Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Malware issue FRST log included.


  • This topic is locked This topic is locked
10 replies to this topic

#1 chrisbrown0804

chrisbrown0804

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 12 January 2016 - 06:46 PM

This appears to be a similar flavor of malware that I've seen you guys deal with before. I ended up here because I googled the Problem signature 01 6.1.7600.16385 found in this post http://www.bleepingcomputer.com/forums/t/448339/windows-failed-to-start-system-repair-cant-discover-problem/ 

I've already used the command line ultilties mentioned in the above post and just like for the original poster it didn't seem to help.

I've attempted to restore the important boot files while following the issues that other people have had here to no avail. 

 

The files on the hard drive appear to be intact, but all of the repair utilities swear there is no Os on the drive.

 

Here is my FRST log. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by SYSTEM on MININT-ERODQNU (11-01-2016 21:08:43)
Running from f:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => "C:\Windows\system32\igfxtray.exe"
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900120 2012-04-23] (Sophos Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Jonathan\...\Run: [HP Officejet Pro X576dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\Jonathan\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218224 2016-01-11] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [221808 2016-01-11] (Sophos Limited)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-21] (Intel Corporation)
S2 KDService; C:\Program Files\KDService\bin\KDService.exe [441856 2013-10-24] (KYOCERA Document Solutions Inc.)
S2 labvnc; C:\Windows\LTsvc\labvnc.exe [1640736 2015-11-20] (LabTech)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-12-07] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-12-07] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
S2 LTService; C:\Windows\LTSvc\LTSVC.exe [1723184 2015-01-27] (LabTech Software)
S2 LTSvcMon; C:\Windows\LTsvc\LTSvcMon.exe [144176 2015-11-20] (LabTech Software)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216600 2016-01-11] (Sophos Limited)
S2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2016-01-11] (Sophos Limited)
S2 ScreenConnect Client (24f817951c473ef8); C:\Program Files (x86)\ScreenConnect Client (24f817951c473ef8)\ScreenConnect.ClientService.exe [34272 2015-06-17] (Elsinore Technologies, Inc.)
S2 ScreenConnect Client (4c70b70f756f7b32); C:\Program Files (x86)\ScreenConnect Client (4c70b70f756f7b32)\ScreenConnect.ClientService.exe [35808 2015-09-29] (ScreenConnect Software)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [282624 2016-01-11] (Sophos Limited)
S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232472 2012-04-23] (Sophos Limited)
S2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [806912 2016-01-11] (Sophos Limited)
S2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2016-01-11] (Sophos Limited)
S2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2862656 2016-01-11] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2009152 2016-01-11] (Sophos Limited)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-08] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S2 secdrv; no ImagePath
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S0 ACPI; system32\drivers\ACPI.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\drivers\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\drivers\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\drivers\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\drivers\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\drivers\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\drivers\amdsbs.sys [X]
S0 amdxata; system32\drivers\amdxata.sys [X]
S3 arc; \SystemRoot\system32\drivers\arc.sys [X]
S3 arcsas; \SystemRoot\system32\drivers\arcsas.sys [X]
S0 atapi; system32\drivers\atapi.sys [X]
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [X]
S1 blbdrive; system32\DRIVERS\blbdrive.sys [X]
S3 BrFiltLo; \SystemRoot\system32\drivers\BrFiltLo.sys [X]
S3 BrFiltUp; \SystemRoot\system32\drivers\BrFiltUp.sys [X]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]
S3 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [X]
S1 cdrom; system32\DRIVERS\cdrom.sys [X]
S3 circlass; \SystemRoot\system32\drivers\circlass.sys [X]
S3 CmBatt; \SystemRoot\system32\drivers\CmBatt.sys [X]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [X]
S3 Compbatt; \SystemRoot\system32\drivers\compbatt.sys [X]
S3 CompositeBus; system32\DRIVERS\CompositeBus.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S4 crcdisk; \SystemRoot\system32\drivers\crcdisk.sys [X]
S0 Disk; system32\drivers\disk.sys [X]
