16 - 00051948 _____ C:\Users\Primary User\Downloads\Checking2 (16).qfx
2013-12-06 11:42 - 2013-12-06 11:42 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (7).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (5).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (4).qfx
2013-12-06 11:40 - 2013-12-06 11:40 - 00023124 _____ C:\Users\Primary User\Downloads\Checking1 (11).qfx
2013-12-06 11:39 - 2013-12-06 11:39 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (15).qfx
2013-12-06 11:38 - 2013-12-06 11:38 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (14).qfx
2013-12-03 18:32 - 2013-12-03 18:32 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-12-03 18:32 - 2013-12-03 18:32 - 00000000 ____D C:\ProgramData\Oracle
2013-12-03 18:32 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-03 18:31 - 2013-12-03 18:31 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-03 18:31 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-03 18:31 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-03 18:31 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-03 18:09 - 2013-12-03 18:09 - 00003088 _____ C:\{6B3C5724-06BD-4831-837C-0ACE19BB2C2B}
 
==================== One Month Modified Files and Folders =======
 
2013-12-29 12:27 - 2013-12-29 12:27 - 00000000 ____D C:\FRST
2013-12-23 22:06 - 2013-12-23 22:06 - 00000000 ____D C:\NBRT
2013-12-23 15:44 - 2013-06-19 14:48 - 01781944 _____ C:\Windows\WindowsUpdate.log
2013-12-23 15:42 - 2013-06-21 16:33 - 00000373 _____ C:\Windows\lgfwup.ini
2013-12-23 15:42 - 2013-06-21 16:33 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2013-12-23 15:41 - 2013-06-28 10:46 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-23 15:41 - 2013-06-21 23:26 - 00000000 ____D C:\Users\Primary User\AppData\Roaming\uTorrent
2013-12-23 15:41 - 2010-11-20 19:47 - 00083898 _____ C:\Windows\PFRO.log
2013-12-23 15:41 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-23 15:41 - 2009-07-13 20:51 - 00032377 _____ C:\Windows\setupact.log
2013-12-23 15:39 - 2013-12-23 15:39 - 00081721 _____ C:\Users\Primary User\AppData\Local\csrwuail.exe
2013-12-23 15:11 - 2013-06-21 18:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 15:08 - 2013-06-28 10:46 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 13:34 - 2009-07-13 20:45 - 00026768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 13:34 - 2009-07-13 20:45 - 00026768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 13:24 - 2013-06-21 22:54 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-12-23 12:21 - 2013-12-23 12:21 - 00012326 _____ C:\Users\Primary User\AppData\Local\kvnrlrqu
2013-12-23 12:20 - 2013-12-23 12:20 - 00012326 _____ C:\Users\Primary User\AppData\Local\oiusujph
2013-12-23 12:19 - 2013-12-23 12:19 - 00012326 _____ C:\Users\Primary User\AppData\Local\xhanmoev
2013-12-23 12:18 - 2013-12-23 12:18 - 00012326 _____ C:\Users\Primary User\AppData\Local\iwqwdpdv
2013-12-23 12:17 - 2013-12-23 12:17 - 00067992 _____ C:\Users\Primary User\AppData\Local\figbeknq
2013-12-23 12:08 - 2013-12-23 12:08 - 00000000 _____ C:\Users\Primary User\AppData\Roaming\SharedSettings.ccs
2013-12-21 01:10 - 2013-12-21 01:10 - 00181110 _____ C:\Users\Primary User\Downloads\pb balancer 1.bmp
2013-12-20 23:33 - 2013-12-20 23:33 - 00051331 _____ C:\Users\Primary User\Downloads\Checking2 (24).qfx
2013-12-20 23:33 - 2013-12-20 23:33 - 00022283 _____ C:\Users\Primary User\Downloads\Checking1 (21).qfx
2013-12-20 23:09 - 2013-12-20 23:09 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-19 12:51 - 2013-12-19 12:51 - 00050904 _____ C:\Users\Primary User\Downloads\Checking2 (23).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (20).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (19).qfx
