Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

plug and play malware problems I think...please help


  • This topic is locked This topic is locked
6 replies to this topic

#1 vbpete88

vbpete88

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 12 January 2014 - 11:57 AM

Hello,

 

My computer is shutting off randomly and I am getting an message that says windows must restart because plug and play service terminated unexpectly.  Also have problems with random commercials playing in the background.  Looked at this website for answers.  Started here...Ran frs recovery tool I think its called.  Here are the results.  Please help. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2014
Ran by Pete (administrator) on PETE-HP on 12-01-2014 11:46:26
Running from C:\Users\Pete\Documents
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Dropbox, Inc.) C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(magicJack L.P.) C:\Users\Pete\AppData\Roaming\mjusbsp\magicJack.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corp.) C:\Users\Pete\Documents\mbar-1.07.0.1008.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\Pete\Desktop\mbar\mbar.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DBAgent] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517128 2013-10-18] (Seagate Technology LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [cdloader] - C:\Users\Pete\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKCU\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1040712 2012-06-14] ()
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-31] (Google Inc.)
HKCU\...\Run: [Uploader] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-10-18] (Seagate Technology LLC)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0FA99184-40EC-48FB-BFB9-0D15DC593B77} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {47743125-308E-4A89-B596-4F844FB62D1C} URL = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
SearchScopes: HKLM - {99F16232-C804-42E3-B890-E89C8C2954FC} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {9AB797C0-EAFA-4A5D-A65B-2E286BDD1535} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {0FA99184-40EC-48FB-BFB9-0D15DC593B77} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {99F16232-C804-42E3-B890-E89C8C2954FC} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - DefaultScope {0D6C56F2-F046-466F-B0F4-BEF5C30624EE} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_enUS412
SearchScopes: HKCU - {0D6C56F2-F046-466F-B0F4-BEF5C30624EE} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_enUS412
SearchScopes: HKCU - {0FA99184-40EC-48FB-BFB9-0D15DC593B77} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {94A18518-20C1-4979-9E41-FFE5C68C0BE9} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {99F16232-C804-42E3-B890-E89C8C2954FC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
BHO: No Name - {31ad400d-1b06-4e33-a59a-90c2c140cba0} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {9D717F81-9148-4f12-8568-69135F087DB0} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: No Name - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: homepage_is_newtabpage
CHR RestoreOnStartup: "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=DF2038032428A5528903D85198CBA1F9"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={72B1FF58-D6EF-4438-AD78-F3F75DD06D44}&mid=d97c39df178e47d382e7cde6b188e1fc-0501ac711fab5282ddb9c5b50317b4e49b09112c&lang=en&ds=co011&pr=sa&d=2013-09-19 17:37:04&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR Extension: (QuickShare Widget) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0 [2013-09-19]
CHR Extension: (YouTube) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 [2012-12-04]
CHR Extension: (Google Search) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1 [2012-12-04]
CHR Extension: (Norton Identity Protection) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0 [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2012-12-04]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-12-09]

