Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Won't Boot - Just Blinking Cursor After Post - Help Please.


  • This topic is locked This topic is locked
4 replies to this topic

#1 tbird2340

tbird2340

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 19 May 2014 - 10:23 AM

Had a user say she got a "UPS" email, didn't open it, but she obviously previewed it as after she did she said her PC shut down and now it just goes to a blinking cursor. Can't get into safe mode etc..
 
Below are the results of FRST:

 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by SYSTEM on MININT-QKCEN70 on 18-05-2014 23:15:26
Running from H:\
Platform: Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Hightail Sync Agent] => C:\Program Files (x86)\Hightail Desktop App\Hightail.exe [7040056 2013-10-28] (Hightail Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\mariab\...\Run: [Hightail.exe] => C:\Program Files (x86)\Hightail\Express\Hightail.exe [434176 2013-08-30] (Hightail)
HKU\mariab\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\mariab\...\Run: [hjpxnnvb] => "C:\Users\mariab\AppData\Local\mmrovdcv.exe"
Lsa: [Notification Packages] DPPassFilter scecli
 
========================== Services (Whitelisted) =================
 
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257712 2014-05-15] (Adobe Systems Incorporated)
S2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-17] (Andrea Electronics Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation)
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [279024 2013-06-10] (Intel Corporation)
S2 CSAPrintService; C:\Windows\csasvc.exe [118784 2009-11-10] (Thomson Reuters)
S2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [491320 2013-03-12] (DigitalPersona, Inc.)
S2 FCPrintService; C:\Windows\csifcsvc.exe [115712 2013-10-30] (Thomson Reuters)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [556856 2013-03-04] (Hewlett-Packard Company)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-12-05] (Macrovision Europe Ltd.)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company)
S2 HPFSService; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [1730776 2013-03-06] (Hewlett-Packard)
S3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376 2012-09-06] (Hewlett-Packard Company)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-20] (Microsoft Corporation)
S2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [183200 2013-01-03] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [366552 2013-04-11] (Intel Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-05-13] (Mozilla Foundation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S2 Panda Software Controller; C:\Program Files (x86)\Panda Software\AVTC\PsCtrlS.exe [325440 2011-01-13] (Panda Security)
S3 PavReport; C:\Program Files (x86)\Panda Software\Panda Administrator 3\PavReport\PavReport.exe [926976 2010-03-04] (Panda Security, S.L.)
S2 PavSrv; C:\Program Files (x86)\Panda Software\AVTC\PavSrvX86.exe [184576 2012-05-07] (Panda Security, S.L.)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1138824 2013-04-07] (PDF Complete Inc)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 PMShellSrv; C:\Program Files (x86)\Panda Software\AVTC\PSKMsSvc.exe [67120 2007-01-15] (Panda Software International)
S2 PsImSvc; C:\Program Files (x86)\Panda Software\AVTC\PsImSvc.exe [107328 2010-06-25] (Panda Security S.L.)
S2 PskSvc; C:\Program Files (x86)\Panda Software\AVTC\PskSvc.exe [27968 2010-08-16] (Panda Software International)
S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-27] (Intuit)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.)
S2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S2 Windows Agent Maintenance Service; C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe [30728 2013-12-17] (N-able Technologies)
S2 Windows Agent Service; C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe [274440 2013-12-17] (N-able Technologies)
 