2013-12-17 09:02 - 2013-12-17 09:02 - 00021916 _____ C:\Users\Primary User\Downloads\Checking1 (18).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (22).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (21).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (20).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (19).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (17).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (16).qfx
2013-12-16 13:11 - 2009-07-13 21:13 - 00785878 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-16 11:16 - 2013-12-16 11:16 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (9).qfx
2013-12-16 11:15 - 2013-12-16 11:15 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (8).qfx
2013-12-16 11:14 - 2013-12-16 11:14 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (18).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (15).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (14).qfx
2013-12-14 10:52 - 2013-12-14 10:52 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (13).qfx
2013-12-14 10:50 - 2013-12-14 10:50 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (17).qfx
2013-12-14 03:02 - 2013-08-14 02:01 - 00000000 ____D C:\Windows\System32\MRT
2013-12-14 03:00 - 2013-06-19 15:43 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-12 04:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 03:25 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 03:24 - 2009-07-13 20:45 - 00432016 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-12 03:04 - 2013-06-19 16:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 22:11 - 2013-06-21 18:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 22:11 - 2013-06-21 18:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 22:11 - 2013-06-21 18:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 11:19 - 2013-12-10 11:19 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (8).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (7).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (6).qfx
2013-12-10 11:17 - 2013-12-10 11:17 - 00023566 _____ C:\Users\Primary User\Downloads\Checking1 (12).qfx
2013-12-10 11:16 - 2013-12-10 11:16 - 00051948 _____ C:\Users\Primary User\Downloads\Checking2 (16).qfx
2013-12-08 23:14 - 2013-10-19 19:55 - 00000000 ____D C:\Users\Primary User\Documents\Craigslist pics
2013-12-06 18:03 - 2013-06-28 10:46 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 18:03 - 2013-06-28 10:46 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 11:42 - 2013-12-06 11:42 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (7).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (5).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (4).qfx
2013-12-06 11:40 - 2013-12-06 11:40 - 00023124 _____ C:\Users\Primary User\Downloads\Checking1 (11).qfx
2013-12-06 11:39 - 2013-12-06 11:39 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (15).qfx
2013-12-06 11:38 - 2013-12-06 11:38 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (14).qfx
2013-12-04 16:05 - 2013-06-28 10:47 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 18:32 - 2013-12-03 18:32 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-12-03 18:32 - 2013-12-03 18:32 - 00000000 ____D C:\ProgramData\Oracle
2013-12-03 18:31 - 2013-12-03 18:31 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-03 18:31 - 2013-07-10 18:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-03 18:28 - 2013-06-19 16:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-03 18:26 - 2013-06-28 10:23 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-12-03 18:25 - 2013-06-28 10:23 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-03 18:24 - 2013-11-25 21:50 - 00002440 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-12-03 18:09 - 2013-12-03 18:09 - 00003088 _____ C:\{6B3C5724-06BD-4831-837C-0ACE19BB2C2B}
 