S3 dmvsc; \SystemRoot\system32\drivers\dmvsc.sys [X]
S3 drmkaud; system32\drivers\drmkaud.sys [X]
S3 ebdrv; \SystemRoot\system32\drivers\evbda.sys [X]
S3 elxstor; \SystemRoot\system32\drivers\elxstor.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S3 fdc; \SystemRoot\system32\drivers\fdc.sys [X]
S3 flpydisk; \SystemRoot\system32\drivers\flpydisk.sys [X]
S3 gagp30kx; \SystemRoot\system32\drivers\gagp30kx.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X]
S3 HidBatt; \SystemRoot\system32\drivers\HidBatt.sys [X]
S3 HidBth; \SystemRoot\system32\drivers\hidbth.sys [X]
S3 HidIr; \SystemRoot\system32\drivers\hidir.sys [X]
S3 HidUsb; system32\DRIVERS\hidusb.sys [X]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [X]
S3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [X]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
S3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 iirsp; \SystemRoot\system32\drivers\iirsp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTDVHD64.sys [X]
S3 IntcDAud; system32\DRIVERS\IntcDAud.sys [X]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [X]
S3 intelppm; system32\DRIVERS\intelppm.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [X]
S0 iusb3hcs; system32\DRIVERS\iusb3hcs.sys [X]
S3 iusb3hub; system32\DRIVERS\iusb3hub.sys [X]
S3 iusb3xhc; system32\DRIVERS\iusb3xhc.sys [X]
S3 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S3 kbdhid; system32\DRIVERS\kbdhid.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [X]
S3 LSI_FC; \SystemRoot\system32\drivers\lsi_fc.sys [X]
S3 LSI_SAS; \SystemRoot\system32\drivers\lsi_sas.sys [X]
S3 LSI_SAS2; \SystemRoot\system32\drivers\lsi_sas2.sys [X]
S3 LSI_SCSI; \SystemRoot\system32\drivers\lsi_scsi.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 megasas; \SystemRoot\system32\drivers\megasas.sys [X]
S3 MegaSR; \SystemRoot\system32\drivers\MegaSR.sys [X]
S3 MEIx64; system32\DRIVERS\TeeDriverx64.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S3 mouclass; system32\DRIVERS\mouclass.sys [X]
S3 mouhid; system32\DRIVERS\mouhid.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S0 msahci; system32\drivers\msahci.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S1 mssmbios; system32\DRIVERS\mssmbios.sys [X]
S3 MTConfig; \SystemRoot\system32\drivers\MTConfig.sys [X]
S3 netvsc; system32\DRIVERS\netvsc60.sys [X]
S3 nfrd960; \SystemRoot\system32\drivers\nfrd960.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [X]
S3 Parport; \SystemRoot\system32\drivers\parport.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S3 pciide; \SystemRoot\system32\drivers\pciide.sys [X]
S3 pcmcia; \SystemRoot\system32\drivers\pcmcia.sys [X]
S3 Processor; \SystemRoot\system32\drivers\processr.sys [X]
S3 ql2300; \SystemRoot\system32\drivers\ql2300.sys [X]
S3 ql40xx; \SystemRoot\system32\drivers\ql40xx.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]
S3 rdpbus; system32\DRIVERS\rdpbus.sys [X]
S3 RTL8167; system32\DRIVERS\Rt64win7.sys [X]
S3 s3cap; \SystemRoot\system32\drivers\vms3cap.sys [X]
S1 SAVOnAccess; system32\DRIVERS\savonaccess.sys [X]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [X]
S3 sdbus; \SystemRoot\system32\drivers\sdbus.sys [X]
S3 sdcfilter; system32\DRIVERS\sdcfilter.sys [X]
S3 Serenum; \SystemRoot\system32\drivers\serenum.sys [X]
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
S3 sermouse; \SystemRoot\system32\drivers\sermouse.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 sfloppy; \SystemRoot\system32\drivers\sfloppy.sys [X]
S3 SiSRaid2; \SystemRoot\system32\drivers\SiSRaid2.sys [X]
S3 SiSRaid4; \SystemRoot\system32\drivers\sisraid4.sys [X]
S4 SophosBootDriver; system32\DRIVERS\SophosBootDriver.sys [X]
S3 stexstor; \SystemRoot\system32\drivers\stexstor.sys [X]
S3 StillCam; system32\DRIVERS\serscan.sys [X]
S3 storvsc; \SystemRoot\system32\drivers\storvsc.sys [X]
S3 swenum; system32\DRIVERS\swenum.sys [X]
S3 SynthVid; system32\DRIVERS\VMBusVideoM.sys [X]
S1 TermDD; system32\DRIVERS\termdd.sys [X]
S3 TsUsbGD; \SystemRoot\system32\drivers\TsUsbGD.sys [X]
S3 uagp35; \SystemRoot\system32\drivers\uagp35.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
S3 umbus; system32\DRIVERS\umbus.sys [X]
S3 UmPass; \SystemRoot\system32\drivers\umpass.sys [X]
S3 usbccgp; system32\DRIVERS\usbccgp.sys [X]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [X]
S3 usbehci; system32\DRIVERS\usbehci.sys [X]
S3 usbhub; system32\DRIVERS\usbhub.sys [X]
S3 usbohci; \SystemRoot\system32\drivers\usbohci.sys [X]
S3 usbprint; system32\DRIVERS\usbprint.sys [X]
S3 usbscan; system32\DRIVERS\usbscan.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S3 usbuhci; \SystemRoot\system32\drivers\usbuhci.sys [X]
S0 vdrvroot; system32\drivers\vdrvroot.sys [X]
S3 vga; system32\DRIVERS\vgapnp.sys [X]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [X]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [X]