==================== Drivers (Whitelisted) ====================
 
S2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [71432 2012-03-26] (Panda Security, S.L.)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-02-18] (Hewlett-Packard Company)
S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [677360 2013-05-30] (Intel Corporation)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-05-30] (Intel Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4438208 2013-06-03] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [3379272 2013-03-29] (Realtek Semiconductor Corp.)
S0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [20464 2013-04-26] (Intel Corporation)
S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [368112 2013-04-26] (Intel Corporation)
S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [786416 2013-04-26] (Intel Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 MEIx64; C:\Windows\system32\drivers\HECIx64.sys [64624 2013-04-11] (Intel Corporation)
S0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49928 2013-07-15] (WinMagic, Inc.)
S0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [210184 2013-07-15] (WinMagic Inc.)
S0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131848 2013-07-15] (WinMagic Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-19 05:41 - 2014-05-19 05:41 - 00000000 ____D () C:\Users\mariab\Downloads\013680
2014-05-19 05:41 - 2014-05-19 05:41 - 00000000 ____D () C:\Users\mariab\Documents\Video Download Converter
2014-05-19 05:41 - 2014-04-25 09:16 - 15609805 _____ () C:\Users\mariab\Downloads\BeautifulBlossomsElenaYansupova.themepack
2014-05-19 05:41 - 2014-01-03 06:03 - 02877643 _____ () C:\Users\mariab\Downloads\Lovebirds.themepack
2014-05-19 05:41 - 2013-12-05 13:06 - 09205655 _____ () C:\Users\mariab\Downloads\HolidayLights.themepack
2014-05-19 05:41 - 2013-12-05 12:27 - 31743846 _____ () C:\Users\mariab\Downloads\WINDOWS 64 BIT OS DRIVER PACKAGE FOR VENUS.zip
2014-05-19 05:41 - 2013-12-05 10:47 - 25058600 _____ (Hightail ) C:\Users\mariab\Downloads\HightailExpress-2_14_1.exe
2014-05-19 05:41 - 2013-12-05 10:32 - 18699832 _____ (Hightail, inc) C:\Users\mariab\Downloads\HightailDesktop.exe
2014-05-19 05:41 - 2013-08-02 05:40 - 501600536 _____ (Thomson ReutersTax & Accounting ) C:\Users\mariab\Downloads\utdownload_2011_5_0.exe
2014-05-19 05:41 - 2013-06-10 05:40 - 430210296 _____ (Thomson ReutersTax & Accounting ) C:\Users\mariab\Downloads\utdownload_2012_4_0.exe
2014-05-19 05:41 - 2013-06-06 07:28 - 02489024 _____ (Sysinternals - www.sysinternals.com) C:\Users\mariab\Downloads\Procmon.exe
2014-05-19 05:41 - 2011-08-22 05:50 - 00002132 _____ () C:\Users\mariab\Downloads\Prod_ADP_Root_G2_b64.cer
2014-05-19 05:40 - 2014-05-19 05:40 - 00000000 ____D () C:\Users\mariab\Documents\Outlook Files
2014-05-19 05:40 - 2014-05-19 05:40 - 00000000 ____D () C:\Users\mariab\Documents\My Smilebox Creations
2014-05-19 05:39 - 2014-05-19 05:39 - 00000000 ___SD () C:\Users\mariab\Documents\My Data Sources
2014-05-19 05:39 - 2014-05-19 05:39 - 00000000 ___HD () C:\Users\mariab\Documents\hp.system.package.metadata
2014-05-19 05:39 - 2014-05-19 05:39 - 00000000 ____D () C:\Users\mariab\Documents\Mikogo4
2014-05-19 05:39 - 2014-05-19 05:39 - 00000000 ____D () C:\Users\mariab\Documents\Fax
2014-05-19 05:39 - 2014-04-25 10:15 - 00602112 _____ () C:\Users\mariab\Documents\Copy of billing spreadsheet 1.xls
2014-05-19 05:39 - 2014-04-16 06:30 - 00002284 ____H () C:\Users\mariab\Documents\Default.rdp
2014-05-19 05:39 - 2013-06-12 11:15 - 00051200 _____ () C:\Users\mariab\Documents\Copy of Scott Unclaimed Funds.xls
2014-05-19 05:39 - 2013-03-19 09:19 - 00450560 _____ () C:\Users\mariab\Documents\Copy of billing spreadsheet (34).xls
2014-05-19 05:39 - 2012-11-26 06:33 - 214021016 _____ (Thomson ReutersTax & Accounting ) C:\Users\mariab\Documents\utdownload_2012_1_0.exe
2014-05-19 05:39 - 2012-07-11 04:20 - 00000855 _____ () C:\Users\mariab\Documents\Downloads.lnk
2014-05-19 05:39 - 2012-02-03 09:02 - 00010444 _____ () C:\Users\mariab\Documents\SCHEDULE A STATE & LOCAL TAXES1.xlsx
2014-05-19 05:39 - 2011-10-10 07:08 - 00001110 _____ () C:\Users\mariab\Documents\CALIBER EXPENSE REPORTS.lnk
2014-05-19 05:39 - 2011-09-27 11:36 - 00030208 _____ () C:\Users\mariab\Documents\3rd quarter payroll canfield.xls
2014-05-19 05:39 - 2011-09-01 08:28 - 00040448 _____ () C:\Users\mariab\Documents\Copy of Econolodge August 11 (2).xls
2014-05-19 05:39 - 2011-09-01 08:27 - 00013977 _____ () C:\Users\mariab\Documents\Econolodge August 11.xls.xlsx
2014-05-19 05:38 - 2014-03-10 13:45 - 439995121 _____ () C:\Users\mariab\Desktop\Boom Boom Pictures.zip
2014-05-19 05:38 - 2013-12-10 05:26 - 00001968 _____ () C:\Users\mariab\Desktop\ProSystem fx Practice Management - Shortcut.lnk
2014-05-19 05:38 - 2013-12-05 12:23 - 00000701 _____ () C:\Users\mariab\Desktop\Scans - Shortcut.lnk