==================== Services (Whitelisted) =================

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-10-31] (SurfRight B.V.)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-07-09] (NETGEAR)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-10-18] (Seagate Technology LLC)
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-15] (EldoS Corporation)
U3 EraserUtilDrv11312; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [137648 2013-11-20] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-19] (GFI Software)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140110.001\IDSvia64.sys [521944 2013-12-12] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2014-01-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [117464 2014-01-12] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140111.005\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20140111.005\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-24] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43680 2013-03-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 NPF; system32\drivers\NPF.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-12 11:46 - 2014-01-12 11:47 - 00018612 _____ C:\Users\Pete\Documents\FRST.txt
2014-01-12 11:45 - 2014-01-12 11:45 - 02075136 _____ (Farbar) C:\Users\Pete\Documents\FRST64.exe
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\FRST
2014-01-12 11:40 - 2014-01-12 11:40 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Pete\Documents\mbar-1.07.0.1008.exe
2014-01-12 10:26 - 2014-01-12 10:26 - 97483024 _____ (Microsoft Corporation) C:\Users\Pete\Documents\msert.exe
2014-01-12 10:10 - 2014-01-12 10:13 - 00000000 ___SD C:\ComboFix
2014-01-12 09:59 - 2014-01-12 09:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Pete\Documents\iExplore.exe
2014-01-12 09:58 - 2014-01-12 10:01 - 00002758 _____ C:\Users\Pete\Desktop\Rkill.txt
2014-01-12 09:58 - 2014-01-12 09:58 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Pete\Documents\rkill.exe
2014-01-12 09:55 - 2014-01-12 09:56 - 00002667 _____ C:\Users\Pete\Desktop\FSS.txt
2014-01-12 09:54 - 2014-01-12 09:54 - 00361185 _____ (Farbar) C:\Users\Pete\Documents\FSS.exe
2014-01-12 09:53 - 2014-01-12 11:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-12 09:53 - 2014-01-12 11:40 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-12 09:53 - 2014-01-12 09:53 - 00987410 _____ C:\Users\Pete\Documents\SecurityCheck.exe
2014-01-12 09:52 - 2014-01-12 11:40 - 00000000 ____D C:\Users\Pete\Desktop\mbar
2014-01-12 09:52 - 2014-01-12 09:52 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 09:45 - 2014-01-12 09:45 - 00001879 _____ C:\Users\Pete\Desktop\RKreport[0]_D_01122014_094501.txt
2014-01-12 09:44 - 2014-01-12 09:44 - 00001798 _____ C:\Users\Pete\Desktop\RKreport[0]_S_01122014_094453.txt
2014-01-12 09:42 - 2014-01-12 09:45 - 00000000 ____D C:\Users\Pete\Desktop\RK_Quarantine
2014-01-12 09:28 - 2014-01-12 10:14 - 00001098 _____ C:\Windows\PFRO.log
2014-01-12 09:17 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-12 09:17 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-12 09:17 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-12 09:17 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-12 09:17 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-12 09:17 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-12 09:17 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-12 09:17 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-12 09:15 - 2014-01-12 10:10 - 00000000 ____D C:\Qoobox
2014-01-12 09:15 - 2014-01-12 09:35 - 00000000 ____D C:\Windows\erdnt
2014-01-12 09:14 - 2014-01-12 09:14 - 05162489 ____R (Swearware) C:\Users\Pete\Documents\ComboFix.exe
2014-01-11 14:32 - 2014-01-11 14:32 - 00002168 _____ C:\{732D3E5A-1082-4E9D-BEE2-2519CFD64479}
2014-01-11 14:30 - 2014-01-11 14:30 - 00002624 _____ C:\{86FC7DF9-A5A1-41BD-92A8-9B8590587C55}
2014-01-11 09:22 - 2014-01-11 09:22 - 00037376 _____ C:\Windows\system32\ritfkix.fuy
2014-01-11 09:12 - 2014-01-12 11:42 - 00000083 _____ C:\Windows\system32\ynmcpn.mnq
2014-01-11 09:11 - 2014-01-11 09:11 - 00081784 _____ C:\Users\Pete\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-11 09:10 - 2014-01-12 11:31 - 00000952 _____ C:\Windows\setupact.log
2014-01-11 09:10 - 2014-01-11 09:22 - 00000102 _____ C:\Windows\system32\gbqfyeu.puk
2014-01-11 09:10 - 2014-01-11 09:10 - 00338072 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-11 09:10 - 2014-01-11 09:10 - 00000064 _____ C:\Windows\system32\nvuv.wdc
2014-01-11 09:10 - 2014-01-11 09:10 - 00000000 _____ C:\Windows\setuperr.log
2014-01-10 19:32 - 2014-01-10 19:32 - 00219314 ____S C:\Windows\system32\ansof.jkl
2014-01-08 13:36 - 2014-01-11 12:33 - 00121344 _____ C:\Users\Pete\Documents\Hrs+for+JAN+2014(1) 6.xls
2014-01-02 10:47 - 2014-01-02 10:47 - 01477114 _____ C:\Users\Pete\Documents\DD_Service_Documents-2013-12-19.zip
2013-12-31 08:06 - 2013-12-31 08:06 - 00119296 _____ C:\Users\Pete\Documents\Hrs+for+DEC+2013(1) 7.xls
2013-12-30 15:50 - 2013-12-30 19:22 - 00003484 _____ C:\Windows\System32\Tasks\Pete DBAgent 2 0
2013-12-30 15:50 - 2013-12-30 15:50 - 00000000 ____D C:\Users\Pete\AppData\Roaming\Nero
2013-12-30 15:49 - 2013-12-30 15:49 - 00003496 _____ C:\Windows\System32\Tasks\Seagate_Install_Launch
2013-12-30 15:48 - 2013-12-30 15:48 - 00002725 _____ C:\Users\Public\Desktop\Seagate Dashboard 2.0.lnk
2013-12-30 15:48 - 2013-12-30 15:48 - 00000000 ____D C:\ProgramData\Nero
2013-12-30 15:48 - 2013-12-30 15:48 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-12-30 15:46 - 2013-12-30 15:46 - 00000000 ____D C:\Users\Pete\AppData\Roaming\Seagate
2013-12-30 15:46 - 2013-12-30 15:46 - 00000000 ____D C:\ProgramData\Seagate
2013-12-30 04:02 - 2013-12-30 04:02 - 00002528 _____ C:\{A1791635-43CF-4458-BE4B-0ED3723E039C}
2013-12-30 03:59 - 2013-12-30 03:59 - 00002416 _____ C:\{562DF978-3965-48C6-82C3-A6C9DAB4E1B4}
2013-12-20 13:35 - 2013-12-20 13:35 - 00128000 _____ C:\Users\Pete\Documents\Hrs+for+DEC+2013(1) 6.xls
2013-12-19 13:12 - 2013-12-19 13:12 - 00109569 _____ C:\Users\Pete\Documents\folderview.htm
2013-12-16 02:31 - 2013-12-16 02:31 - 00002656 _____ C:\{550F9D91-2C19-45B1-9E4B-924AA00B68DC}