Files to move or delete:
====================
C:\Users\Primary User\tsMS.reg
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-11-27 00:50:19
Restore point made on: 2013-12-03 18:28:43
Restore point made on: 2013-12-03 18:31:03
Restore point made on: 2013-12-05 03:00:18
Restore point made on: 2013-12-12 03:00:30
Restore point made on: 2013-12-14 03:00:27
Restore point made on: 2013-12-22 00:00:10
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 6143.3 MB
Available physical RAM: 5420.98 MB
Total Pagefile: 6141.45 MB
Available Pagefile: 5409.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:403.96 GB) NTFS
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive h: (CARD) (Removable) (Total:0.93 GB) (Free:0.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 953 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=952 MB) - (Type=0B)
 
 
LastRegBack: 2013-12-20 01:19
 
==================== End Of Log ============================


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:11 PM

Posted 02 January 2014 - 02:35 PM

Download the enclosed file.

Save it in the location FRST64 is.

Run FRST64 and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

 

Attempt to start in Normal Mode and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 02 January 2014 - 03:04 PM

Ran the fixlist, and it still won't boot to windows.  I'm getting the "Missing operating system" message 
 
Thanks
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01
Ran by SYSTEM at 2014-01-02 11:58:17 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Start
HKU\Primary User\...\Winlogon: [Shell] Explorer.exe [ 2012-12-14] (Microsoft Corporation) <==== ATTENTION 
C:\Users\Primary User\AppData\Local\csrwuail.exe
C:\Users\Primary User\AppData\Local\kvnrlrqu
C:\Users\Primary User\AppData\Local\oiusujph
C:\Users\Primary User\AppData\Local\xhanmoev
C:\Users\Primary User\AppData\Local\iwqwdpdv
C:\Users\Primary User\AppData\Local\figbeknq
End
*****************
 
HKU\Primary User\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Primary User\AppData\Local\csrwuail.exe => Moved successfully.
C:\Users\Primary User\AppData\Local\kvnrlrqu => Moved successfully.
C:\Users\Primary User\AppData\Local\oiusujph => Moved successfully.
C:\Users\Primary User\AppData\Local\xhanmoev => Moved successfully.
C:\Users\Primary User\AppData\Local\iwqwdpdv => Moved successfully.
C:\Users\Primary User\AppData\Local\figbeknq => Moved successfully.
 
==== End of Fixlog ====


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:11 PM

Posted 02 January 2014 - 04:36 PM

Please re-scan with FRST64. This time, put a checkmark on List BCD and post the resulting FRST.txt report


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 02 January 2014 - 04:47 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by SYSTEM on MININT-NNH2D8F on 02-01-2014 13:44:45
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-10] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-10] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [78312 2012-05-08] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1707472 2013-11-05] (APN)
HKLM-x32\...\Run: [WD Anywhere Backup] - C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe [222432 2009-11-12] (Memeo Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWow64\Userinit.exe [x]
HKU\Primary User\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-04-16] (Hewlett-Packard Company)
HKU\Primary User\...\Run: [uTorrent] - C:\Users\Primary User\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-16] (BitTorrent Inc.)
 