2014-05-19 05:38 - 2013-12-05 12:14 - 00001462 _____ () C:\Users\mariab\Desktop\FileMax.lnk
2014-05-19 05:38 - 2013-12-05 09:46 - 00000846 _____ () C:\Users\mariab\Desktop\fcab - Shortcut.lnk
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 __SHD () C:\Users\mariab\AppData\Local\EmieUserList
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 __SHD () C:\Users\mariab\AppData\Local\EmieSiteList
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\Intuit
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\Intel_Corporation
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\Hightail
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\Downloaded Installations
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\DigitalPersona
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\Adobe
2014-05-19 05:34 - 2014-05-16 04:19 - 00002199 _____ () C:\Users\mariab\AppData\Local\Practice Management.G
2014-05-19 05:34 - 2014-05-16 04:19 - 00000000 _____ () C:\Users\mariab\AppData\Local\Practice Management.G.L
2014-05-19 05:34 - 2014-04-03 08:41 - 00118072 _____ () C:\Users\mariab\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-19 05:34 - 2013-12-05 06:12 - 00000020 ___SH () C:\Users\mariab\ntuser.ini
2014-05-18 23:15 - 2014-05-18 23:15 - 00000000 ____D () C:\FRST
2014-05-15 23:05 - 2014-05-05 20:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-15 23:05 - 2014-05-05 20:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-15 23:05 - 2014-05-05 19:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 23:05 - 2014-05-05 19:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 23:05 - 2014-05-05 19:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-15 23:05 - 2014-05-05 18:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 04:56 - 2014-05-08 22:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-15 04:56 - 2014-05-08 22:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-15 04:56 - 2014-04-11 18:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-05-15 04:56 - 2014-04-11 18:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2014-05-15 04:56 - 2014-04-11 18:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-05-15 04:56 - 2014-04-11 18:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2014-05-15 04:56 - 2014-04-11 18:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2014-05-15 04:56 - 2014-04-11 18:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2014-05-15 04:56 - 2014-04-11 18:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2014-05-15 04:56 - 2014-04-11 18:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 04:56 - 2014-04-11 18:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 04:56 - 2014-03-24 18:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-15 04:56 - 2014-03-24 18:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 04:56 - 2014-03-04 01:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-05-15 04:56 - 2014-03-04 01:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-05-15 04:56 - 2014-03-04 01:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\System32\objsel.dll
2014-05-15 04:56 - 2014-03-04 01:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-05-15 04:56 - 2014-03-04 01:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-05-15 04:56 - 2014-03-04 01:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-05-15 04:56 - 2014-03-04 01:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-05-15 04:56 - 2014-03-04 01:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-05-15 04:56 - 2014-03-04 01:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\wincredprovider.dll
2014-05-15 04:56 - 2014-03-04 01:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-05-15 04:56 - 2014-03-04 01:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\cngprovider.dll
2014-05-15 04:56 - 2014-03-04 01:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\adprovider.dll
2014-05-15 04:56 - 2014-03-04 01:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\capiprovider.dll
2014-05-15 04:56 - 2014-03-04 01:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\dpapiprovider.dll
2014-05-15 04:56 - 2014-03-04 01:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\dimsroam.dll
2014-05-15 04:56 - 2014-03-04 01:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-05-15 04:56 - 2014-03-04 01:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 04:56 - 2014-03-04 01:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 04:56 - 2014-03-04 01:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 04:56 - 2014-03-04 01:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 04:56 - 2014-03-04 01:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 08:11 - 2014-05-12 08:11 - 00001393 _____ () C:\Windows\SysWOW64\ntradminmode.log
2014-05-07 10:07 - 2014-05-15 23:09 - 00000000 ___SD () C:\Windows\System32\CompatTel
 
