Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Asus grey screen downloaded farbar recover scan tool x64


  • This topic is locked This topic is locked
4 replies to this topic

#1 jersey26

jersey26

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 13 August 2014 - 07:41 PM

I am following directions from a google search on your site, here is what i have after my scan, can you tell me what codes to enter now?

 

 
Ran by SYSTEM on MININT-E0HLNKH on 13-08-2014 19:22:53
Running from f:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1654992 2011-10-26] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2011-10-03] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-08-02] (Trend Micro Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [MOMCLIENT] => C:\Program Files (x86)\uniFLOW_Client\momclnt.exe [2484112 2012-10-01] ()
HKLM-x32\...\Run: [Sendori Tray] => "C:\Program Files (x86)\Sendori\SendoriTray.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [767088 2014-08-09] (Webroot)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\jake\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\jake\...\Policies\system: [DisableCMD] 0
HKU\jake\...\Policies\system: [NoDispAppearancePage] 0
HKU\jake\...\Policies\system: [NoDispBackgroundPage] 0
HKU\jake\...\Policies\system: [NoDispSettingsPage] 0
HKU\jake\...\Policies\Explorer: [NoFolderOptions] 0
HKU\jake\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\jake\...\Policies\Explorer: [NoControlPanel] 0
HKU\jake\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\jake\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\jake\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\jake\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\jake\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\jake\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\jake\...\Policies\Explorer: [NoFind] 0
HKU\jake\...\Policies\Explorer: [NoFile] 0
HKU\jake\...\Policies\Explorer: [HideClock] 0
HKU\jake\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\jake\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\jake\...\Policies\Explorer: [NoSetFolders] 0
HKU\jake\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\jake\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\jake\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\jake\...\Policies\Explorer: [NoDFSTab] 0
HKU\jake\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\jake\...\Policies\Explorer: [NoLogoff] 0
HKU\jake\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\jake\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\jake\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\jake\...\Policies\Explorer: [NoResolveSearch] 0
HKU\jake\...\Policies\Explorer: [NoSaveSettings] 0
HKU\jake\...\Policies\Explorer: [NoHardwareTab] 0
HKU\jake\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-03-30] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-03-30] (Symantec Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-02-07] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3250392 2011-04-27] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428976 2011-04-21] (Symantec Corporation)
S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1846592 2011-05-11] (Symantec Corporation)
S3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-08-02] (Trend Micro Inc.)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [767088 2014-08-09] (Webroot)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [X]
S2 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [X]
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [X]
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-07] (AVG Technologies)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-15] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-15] (Symantec Corporation)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [42696 2013-01-19] (AnchorFree Inc.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20121016.009\eng64.sys [126112 2012-09-12] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20121016.009\ex64.sys [2084000 2012-09-12] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [453240 2011-03-08] (Symantec Corporation)
S1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [453240 2011-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482424 2011-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482424 2011-03-08] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32376 2011-03-08] (Symantec Corporation)
S1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32376 2011-03-08] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-08-28] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-19] (Anchorfree Inc.)
S1 Teefer3; C:\Windows\System32\DRIVERS\Teefer3.sys [53880 2011-01-13] (Symantec Corporation)
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-08-10] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-08-10] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-08-10] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-29] (Trend Micro Inc.)
S1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [54392 2011-04-27] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-09-30] (Symantec Corporation)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-08-09] (Webroot)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S0 SR; 