==================== One Month Modified Files and Folders =======

2014-01-12 11:47 - 2014-01-12 11:46 - 00018612 _____ C:\Users\Pete\Documents\FRST.txt
2014-01-12 11:45 - 2014-01-12 11:45 - 02075136 _____ (Farbar) C:\Users\Pete\Documents\FRST64.exe
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\FRST
2014-01-12 11:42 - 2014-01-12 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-12 11:42 - 2014-01-11 09:12 - 00000083 _____ C:\Windows\system32\ynmcpn.mnq
2014-01-12 11:40 - 2014-01-12 11:40 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Pete\Documents\mbar-1.07.0.1008.exe
2014-01-12 11:40 - 2014-01-12 09:53 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-12 11:40 - 2014-01-12 09:52 - 00000000 ____D C:\Users\Pete\Desktop\mbar
2014-01-12 11:40 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 11:40 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 11:39 - 2012-07-06 11:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-12 11:36 - 2012-12-04 19:50 - 01645868 _____ C:\Windows\WindowsUpdate.log
2014-01-12 11:32 - 2012-09-18 15:48 - 00000000 ___RD C:\Users\Pete\Dropbox
2014-01-12 11:32 - 2012-09-18 15:42 - 00000000 ____D C:\Users\Pete\AppData\Roaming\Dropbox
2014-01-12 11:32 - 2011-08-11 09:47 - 00000991 _____ C:\Users\Pete\Desktop\magicJack.lnk
2014-01-12 11:32 - 2011-08-11 09:47 - 00000977 _____ C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2014-01-12 11:32 - 2011-08-09 03:20 - 00000000 ____D C:\Users\Pete\AppData\Roaming\mjusbsp
2014-01-12 11:32 - 2010-12-31 19:34 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 11:31 - 2014-01-11 09:10 - 00000952 _____ C:\Windows\setupact.log
2014-01-12 11:31 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 10:26 - 2014-01-12 10:26 - 97483024 _____ (Microsoft Corporation) C:\Users\Pete\Documents\msert.exe
2014-01-12 10:14 - 2014-01-12 09:28 - 00001098 _____ C:\Windows\PFRO.log
2014-01-12 10:13 - 2014-01-12 10:10 - 00000000 ___SD C:\ComboFix
2014-01-12 10:10 - 2014-01-12 09:15 - 00000000 ____D C:\Qoobox
2014-01-12 10:06 - 2013-08-30 09:43 - 00000000 ____D C:\AdwCleaner
2014-01-12 10:01 - 2014-01-12 09:58 - 00002758 _____ C:\Users\Pete\Desktop\Rkill.txt
2014-01-12 10:01 - 2011-01-03 16:34 - 00000000 ____D C:\Users\Pete\AppData\Local\CrashDumps
2014-01-12 09:59 - 2014-01-12 09:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Pete\Documents\iExplore.exe
2014-01-12 09:58 - 2014-01-12 09:58 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Pete\Documents\rkill.exe
2014-01-12 09:57 - 2010-12-31 19:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 09:56 - 2014-01-12 09:55 - 00002667 _____ C:\Users\Pete\Desktop\FSS.txt
2014-01-12 09:54 - 2014-01-12 09:54 - 00361185 _____ (Farbar) C:\Users\Pete\Documents\FSS.exe
2014-01-12 09:53 - 2014-01-12 09:53 - 00987410 _____ C:\Users\Pete\Documents\SecurityCheck.exe
2014-01-12 09:52 - 2014-01-12 09:52 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 09:45 - 2014-01-12 09:45 - 00001879 _____ C:\Users\Pete\Desktop\RKreport[0]_D_01122014_094501.txt
2014-01-12 09:45 - 2014-01-12 09:42 - 00000000 ____D C:\Users\Pete\Desktop\RK_Quarantine
2014-01-12 09:44 - 2014-01-12 09:44 - 00001798 _____ C:\Users\Pete\Desktop\RKreport[0]_S_01122014_094453.txt
2014-01-12 09:39 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2014-01-12 09:36 - 2010-12-31 17:43 - 00000000 ___RD C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-12 09:35 - 2014-01-12 09:15 - 00000000 ____D C:\Windows\erdnt
2014-01-12 09:31 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2014-01-12 09:28 - 2009-07-13 21:34 - 85721088 _____ C:\Windows\system32\config\software.bak
2014-01-12 09:28 - 2009-07-13 21:34 - 16777216 _____ C:\Windows\system32\config\system.bak
2014-01-12 09:28 - 2009-07-13 21:34 - 05668864 _____ C:\Windows\system32\config\default.bak
2014-01-12 09:28 - 2009-07-13 21:34 - 00057344 _____ C:\Windows\system32\config\sam.bak
2014-01-12 09:28 - 2009-07-13 21:34 - 00024576 _____ C:\Windows\system32\config\security.bak