==================== One Month Modified Files and Folders =======
 
2014-05-19 05:52 - 2013-12-05 06:27 - 00000000 ____D () C:\Users\mariab\Downloads\FMAX-W2K3
2014-05-19 05:52 - 2013-12-05 06:12 - 00000000 ____D () C:\users\mariab
2014-05-19 05:41 - 2014-05-19 05:41 - 00000000 ____D () C:\Users\mariab\Downloads\013680
2014-05-19 05:41 - 2014-05-19 05:41 - 00000000 ____D () C:\Users\mariab\Documents\Video Download Converter
2014-05-19 05:40 - 2014-05-19 05:40 - 00000000 ____D () C:\Users\mariab\Documents\Outlook Files
2014-05-19 05:40 - 2014-05-19 05:40 - 00000000 ____D () C:\Users\mariab\Documents\My Smilebox Creations
2014-05-19 05:39 - 2014-05-19 05:39 - 00000000 ___SD () C:\Users\mariab\Documents\My Data Sources
2014-05-19 05:39 - 2014-05-19 05:39 - 00000000 ___HD () C:\Users\mariab\Documents\hp.system.package.metadata
2014-05-19 05:39 - 2014-05-19 05:39 - 00000000 ____D () C:\Users\mariab\Documents\Mikogo4
2014-05-19 05:39 - 2014-05-19 05:39 - 00000000 ____D () C:\Users\mariab\Documents\Fax
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 __SHD () C:\Users\mariab\AppData\Local\EmieUserList
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 __SHD () C:\Users\mariab\AppData\Local\EmieSiteList
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\Intuit
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\Intel_Corporation
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\Hightail
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\Downloaded Installations
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\DigitalPersona
2014-05-19 05:34 - 2014-05-19 05:34 - 00000000 ____D () C:\Users\mariab\AppData\Local\Adobe
2014-05-18 23:15 - 2014-05-18 23:15 - 00000000 ____D () C:\FRST
2014-05-16 04:22 - 2013-12-04 09:23 - 01430705 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 04:19 - 2014-05-19 05:34 - 00002199 _____ () C:\Users\mariab\AppData\Local\Practice Management.G
2014-05-16 04:19 - 2014-05-19 05:34 - 00000000 _____ () C:\Users\mariab\AppData\Local\Practice Management.G.L
2014-05-16 04:18 - 2013-12-05 05:43 - 00000112 _____ () C:\Windows\System32\config\netlogon.ftl
2014-05-16 00:11 - 2013-11-16 22:06 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-15 23:48 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 23:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 23:18 - 2009-07-13 20:45 - 00016976 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 23:18 - 2009-07-13 20:45 - 00016976 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 23:10 - 2009-07-13 20:51 - 00038366 _____ () C:\Windows\setupact.log
2014-05-15 23:09 - 2014-05-07 10:07 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-05-15 23:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64
2014-05-15 23:07 - 2013-12-04 10:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 23:02 - 2013-12-04 09:37 - 93223848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-05-15 23:02 - 2013-12-04 09:37 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-15 08:01 - 2009-07-13 19:20 - 00000000 ___RD () C:\Program Files (x86)