S2 srservice; 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 19:22 - 2014-08-13 19:22 - 00000000 ____D () C:\FRST
2014-08-10 06:58 - 2014-08-10 06:58 - 00000000 _____ () C:\autoexec.bat
2014-08-10 06:57 - 2014-08-10 06:57 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-10 06:56 - 2014-08-10 10:16 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-09 18:45 - 2014-08-09 18:45 - 00002980 _____ () C:\Windows\System32\Tasks\{BE7C8D34-4346-4AE9-AF7E-AE900DD65A55}
2014-08-09 18:33 - 2014-08-10 08:52 - 00000000 ____D () C:\AdwCleaner
2014-08-09 17:07 - 2014-08-09 17:07 - 00003098 _____ () C:\Windows\System32\Tasks\{4DE7E00C-A147-4FAB-B175-5F0644E02178}
2014-08-09 16:59 - 2014-08-10 15:08 - 00000380 _____ () C:\Users\jake\AppData\Roaming\sp_data.sys
2014-08-09 16:21 - 2014-08-09 16:21 - 355442670 _____ () C:\Windows\MEMORY.DMP
2014-08-09 16:21 - 2014-08-09 16:21 - 00262144 _____ () C:\Windows\Minidump\080914-29062-01.dmp
2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Windows\Minidump
2014-08-09 16:10 - 2014-08-13 15:50 - 00000749 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2014-08-09 16:10 - 2014-08-09 16:11 - 00000000 ____D () C:\Users\jake\AppData\Local\lptmp689942640
2014-08-09 16:09 - 2014-08-13 15:14 - 00000000 ____D () C:\ProgramData\WRData
2014-08-09 16:09 - 2014-08-09 16:22 - 00000000 ____D () C:\Program Files\Webroot
2014-08-09 16:09 - 2014-08-09 16:09 - 00154760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-08-09 16:09 - 2014-08-09 16:09 - 00115680 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2014-08-09 16:09 - 2014-08-09 16:09 - 00105320 _____ (Webroot) C:\Windows\System32\WRusr.dll
2014-08-08 13:59 - 2014-08-13 16:02 - 00000288 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-08 13:59 - 2014-08-08 13:59 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-08 13:59 - 2014-08-08 13:59 - 00003224 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-08-08 13:59 - 2014-08-08 13:59 - 00000260 _____ () C:\Users\jake\Desktop\Cut the Rope.url
2014-08-08 13:59 - 2014-08-08 13:59 - 00000000 ____D () C:\Users\jake\AppData\Roaming\WSE_Astromenda
2014-08-08 13:58 - 2014-08-09 16:51 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-08 13:57 - 2014-08-08 13:56 - 00000000 _____ () C:\Users\jake\Downloads\ChromeSetup.exe
2014-08-08 12:44 - 2014-08-08 12:44 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-08-08 12:14 - 2014-08-08 12:14 - 00000000 __SHD () C:\Users\jake\AppData\Local\EmieUserList
2014-08-08 12:14 - 2014-08-08 12:14 - 00000000 __SHD () C:\Users\jake\AppData\Local\EmieSiteList
2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 ____D () C:\Users\jake\AppData\Roaming\AVG
2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 ____D () C:\Users\jake\AppData\Local\AVG
2014-08-07 15:01 - 2014-08-10 17:19 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-07 15:01 - 2014-08-08 03:27 - 00000364 _____ () C:\Windows\Tasks\Open Chrome.job
2014-08-07 15:01 - 2014-08-07 15:03 - 00000000 ____D () C:\ProgramData\AVG
2014-08-07 15:01 - 2014-08-07 15:02 - 14987048 _____ () C:\Users\jake\Downloads\mp3rocket_s.exe
2014-08-07 15:01 - 2014-08-07 15:01 - 00002604 _____ () C:\Windows\System32\Tasks\Open Chrome
2014-08-07 15:00 - 2014-08-07 15:00 - 00050976 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2014-08-07 14:59 - 2014-08-07 14:59 - 00000000 ____D () C:\Users\jake\AppData\Roaming\rmi
2014-08-07 14:34 - 2014-08-07 14:34 - 00000000 ____D () C:\Windows\en
2014-08-07 14:32 - 2014-08-07 14:32 - 00000000 ____D () C:\Windows\fr
2014-08-07 14:32 - 2014-08-07 14:32 - 00000000 ____D () C:\Windows\es
2014-08-07 14:28 - 2014-03-31 18:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2014-08-07 14:27 - 2010-06-02 01:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-08-07 14:27 - 2010-06-02 01:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2014-08-07 14:27 - 2010-06-02 01:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2014-08-07 14:27 - 2010-06-02 01:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-08-07 14:27 - 2010-05-26 08:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2014-08-07 14:27 - 2010-05-26 08:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-08-07 14:26 - 2010-05-26 08:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2014-08-07 14:26 - 2010-05-26 08:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-08-07 14:24 - 2014-08-07 14:24 - 00000000 ___RD () C:\Users\jake\OneDrive
2014-08-07 14:24 - 2014-08-07 14:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-08-07 14:23 - 2014-08-07 14:23 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-07 14:17 - 2014-08-07 14:17 - 01239752 _____ (Microsoft Corporation) C:\Users\jake\Downloads\wlsetup-web.exe
2014-08-07 13:52 - 2014-08-07 14:40 - 00000000 ____D () C:\Users\jake\AppData\Local\Windows Live
2014-08-07 13:52 - 2014-08-07 13:52 - 00000000 ____D () C:\Users\jake\AppData\Local\{5A795F9D-580F-42E7-A7D1-47D79871C278}
2014-08-07 13:51 - 2014-08-07 13:51 - 00000000 ____D () C:\Users\jake\AppData\Local\{305442EC-5C33-4D03-A4C2-A5B473E4BBA0}