2014-01-12 09:14 - 2014-01-12 09:14 - 05162489 ____R (Swearware) C:\Users\Pete\Documents\ComboFix.exe
2014-01-12 09:06 - 2010-12-31 17:38 - 00000000 ____D C:\Users\Pete
2014-01-12 08:17 - 2012-08-25 11:23 - 00000000 ____D C:\ProgramData\RFA_Backups
2014-01-12 02:48 - 2013-08-20 19:19 - 00000402 _____ C:\Windows\Tasks\Defraggler Volume C Task.job
2014-01-12 02:15 - 2010-12-31 19:37 - 00000000 ____D C:\Program Files\Defraggler
2014-01-11 21:47 - 2009-07-14 00:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-11 14:32 - 2014-01-11 14:32 - 00002168 _____ C:\{732D3E5A-1082-4E9D-BEE2-2519CFD64479}
2014-01-11 14:30 - 2014-01-11 14:30 - 00002624 _____ C:\{86FC7DF9-A5A1-41BD-92A8-9B8590587C55}
2014-01-11 12:34 - 2013-08-17 08:15 - 00046592 _____ C:\Users\Pete\Documents\Billing 16 (Autosaved) 1 (Autosaved) 2.xls
2014-01-11 12:33 - 2014-01-08 13:36 - 00121344 _____ C:\Users\Pete\Documents\Hrs+for+JAN+2014(1) 6.xls
2014-01-11 12:33 - 2013-08-17 08:15 - 00047104 _____ C:\Users\Pete\Documents\Billing 16 (Autosaved) 1 6 (Autosaved) 2.xls
2014-01-11 09:22 - 2014-01-11 09:22 - 00037376 _____ C:\Windows\system32\ritfkix.fuy
2014-01-11 09:22 - 2014-01-11 09:10 - 00000102 _____ C:\Windows\system32\gbqfyeu.puk
2014-01-11 09:11 - 2014-01-11 09:11 - 00081784 _____ C:\Users\Pete\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-11 09:10 - 2014-01-11 09:10 - 00338072 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-11 09:10 - 2014-01-11 09:10 - 00000064 _____ C:\Windows\system32\nvuv.wdc
2014-01-11 09:10 - 2014-01-11 09:10 - 00000000 _____ C:\Windows\setuperr.log
2014-01-10 19:32 - 2014-01-10 19:32 - 00219314 ____S C:\Windows\system32\ansof.jkl
2014-01-10 19:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2014-01-02 10:47 - 2014-01-02 10:47 - 01477114 _____ C:\Users\Pete\Documents\DD_Service_Documents-2013-12-19.zip
2013-12-31 08:06 - 2013-12-31 08:06 - 00119296 _____ C:\Users\Pete\Documents\Hrs+for+DEC+2013(1) 7.xls
2013-12-30 19:22 - 2013-12-30 15:50 - 00003484 _____ C:\Windows\System32\Tasks\Pete DBAgent 2 0
2013-12-30 15:50 - 2013-12-30 15:50 - 00000000 ____D C:\Users\Pete\AppData\Roaming\Nero
2013-12-30 15:49 - 2013-12-30 15:49 - 00003496 _____ C:\Windows\System32\Tasks\Seagate_Install_Launch
2013-12-30 15:48 - 2013-12-30 15:48 - 00002725 _____ C:\Users\Public\Desktop\Seagate Dashboard 2.0.lnk
2013-12-30 15:48 - 2013-12-30 15:48 - 00000000 ____D C:\ProgramData\Nero
2013-12-30 15:48 - 2013-12-30 15:48 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-12-30 15:46 - 2013-12-30 15:46 - 00000000 ____D C:\Users\Pete\AppData\Roaming\Seagate
2013-12-30 15:46 - 2013-12-30 15:46 - 00000000 ____D C:\ProgramData\Seagate
2013-12-30 15:44 - 2012-06-18 22:08 - 00000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2013-12-30 15:41 - 2009-07-14 00:13 - 00005568 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 04:02 - 2013-12-30 04:02 - 00002528 _____ C:\{A1791635-43CF-4458-BE4B-0ED3723E039C}
2013-12-30 03:59 - 2013-12-30 03:59 - 00002416 _____ C:\{562DF978-3965-48C6-82C3-A6C9DAB4E1B4}
2013-12-20 13:35 - 2013-12-20 13:35 - 00128000 _____ C:\Users\Pete\Documents\Hrs+for+DEC+2013(1) 6.xls
2013-12-19 13:12 - 2013-12-19 13:12 - 00109569 _____ C:\Users\Pete\Documents\folderview.htm
2013-12-17 14:12 - 2013-12-12 22:23 - 00127488 _____ C:\Users\Pete\Documents\Hrs+for+DEC+2013(1) 4.xls
2013-12-16 02:31 - 2013-12-16 02:31 - 00002656 _____ C:\{550F9D91-2C19-45B1-9E4B-924AA00B68DC}
2013-12-13 21:45 - 2012-01-10 04:42 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForPete
2013-12-13 21:45 - 2012-01-10 04:42 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForPete.job
2013-12-13 08:26 - 2011-01-17 10:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 08:25 - 2013-08-03 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 08:23 - 2010-12-31 17:59 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Pete\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) D6F448AE483869F70FA60AB14675EFDC