S3 VMBusHID; \SystemRoot\system32\drivers\VMBusHID.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S0 volsnap; system32\drivers\volsnap.sys [X]
S3 vsmraid; \SystemRoot\system32\drivers\vsmraid.sys [X]
S3 WacomPen; \SystemRoot\system32\drivers\wacompen.sys [X]
S4 warpview; no ImagePath
S3 Wd; \SystemRoot\system32\drivers\wd.sys [X]
S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [X]
S3 WSDPrintDevice; system32\DRIVERS\WSDPrint.sys [X]
S3 WSDScan; system32\DRIVERS\WSDScan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-11 21:08 - 2016-01-11 21:08 - 00000000 ____D C:\FRST
2016-01-11 10:13 - 2016-01-11 10:13 - 00000000 ____D C:\Windows\System32\NgBase
2016-01-11 09:03 - 2016-01-11 09:57 - 00000542 _____ C:\Windows\Tasks\Thursday.job
2016-01-11 08:19 - 2016-01-11 08:21 - 00000000 ____D C:\ProgramData\Sophos
2016-01-11 08:18 - 2016-01-11 08:20 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-01-11 07:49 - 2016-01-11 07:49 - 101109059 ____N (Igor Pavlov) C:\Users\Jonathan\Desktop\SophosEndpoint10.exe
2016-01-06 08:10 - 2015-07-28 15:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-01-06 08:07 - 2016-01-06 08:07 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-06 08:06 - 2016-01-06 08:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-06 08:06 - 2016-01-06 08:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-06 08:04 - 2016-01-06 08:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jonathan\Downloads\spybot-2.4.exe
2016-01-06 07:21 - 2016-01-06 07:21 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-06 07:21 - 2016-01-06 07:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-06 07:21 - 2016-01-06 07:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-06 07:20 - 2016-01-06 07:21 - 22908888 _____ (Malwarebytes ) C:\Users\Jonathan\Downloads\mbam-setup-2.2.0.1024 (1).exe
2016-01-06 07:20 - 2016-01-06 07:20 - 22908888 _____ (Malwarebytes ) C:\Users\Jonathan\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-21 19:47 - 2016-01-06 07:50 - 00000000 ____D C:\ProgramData\Browser
2015-12-21 14:22 - 2015-12-21 14:22 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CEF
2015-12-21 11:42 - 2015-12-21 11:42 - 00000000 ____D C:\ProgramData\8c042848-2903-1
2015-12-21 11:42 - 2015-12-21 11:42 - 00000000 ____D C:\ProgramData\8c042848-06c1-0
2015-12-21 11:41 - 2015-12-21 11:41 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Setup Wizard
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-11 10:13 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\SMI
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Msdtc
2016-01-11 10:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2016-01-11 10:02 - 2015-03-06 10:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-11 10:02 - 2014-04-23 16:13 - 00000000 ____D C:\Scans
2016-01-11 10:00 - 2015-11-20 10:34 - 00003072 _____ C:\Datacollectors.db
2016-01-11 09:59 - 2015-11-20 08:38 - 00000000 ____D C:\Windows\LTSvc
2016-01-11 09:57 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-11 09:25 - 2015-03-06 10:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-11 07:47 - 2014-02-07 12:16 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-11 07:47 - 2014-02-07 12:16 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-11 07:39 - 2014-04-23 16:16 - 00000000 ____D C:\ProgramData\LogMeIn
2016-01-11 07:36 - 2015-05-12 11:42 - 00000000 ____D C:\Program Files\Google
2016-01-11 07:36 - 2015-01-28 08:12 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-06 08:58 - 2015-01-28 08:12 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Google
2016-01-06 08:10 - 2015-07-29 01:03 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-06 08:08 - 2015-07-23 12:55 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-01-06 07:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-06 07:27 - 2015-03-06 11:00 - 00002399 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-06 06:31 - 2015-01-20 07:24 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CrashDumps
2016-01-04 06:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-21 11:41 - 2014-04-23 16:43 - 00001585 _____ C:\Users\Jonathan\Desktop\Internet Explorer.lnk
2015-12-21 11:41 - 2014-04-23 16:10 - 00000000 ____D C:\Users\Jonathan\Desktop\Old Desktop
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 49%
Total physical RAM: 1013.61 MB
Available physical RAM: 507.03 MB
Total Virtual: 1013.61 MB
Available Virtual: 494.76 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.04 GB) (Free:423.35 GB) NTFS
Drive e: (GSP1RMCPRXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive f: (USB) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:10.69 GB) (Free:3.19 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 95B449CA)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 5163262B)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0E)
 