==================== Services (Whitelisted) =================
 
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-05] (APN LLC.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink)
S2 HPSLPSVC; C:\Users\Primary User\AppData\Local\Temp\7zS121F\HPSLPSVC64.DLL [1039360 2013-02-06] (Hewlett-Packard Co.)
S3 Media Center 18 Service; C:\Program Files (x86)\J River\Media Center 18\JRService.exe [496712 2013-08-05] (JRiver, Inc.)
S2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
S2 RetroExpLauncher; C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0\retrorun.exe [108064 2007-01-22] (EMC Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-03] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-10] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20131220.001\IDSvia64.sys [521944 2013-12-12] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131223.002\ENG64.SYS [126040 2013-12-10] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131223.002\EX64.SYS [2099288 2013-12-10] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-25] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-29 12:27 - 2013-12-29 12:27 - 00000000 ____D C:\FRST
2013-12-23 22:06 - 2013-12-23 22:06 - 00000000 ____D C:\NBRT
2013-12-23 12:08 - 2013-12-23 12:08 - 00000000 _____ C:\Users\Primary User\AppData\Roaming\SharedSettings.ccs
2013-12-21 01:10 - 2013-12-21 01:10 - 00181110 _____ C:\Users\Primary User\Downloads\pb balancer 1.bmp
2013-12-20 23:33 - 2013-12-20 23:33 - 00051331 _____ C:\Users\Primary User\Downloads\Checking2 (24).qfx
2013-12-20 23:33 - 2013-12-20 23:33 - 00022283 _____ C:\Users\Primary User\Downloads\Checking1 (21).qfx
2013-12-20 23:09 - 2013-12-20 23:09 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-19 12:51 - 2013-12-19 12:51 - 00050904 _____ C:\Users\Primary User\Downloads\Checking2 (23).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (20).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (19).qfx
2013-12-17 09:02 - 2013-12-17 09:02 - 00021916 _____ C:\Users\Primary User\Downloads\Checking1 (18).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (22).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (21).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (20).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (19).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (17).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (16).qfx
2013-12-16 11:16 - 2013-12-16 11:16 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (9).qfx
2013-12-16 11:15 - 2013-12-16 11:15 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (8).qfx
2013-12-16 11:14 - 2013-12-16 11:14 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (18).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (15).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (14).qfx
2013-12-14 10:52 - 2013-12-14 10:52 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (13).qfx
2013-12-14 10:50 - 2013-12-14 10:50 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (17).qfx
2013-12-12 03:05 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-12 03:05 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:03 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-12 03:03 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-12 03:03 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-12 03:03 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:03 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-12 03:03 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-12 03:03 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-12 03:03 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-12 03:03 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-12 03:03 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:03 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-12 03:03 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-12 03:03 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-12 03:03 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-12 03:03 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-12 03:03 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:03 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:03 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-12 03:03 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:03 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:03 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:03 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-12 03:03 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-12 03:03 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:03 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:03 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-12 03:03 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-12 03:03 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-12 03:03 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:03 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:03 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 04:55 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 04:55 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-11 04:55 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-11 04:55 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 04:55 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-11 04:55 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 04:55 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 04:55 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 04:55 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 04:55 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 04:55 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 04:55 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 04:55 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 04:55 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 04:55 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-11 04:55 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 04:55 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 04:55 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 04:55 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-10 11:19 - 2013-12-10 11:19 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (8).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (7).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (6).qfx
2013-12-10 11:17 - 2013-12-10 11:17 - 00023566 _____ C:\Users\Primary User\Downloads\Checking1 (12).qfx
2013-12-10 11:16 - 2013-12-10 11:16 - 00051948 _____ C:\Users\Primary User\Downloads\Checking2 (16).qfx
2013-12-06 11:42 - 2013-12-06 11:42 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (7).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (5).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (4).qfx
2013-12-06 11:40 - 2013-12-06 11:40 - 00023124 _____ C:\Users\Primary User\Downloads\Checking1 (11).qfx
2013-12-06 11:39 - 2013-12-06 11:39 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (15).qfx
2013-12-06 11:38 - 2013-12-06 11:38 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (14).qfx
2013-12-03 18:32 - 2013-12-03 18:32 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-12-03 18:32 - 2013-12-03 18:32 - 00000000 ____D C:\ProgramData\Oracle
2013-12-03 18:32 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-03 18:31 - 2013-12-03 18:31 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-03 18:31 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-03 18:31 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-03 18:31 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-03 18:09 - 2013-12-03 18:09 - 00003088 _____ C:\{6B3C5724-06BD-4831-837C-0ACE19BB2C2B}
 