2014-05-15 05:20 - 2013-11-16 22:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 05:20 - 2013-11-16 22:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 10:04 - 2013-12-18 06:48 - 00000204 _____ () C:\Windows\CSAAPP.INI
2014-05-12 08:13 - 2013-12-10 06:55 - 00000000 ____D () C:\Users\Public\Documents\ntr
2014-05-12 08:11 - 2014-05-12 08:11 - 00001393 _____ () C:\Windows\SysWOW64\ntradminmode.log
2014-05-12 08:11 - 2013-12-10 06:55 - 00000000 ____D () C:\Users\mariab\AppData\Local\ntr
2014-05-08 22:14 - 2014-05-15 04:56 - 00477184 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-08 22:11 - 2014-05-15 04:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-05 20:40 - 2014-05-15 23:05 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-05 20:17 - 2014-05-15 23:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-05 19:25 - 2014-05-15 23:05 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 19:07 - 2014-05-15 23:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 19:00 - 2014-05-15 23:05 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-05 18:10 - 2014-05-15 23:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 05:57 - 2013-12-05 12:15 - 00001253 _____ () C:\Windows\liberty.ini
2014-04-25 10:15 - 2014-05-19 05:39 - 00602112 _____ () C:\Users\mariab\Documents\Copy of billing spreadsheet 1.xls
2014-04-25 09:16 - 2014-05-19 05:41 - 15609805 _____ () C:\Users\mariab\Downloads\BeautifulBlossomsElenaYansupova.themepack
2014-04-18 07:16 - 2014-01-27 13:18 - 00002810 _____ () C:\Users\mariab\AppData\Roaming\QBFileDrTool.log
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\mariab\AppData\Local\Temp\12f47.exe
C:\Users\mariab\AppData\Local\Temp\Abspdf.exe
C:\Users\mariab\AppData\Local\Temp\acfpdfu.dll
C:\Users\mariab\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\mariab\AppData\Local\Temp\acfpdfui.dll
C:\Users\mariab\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\mariab\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\mariab\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\mariab\AppData\Local\Temp\cdintf.dll
C:\Users\mariab\AppData\Local\Temp\ConnectBGDL.exe
C:\Users\mariab\AppData\Local\Temp\InstallAX.exe
C:\Users\mariab\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\mariab\AppData\Local\Temp\MSIZAP.EXE
C:\Users\mariab\AppData\Local\Temp\PDFPRT400.exe
C:\Users\mariab\AppData\Local\Temp\xmllite.dll
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe
[2013-11-16 21:12] - [2013-11-16 21:12] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
 
C:\Windows\System32\winlogon.exe
[2014-05-15 04:56] - [2014-03-04 01:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
 
C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA
 
C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\User32.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
 
C:\Windows\System32\userinit.exe
[2010-11-20 19:24] - [2010-11-20 19:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53
 
C:\Windows\System32\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2013-11-16 21:47] - [2013-11-16 21:47] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B
 