2014-08-05 21:10 - 2014-05-30 00:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-08-05 21:10 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-08-05 21:10 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-08-05 21:10 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-08-05 21:10 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-08-05 21:10 - 2014-05-30 00:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-08-05 21:10 - 2014-05-30 00:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-08-05 21:10 - 2014-05-29 23:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-05 21:10 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-05 21:10 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-05 21:10 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-05 21:10 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-05 21:10 - 2014-05-29 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-05 21:10 - 2014-05-29 23:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-05 21:09 - 2014-06-29 18:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-05 21:09 - 2014-06-29 18:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-05 21:09 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-08-05 21:09 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-05 21:09 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-05 21:09 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2014-08-05 21:09 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-05 21:09 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-08-05 21:09 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-08-05 21:09 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-08-05 21:09 - 2014-03-26 06:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-08-05 21:09 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2014-08-05 21:09 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-08-05 21:09 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-05 21:09 - 2014-03-26 06:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-05 21:09 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-05 21:09 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-05 21:08 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-08-05 21:08 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-05 21:08 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-08-05 21:06 - 2014-06-20 12:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-05 21:06 - 2014-06-20 11:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-05 21:06 - 2014-06-18 17:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-05 21:06 - 2014-06-18 17:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-05 21:06 - 2014-06-18 16:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-05 21:06 - 2014-06-18 16:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-05 21:06 - 2014-06-18 16:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-05 21:06 - 2014-06-18 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-05 21:06 - 2014-06-18 16:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-05 21:06 - 2014-06-18 16:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-05 21:06 - 2014-06-18 16:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-05 21:06 - 2014-06-18 16:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-05 21:06 - 2014-06-18 16:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-05 21:06 - 2014-06-18 16:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-05 21:06 - 2014-06-18 16:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-05 21:06 - 2014-06-18 16:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-05 21:06 - 2014-06-18 15:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-05 21:06 - 2014-06-18 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-05 21:06 - 2014-06-18 15:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-05 21:06 - 2014-06-18 15:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-05 21:06 - 2014-06-18 15:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-05 21:06 - 2014-06-18 15:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-05 21:06 - 2014-06-18 15:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-05 21:06 - 2014-06-18 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-05 21:06 - 2014-06-18 15:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-05 21:06 - 2014-06-18 15:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-05 21:06 - 2014-06-18 15:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-05 21:06 - 2014-06-18 15:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-05 21:06 - 2014-06-18 15:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-05 21:06 - 2014-06-18 15:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-05 21:06 - 2014-06-18 15:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-05 21:06 - 2014-06-18 15:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-05 21:06 - 2014-06-18 15:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-05 21:06 - 2014-06-18 15:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-05 21:06 - 2014-06-18 15:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-05 21:06 - 2014-06-18 15:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-05 21:06 - 2014-06-18 15:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-05 