==================== One Month Modified Files and Folders =======
 
2013-12-29 12:27 - 2013-12-29 12:27 - 00000000 ____D C:\FRST
2013-12-23 22:06 - 2013-12-23 22:06 - 00000000 ____D C:\NBRT
2013-12-23 15:44 - 2013-06-19 14:48 - 01781944 _____ C:\Windows\WindowsUpdate.log
2013-12-23 15:42 - 2013-06-21 16:33 - 00000373 _____ C:\Windows\lgfwup.ini
2013-12-23 15:42 - 2013-06-21 16:33 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2013-12-23 15:41 - 2013-06-28 10:46 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-23 15:41 - 2013-06-21 23:26 - 00000000 ____D C:\Users\Primary User\AppData\Roaming\uTorrent
2013-12-23 15:41 - 2010-11-20 19:47 - 00083898 _____ C:\Windows\PFRO.log
2013-12-23 15:41 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-23 15:41 - 2009-07-13 20:51 - 00032377 _____ C:\Windows\setupact.log
2013-12-23 15:11 - 2013-06-21 18:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-23 15:08 - 2013-06-28 10:46 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 13:34 - 2009-07-13 20:45 - 00026768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 13:34 - 2009-07-13 20:45 - 00026768 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 13:24 - 2013-06-21 22:54 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-12-23 12:08 - 2013-12-23 12:08 - 00000000 _____ C:\Users\Primary User\AppData\Roaming\SharedSettings.ccs
2013-12-21 01:10 - 2013-12-21 01:10 - 00181110 _____ C:\Users\Primary User\Downloads\pb balancer 1.bmp
2013-12-20 23:33 - 2013-12-20 23:33 - 00051331 _____ C:\Users\Primary User\Downloads\Checking2 (24).qfx
2013-12-20 23:33 - 2013-12-20 23:33 - 00022283 _____ C:\Users\Primary User\Downloads\Checking1 (21).qfx
2013-12-20 23:09 - 2013-12-20 23:09 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-19 12:51 - 2013-12-19 12:51 - 00050904 _____ C:\Users\Primary User\Downloads\Checking2 (23).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (20).qfx
2013-12-19 12:50 - 2013-12-19 12:50 - 00021837 _____ C:\Users\Primary User\Downloads\Checking1 (19).qfx
2013-12-17 09:02 - 2013-12-17 09:02 - 00021916 _____ C:\Users\Primary User\Downloads\Checking1 (18).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (22).qfx
2013-12-17 09:01 - 2013-12-17 09:01 - 00049996 _____ C:\Users\Primary User\Downloads\Checking2 (21).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (20).qfx
2013-12-17 00:52 - 2013-12-17 00:52 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (19).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (17).qfx
2013-12-17 00:51 - 2013-12-17 00:51 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (16).qfx
2013-12-16 13:11 - 2009-07-13 21:13 - 00785878 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-16 11:16 - 2013-12-16 11:16 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (9).qfx
2013-12-16 11:15 - 2013-12-16 11:15 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (8).qfx
2013-12-16 11:14 - 2013-12-16 11:14 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (18).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (15).qfx
2013-12-16 11:13 - 2013-12-16 11:13 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (14).qfx
2013-12-14 10:52 - 2013-12-14 10:52 - 00022599 _____ C:\Users\Primary User\Downloads\Checking1 (13).qfx
2013-12-14 10:50 - 2013-12-14 10:50 - 00049278 _____ C:\Users\Primary User\Downloads\Checking2 (17).qfx
2013-12-14 03:02 - 2013-08-14 02:01 - 00000000 ____D C:\Windows\System32\MRT
2013-12-14 03:00 - 2013-06-19 15:43 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-12 04:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 03:25 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 03:24 - 2009-07-13 20:45 - 00432016 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-12 03:04 - 2013-06-19 16:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 22:11 - 2013-06-21 18:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 22:11 - 2013-06-21 18:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 22:11 - 2013-06-21 18:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 11:19 - 2013-12-10 11:19 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (8).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (7).qfx
2013-12-10 11:18 - 2013-12-10 11:18 - 00003541 _____ C:\Users\Primary User\Downloads\MarketRate3 (6).qfx
2013-12-10 11:17 - 2013-12-10 11:17 - 00023566 _____ C:\Users\Primary User\Downloads\Checking1 (12).qfx
2013-12-10 11:16 - 2013-12-10 11:16 - 00051948 _____ C:\Users\Primary User\Downloads\Checking2 (16).qfx
2013-12-08 23:14 - 2013-10-19 19:55 - 00000000 ____D C:\Users\Primary User\Documents\Craigslist pics
2013-12-06 18:03 - 2013-06-28 10:46 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 18:03 - 2013-06-28 10:46 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 11:42 - 2013-12-06 11:42 - 00002203 _____ C:\Users\Primary User\Downloads\Savings4 (7).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (5).qfx
2013-12-06 11:41 - 2013-12-06 11:41 - 00003543 _____ C:\Users\Primary User\Downloads\MarketRate3 (4).qfx
2013-12-06 11:40 - 2013-12-06 11:40 - 00023124 _____ C:\Users\Primary User\Downloads\Checking1 (11).qfx
2013-12-06 11:39 - 2013-12-06 11:39 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (15).qfx
2013-12-06 11:38 - 2013-12-06 11:38 - 00051412 _____ C:\Users\Primary User\Downloads\Checking2 (14).qfx
2013-12-04 16:05 - 2013-06-28 10:47 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 18:32 - 2013-12-03 18:32 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-12-03 18:32 - 2013-12-03 18:32 - 00000000 ____D C:\ProgramData\Oracle
2013-12-03 18:31 - 2013-12-03 18:31 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-12-03 18:31 - 2013-07-10 18:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-03 18:28 - 2013-06-19 16:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-03 18:26 - 2013-06-28 10:23 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-12-03 18:25 - 2013-06-28 10:23 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-03 18:24 - 2013-11-25 21:50 - 00002440 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-12-03 18:09 - 2013-12-03 18:09 - 00003088 _____ C:\{6B3C5724-06BD-4831-837C-0ACE19BB2C2B}
 