 
==================== Restore Points  =========================
 
Restore point made on: 2014-04-14 23:26:53
Restore point made on: 2014-04-24 04:28:14
Restore point made on: 2014-04-28 22:07:23
Restore point made on: 2014-05-01 23:09:03
Restore point made on: 2014-05-07 03:30:41
Restore point made on: 2014-05-07 10:07:30
Restore point made on: 2014-05-12 23:41:16
Restore point made on: 2014-05-15 23:00:41
Restore point made on: 2014-05-16 11:50:58
Restore point made on: 2014-05-19 05:11:54
Restore point made on: 2014-05-19 05:37:00
Restore point made on: 2014-05-19 05:37:10
Restore point made on: 2014-05-19 05:37:19
Restore point made on: 2014-05-19 05:37:29
Restore point made on: 2014-05-19 05:37:41
Restore point made on: 2014-05-19 05:37:50
Restore point made on: 2014-05-19 05:38:01
Restore point made on: 2014-05-19 05:38:11
Restore point made on: 2014-05-19 05:38:44
Restore point made on: 2014-05-19 05:53:21
Restore point made on: 2014-05-19 06:09:36
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 4007.56 MB
Available physical RAM: 3474.49 MB
Total Pagefile: 4005.84 MB
Available Pagefile: 3477.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.65 MB
 
==================== Drives ================================
 
Drive c: (Windows ) (Fixed) (Total:454.33 GB) (Free:390.65 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:10.33 GB) (Free:1.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
Drive g: (GRMCPRVOL_EN_DVD) (CDROM) (Total:2.24 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:1 GB) (Free:0.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 695BC632)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 0507D7FD)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
 
 
LastRegBack: 2014-05-12 10:10
 
==================== End Of Log ============================

 
 
And list parts:
 

 
ListParts by Farbar Version: 17-04-2014
Ran by SYSTEM (administrator) on 18-05-2014 at 23:18:38
Windows 7 (X86)
Running From: H:\
Language: 0409
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 10%
Total physical RAM: 4007.56 MB
Available physical RAM: 3575.72 MB
Total Pagefile: 4005.84 MB
Available Pagefile: 3580.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.29 MB
 
======================= Partitions =========================
 
1 Drive c: (Windows ) (Fixed) (Total:454.33 GB) (Free:390.65 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:10.33 GB) (Free:1.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
4 Drive g: (GRMCPRVOL_EN_DVD) (CDROM) (Total:2.24 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:1 GB) (Free:0.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online         1928 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 695BC632
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1025 MB  1024 KB
  Partition 2    Primary            454 GB  1026 MB
  Partition 3    Primary             10 GB   455 GB
  Partition 4    Recovery           100 MB   465 GB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition   1025 MB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   Windows      NTFS   Partition    454 GB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   HP_RECOVERY  NTFS   Partition     10 GB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 4
Type  : 27
Hidden: Yes
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   HP_TOOLS     FAT32  Partition    100 MB  Healthy    Hidden  
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 0507D7FD
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1927 MB    31 KB
 
======================================================================================================
 
Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H                FAT    Removable   1927 MB  Healthy            
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 695BC632
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=27)
 
==============================
Partitions of Disk 1:
===============
Disk ID: 0507D7FD
Partition 1: (Active) - (Size=2 GB) - (Type=06)
 
 
****** End Of Log ******

 
Any help would be greatly appreciated.
 
Thanks

Edited by Oh My, 23 May 2014 - 07:45 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 23 May 2014 - 07:44 PM

Greetings tbird2340 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 23 May 2014 - 08:02 PM

Greetings again. I would like to start with this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKU\mariab\...\Run: [hjpxnnvb] => "C:\Users\mariab\AppData\Local\mmrovdcv.exe"
C:\Users\mariab\AppData\Local\mmrovdcv.exe
C:\Users\mariab\AppData\Local\Temp\12f47.exe
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 26 May 2014 - 08:12 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:25 PM

Posted 28 May 2014 - 09:27 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users