21:06 - 2014-06-18 15:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-05 21:06 - 2014-06-18 14:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-05 21:06 - 2014-06-18 14:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-05 21:06 - 2014-06-18 14:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-05 21:06 - 2014-06-18 14:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-05 21:06 - 2014-06-18 14:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-05 21:06 - 2014-06-18 14:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-05 21:06 - 2014-06-18 14:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-05 21:06 - 2014-06-18 14:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-05 21:06 - 2014-06-18 14:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-05 21:06 - 2014-06-18 14:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-05 21:06 - 2014-06-18 14:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-05 21:06 - 2014-06-18 14:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-05 21:06 - 2014-06-18 14:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-05 21:06 - 2014-06-18 14:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-05 21:05 - 2014-06-18 17:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-05 21:05 - 2014-06-18 16:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-05 21:05 - 2014-06-18 16:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-05 21:05 - 2014-06-18 15:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-05 21:05 - 2014-06-05 06:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-08-05 21:05 - 2014-06-05 06:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-05 21:05 - 2014-06-05 06:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 19:22 - 2014-08-13 19:22 - 00000000 ____D () C:\FRST
2014-08-13 16:05 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 16:05 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 16:02 - 2014-08-08 13:59 - 00000288 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-08-13 15:59 - 2012-06-09 13:50 - 01943184 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 15:50 - 2014-08-09 16:10 - 00000749 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2014-08-13 15:50 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 15:50 - 2009-07-13 20:51 - 00066596 _____ () C:\Windows\setupact.log
2014-08-13 15:14 - 2014-08-09 16:09 - 00000000 ____D () C:\ProgramData\WRData
2014-08-13 15:01 - 2013-06-12 20:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-10 17:39 - 2012-03-06 02:27 - 00237244 _____ () C:\Windows\PFRO.log
2014-08-10 17:19 - 2014-08-07 15:01 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-10 17:08 - 2013-12-20 19:51 - 00000000 ____D () C:\Users\jake\AppData\Roaming\Skype
2014-08-10 17:08 - 2013-06-13 21:16 - 00000000 ____D () C:\Users\jake\AppData\Roaming\MP3Rocket
2014-08-10 15:08 - 2014-08-09 16:59 - 00000380 _____ () C:\Users\jake\AppData\Roaming\sp_data.sys
2014-08-10 10:16 - 2014-08-10 06:56 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-10 08:56 - 2012-10-01 20:51 - 00000000 ____D () C:\Users\jake\AppData\Local\Facebook
2014-08-10 08:52 - 2014-08-09 18:33 - 00000000 ____D () C:\AdwCleaner
2014-08-10 06:58 - 2014-08-10 06:58 - 00000000 _____ () C:\autoexec.bat
2014-08-10 06:57 - 2014-08-10 06:57 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-10 06:46 - 2012-08-28 13:24 - 00000000 ___HD () C:\ASUS.DAT
2014-08-10 06:31 - 2012-03-06 02:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-10 06:30 - 2012-08-28 16:06 - 00000000 ____D () C:\Users\jake\AppData\Local\Google
2014-08-09 18:45 - 2014-08-09 18:45 - 00002980 _____ () C:\Windows\System32\Tasks\{BE7C8D34-4346-4AE9-AF7E-AE900DD65A55}
2014-08-09 17:07 - 2014-08-09 17:07 - 00003098 _____ () C:\Windows\System32\Tasks\{4DE7E00C-A147-4FAB-B175-5F0644E02178}
2014-08-09 17:00 - 2012-06-09 14:15 - 00002274 _____ () C:\Windows\System32\AutoRunFilter.ini
2014-08-09 17:00 - 2012-06-09 14:15 - 00001440 _____ () C:\Windows\System32\ServiceFilter.ini
2014-08-09 16:51 - 2014-08-08 13:58 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-09 16:30 - 2013-03-01 00:18 - 00000000 ____D () C:\Program Files (x86)\Sendori
2014-08-09 16:22 - 2014-08-09 16:09 - 00000000 ____D () C:\Program Files\Webroot
2014-08-09 16:21 - 2014-08-09 16:21 - 355442670 _____ () C:\Windows\MEMORY.DMP
2014-08-09 16:21 - 2014-08-09 16:21 - 00262144 _____ () C:\Windows\Minidump\080914-29062-01.dmp
2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Windows\Minidump
2014-08-09 16:11 - 2014-08-09 16:10 - 00000000 ____D () C:\Users\jake\AppData\Local\lptmp689942640
2014-08-09 16:09 - 2014-08-09 16:09 - 00154760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-08-09 16:09 - 2014-08-09 16:09 - 00115680 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2014-08-09 16:09 - 2014-08-09 16:09 - 00105320 _____ (Webroot) C:\Windows\System32\WRusr.dll
2014-08-08 13:59 - 2014-08-08 13:59 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-08 13:59 - 2014-08-08 13:59 - 00003224 _____ () C:\Windows\System32\Tasks\WSE_Astromenda
2014-08-08 13:59 - 2014-08-08 13:59 - 00000260 _____ () C:\Users\jake\Desktop\Cut the Rope.url