Files to move or delete:
====================
C:\Users\Primary User\tsMS.reg
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-11-27 00:50:19
Restore point made on: 2013-12-03 18:28:43
Restore point made on: 2013-12-03 18:31:03
Restore point made on: 2013-12-05 03:00:18
Restore point made on: 2013-12-12 03:00:30
Restore point made on: 2013-12-14 03:00:27
Restore point made on: 2013-12-22 00:00:10
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {ac879f4e-d939-11e2-afcf-c7b63de0d3f3}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {ac879f50-d939-11e2-afcf-c7b63de0d3f3}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {ac879f4e-d939-11e2-afcf-c7b63de0d3f3}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {ac879f50-d939-11e2-afcf-c7b63de0d3f3}
device                  ramdisk=[C:]\Recovery\ac879f50-d939-11e2-afcf-c7b63de0d3f3\Winre.wim,{ac879f51-d939-11e2-afcf-c7b63de0d3f3}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\ac879f50-d939-11e2-afcf-c7b63de0d3f3\Winre.wim,{ac879f51-d939-11e2-afcf-c7b63de0d3f3}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {ac879f4e-d939-11e2-afcf-c7b63de0d3f3}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {ac879f51-d939-11e2-afcf-c7b63de0d3f3}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\ac879f50-d939-11e2-afcf-c7b63de0d3f3\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 6143.3 MB
Available physical RAM: 5415.34 MB
Total Pagefile: 6141.45 MB
Available Pagefile: 5398.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:403.96 GB) NTFS
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive g: (CARD) (Removable) (Total:0.93 GB) (Free:0.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 953 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=952 MB) - (Type=0B)
 
 
LastRegBack: 2013-12-20 01:19
 
==================== End Of Log ============================


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:11 PM

Posted 02 January 2014 - 06:42 PM

Boot to a command prompt with the Repair CD. At the prompt type the following and press Enter:

 

CHKDSK C: /F

 

Be patient, it may take a while. Let me know te outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Donskee

Donskee
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 03 January 2014 - 03:09 AM

Here ya go,
Thanks for your help
 
X:\windows\system32>CHKDSK C:/F
The type of the file system is NTFS.
 
CHKDSK is verifying files (stage 1 of 3)...
  148992 file records processed.
File verification completed.
  291 large file records processed.
  0 bad file records processed.
  2 EA records processed.
  44 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
  200726 index entries processed.
Index verification completed.
  0 unindexed files scanned.
  0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 3)...
  148992 file SDs/SIDs processed.
Security descriptor verification completed.
  25868 data files processed.
CHKDSK is verifying Usn Journal...
  36056840 USN bytes processed.
Usn Journal verification completed.
Windows has checked the file system and found no problems.
 
 488280063 KB total disk space.
  64352992 KB in 115961 files.
     71276 KB in 25869 indexes.
         0 KB in bad sectors.
    266043 KB in use by the system.
     65536 KB occupied by the log file.
 423589752 KB available on disk.
 
      4096 bytes in each allocation unit.
 122070015 total allocation units on disk.
 105897438 allocation units available on disk.
Failed to transfer logged messages to the event log with status 50.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users