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-09 00:40

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:08 PM

Posted 16 January 2014 - 08:04 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 vbpete88

vbpete88
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 16 January 2014 - 09:52 AM

Hello Georgi,

 

Thank you for replying but it was too late for me.  My computer crashed yesterday and would not load windows or any other programs I had.  It kept trying to restart itself but would not make to the screen where all your main icons would pop up etc and you could use your computer.

 

I looked at the list of new threads in this forum and it seems like the majority of people are having the same problems I had.  I am hoping that you can help them so what happened to me does not happen to them. 

 

I ended up bringing my computer to Staples and they are trying to remove some of the bad stuff on there but it might end up getting wiped clean and have to reload programs. 



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:08 PM

Posted 17 January 2014 - 03:25 AM

Hi,

 

I am sorry to hear about your troubles. I wish I could answered earlier but we are swamped with topics at the moment.

Please let me know if you need this topic opened or I can close it. Thank you and I am sorry for the inconvenience caused.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 vbpete88

vbpete88
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 17 January 2014 - 09:34 AM

It is ok Georgi.  I know you guys help a lot of people and are very swamped sometimes.  I am just thankful there is a website like this out there to help people.  Please keep this topic open for a little while until I get my computer back from Staples and make sure everything is running ok.  I think what they told me yesterday is that I might have a zero access rootkit, which they said can be very difficult to remove sometimes and it takes them some time to clean up the computer to get things running ok again.  I will keep you updated.



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:08 PM

Posted 18 January 2014 - 06:35 AM

Ok, I'll leave the topic opened for a while then in case you have any questions or you want me to check the computer for malware remnants. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:08 PM

Posted 30 January 2014 - 09:30 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users