2014-08-08 13:59 - 2014-08-08 13:59 - 00000000 ____D () C:\Users\jake\AppData\Roaming\WSE_Astromenda
2014-08-08 13:56 - 2014-08-08 13:57 - 00000000 _____ () C:\Users\jake\Downloads\ChromeSetup.exe
2014-08-08 12:44 - 2014-08-08 12:44 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-08-08 12:44 - 2013-06-12 20:12 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-08 12:44 - 2013-06-12 20:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-08 12:25 - 2012-08-28 13:24 - 00000000 ____D () C:\users\jake
2014-08-08 12:23 - 2012-06-09 14:09 - 00000000 ____D () C:\ProgramData\P4G
2014-08-08 12:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-08-08 12:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-08-08 12:14 - 2014-08-08 12:14 - 00000000 __SHD () C:\Users\jake\AppData\Local\EmieUserList
2014-08-08 12:14 - 2014-08-08 12:14 - 00000000 __SHD () C:\Users\jake\AppData\Local\EmieSiteList
2014-08-08 03:27 - 2014-08-07 15:01 - 00000364 _____ () C:\Windows\Tasks\Open Chrome.job
2014-08-07 15:28 - 2013-06-13 21:47 - 00000000 ____D () C:\Users\jake\Incomplete
2014-08-07 15:03 - 2014-08-07 15:01 - 00000000 ____D () C:\ProgramData\AVG
2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 ____D () C:\Users\jake\AppData\Roaming\AVG
2014-08-07 15:02 - 2014-08-07 15:02 - 00000000 ____D () C:\Users\jake\AppData\Local\AVG
2014-08-07 15:02 - 2014-08-07 15:01 - 14987048 _____ () C:\Users\jake\Downloads\mp3rocket_s.exe
2014-08-07 15:01 - 2014-08-07 15:01 - 00002604 _____ () C:\Windows\System32\Tasks\Open Chrome
2014-08-07 15:00 - 2014-08-07 15:00 - 00050976 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2014-08-07 14:59 - 2014-08-07 14:59 - 00000000 ____D () C:\Users\jake\AppData\Roaming\rmi
2014-08-07 14:42 - 2013-12-20 19:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-07 14:42 - 2013-12-20 19:51 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 14:40 - 2014-08-07 13:52 - 00000000 ____D () C:\Users\jake\AppData\Local\Windows Live
2014-08-07 14:34 - 2014-08-07 14:34 - 00000000 ____D () C:\Windows\en
2014-08-07 14:32 - 2014-08-07 14:32 - 00000000 ____D () C:\Windows\fr
2014-08-07 14:32 - 2014-08-07 14:32 - 00000000 ____D () C:\Windows\es
2014-08-07 14:29 - 2012-03-06 02:52 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-08-07 14:28 - 2012-03-06 02:52 - 00000000 ____D () C:\Program Files\Windows Live
2014-08-07 14:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-07 14:25 - 2012-03-06 02:51 - 00000578 _____ () C:\Windows\DirectX.log
2014-08-07 14:24 - 2014-08-07 14:24 - 00000000 ___RD () C:\Users\jake\OneDrive
2014-08-07 14:24 - 2014-08-07 14:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-08-07 14:23 - 2014-08-07 14:23 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-07 14:17 - 2014-08-07 14:17 - 01239752 _____ (Microsoft Corporation) C:\Users\jake\Downloads\wlsetup-web.exe
2014-08-07 13:55 - 2009-07-13 21:13 - 00798118 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-07 13:52 - 2014-08-07 13:52 - 00000000 ____D () C:\Users\jake\AppData\Local\{5A795F9D-580F-42E7-A7D1-47D79871C278}
2014-08-07 13:51 - 2014-08-07 13:51 - 00000000 ____D () C:\Users\jake\AppData\Local\{305442EC-5C33-4D03-A4C2-A5B473E4BBA0}
2014-08-06 21:05 - 2013-03-20 00:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-06 21:05 - 2013-03-20 00:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-06 21:05 - 2009-07-13 20:45 - 00416688 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-06 21:02 - 2014-05-07 13:49 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-06 21:02 - 2009-07-13 23:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-06 21:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-06 21:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-08-06 00:22 - 2012-09-02 07:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-06 00:16 - 2013-08-16 05:30 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-05 23:49 - 2013-03-01 00:18 - 00000258 __RSH () C:\Users\jake\ntuser.pol
2014-08-05 20:39 - 2013-06-12 20:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-05 20:39 - 2013-03-01 00:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-05 20:39 - 2013-03-01 00:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-05 06:20 - 2013-03-05 00:39 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\jake\AppData\Local\Temp\oi_{1BB5404D-A154-4ABB-AEC8-61B12E2B19A3}.exe
C:\Users\jake\AppData\Local\Temp\SHSetup.exe
C:\Users\jake\AppData\Local\Temp\udmx98bp.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-08-08 03:34:42
Restore point made on: 2014-08-08 03:36:11
Restore point made on: 2014-08-08 03:37:13
Restore point made on: 2014-08-08 03:38:56
Restore point made on: 2014-08-08 03:40:00
Restore point made on: 2014-08-08 03:40:44
Restore point made on: 2014-08-08 03:41:47
Restore point made on: 2014-08-08 12:18:32
Restore point made on: 2014-08-08 12:31:24
Restore point made on: 2014-08-10 06:29:14
Restore point made on: 2014-08-10 06:56:52
Restore point made on: 2014-08-10 09:04:36
Restore point made on: 2014-08-10 09:06:56
Restore point made on: 2014-08-10 10:13:28
Restore point made on: 2014-08-10 10:15:49
Restore point made on: 2014-08-10 12:17:26
Restore point made on: 2014-08-10 12:20:10
Restore point made on: 2014-08-10 15:09:49
 
==================== Memory info =========================== 
 
Percentage of memory in use: 25%
Total physical RAM: 1952.13 MB
Available physical RAM: 1462.56 MB
Total Pagefile: 1952.13 MB
Available Pagefile: 1453.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:121.62 GB) (Free:72.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:151.47 GB) (Free:151.38 GB) NTFS
Drive f: () (Removable) (Total:3.74 GB) (Free:3.65 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 5BE4A3F9)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=122 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2013-10-19 10:00
 
==================== End Of Log ============================

Edited by hamluis, 14 August 2014 - 03:10 PM.
Moved from Internal Hardware to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 18 August 2014 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/544345 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 PM

Posted 18 August 2014 - 07:58 PM

Greetings jersey26 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I would like you to provide additional information like what you were doing when the system became unbootable and the date this happened. Any other relevant information you might have would be helpful.

Please run the following for me.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive.

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [X]
S2 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [X]
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [X]
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S0 SR; 
S2 srservice; 
C:\Users\jake\AppData\Local\Temp\oi_{1BB5404D-A154-4ABB-AEC8-61B12E2B19A3}.exe
C:\Users\jake\AppData\Local\Temp\SHSetup.exe
C:\Users\jake\AppData\Local\Temp\udmx98bp.dll
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool

----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:

Option #2

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

Option #3

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next

----------

Running Farbar's Recovery Scan Tool in System Recovery

  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
  • Attempt to reboot your computer into Normal (or Safe) Mode and check the performance
  • If you are able to boot, rerun FRST making sure to place a check mark in Addition.txt

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Does your computer boot properly?
  • FRST report(s)

Edited by Oh My!, 18 August 2014 - 07:59 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 PM

Posted 21 August 2014 - 09:17 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:54 PM

Posted 23 August 2014 - 08:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users