 
LastRegBack: 2016-01-11 08:36
 
==================== End of FRST.txt ============================

Edited by chrisbrown0804, 12 January 2016 - 07:01 PM.


BC AdBot (Login to Remove)

 


#2 chrisbrown0804

chrisbrown0804
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 12 January 2016 - 06:49 PM

Also here is the body of my bcd.txt

 

 

Microsoft Windows [Version 6.1.7601]
 
 
x:\sources\recovery>?
'?' is not recognized as an internal or external command,
operable program or batch file.
 
x:\sources\recovery>
x:\sources\recovery>bcdedit /enum
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {59c68df5-90b5-11e3-81e3-c81f664b9006}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {59c68df5-90b5-11e3-81e3-c81f664b9006}
nx                      OptIn
 
x:\sources\recovery>diskpart
 
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: MININT-T7MUHD8
 
DISKPART> list volume
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0         W7SP1_PROFE  UDF    DVD-ROM     5359 MB  Healthy
  Volume 1     D   RECOVERY     NTFS   Partition     10 GB  Healthy
  Volume 2     C   OS           NTFS   Partition    455 GB  Healthy
  Volume 3     G   USB          FAT    Removable   1919 MB  Healthy
  Volume 4     F                FAT    Partition     39 MB  Healthy    Hidden
 
DISKPART>


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:13 AM

Posted 13 January 2016 - 02:32 PM

Hello 

chrisbrown0804

 

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

[xcode]
LastRegBack: 2016-01-11 08:36
[x/code]

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Let me know if the machine will boot after this fix.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 chrisbrown0804

chrisbrown0804
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 13 January 2016 - 03:10 PM

I've accomplished this, but sadly the Machine will still not boot. Here is the log.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by SYSTEM (2016-01-13 15:08:05) Run:2
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
[xcode]
LastRegBack: 2016-01-11 08:36
[x/code]
*****************
 
[xcode] => Error: No automatic fix found for this entry.
DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up
[x/code] => Error: No automatic fix found for this entry.
 
==== End of Fixlog 15:08:10 ====


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:13 AM

Posted 13 January 2016 - 03:18 PM

Please run FRST like you did the first time you ran it. Then post the new FRST.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 chrisbrown0804

chrisbrown0804
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 13 January 2016 - 03:25 PM

Here you go. Thanks again for the help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by SYSTEM on MININT-11RSKR2 (13-01-2016 15:24:52)
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => "C:\Windows\system32\igfxtray.exe"
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-29] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900120 2012-04-23] (Sophos Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Jonathan\...\Run: [HP Officejet Pro X576dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\Jonathan\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218224 2016-01-11] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [221808 2016-01-11] (Sophos Limited)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-29] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-29] (Avast Software)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-21] (Intel Corporation)
S2 KDService; C:\Program Files\KDService\bin\KDService.exe [441856 2013-10-24] (KYOCERA Document Solutions Inc.)
S2 labvnc; C:\Windows\LTsvc\labvnc.exe [1640736 2015-11-20] (LabTech)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-12-07] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-12-07] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
S2 LTService; C:\Windows\LTSvc\LTSVC.exe [1723184 2015-01-27] (LabTech Software)
S2 LTSvcMon; C:\Windows\LTsvc\LTSvcMon.exe [144176 2015-11-20] (LabTech Software)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216600 2016-01-11] (Sophos Limited)
S2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2016-01-11] (Sophos Limited)
S2 ScreenConnect Client (24f817951c473ef8); C:\Program Files (x86)\ScreenConnect Client (24f817951c473ef8)\ScreenConnect.ClientService.exe [34272 2015-06-17] (Elsinore Technologies, Inc.)
S2 ScreenConnect Client (4c70b70f756f7b32); C:\Program Files (x86)\ScreenConnect Client (4c70b70f756f7b32)\ScreenConnect.ClientService.exe [35808 2015-09-29] (ScreenConnect Software)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [282624 2016-01-11] (Sophos Limited)
S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232472 2012-04-23] (Sophos Limited)
S2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [806912 2016-01-11] (Sophos Limited)
S2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2016-01-11] (Sophos Limited)
S2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2862656 2016-01-11] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2009152 2016-01-11] (Sophos Limited)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-08] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 aswRvrt; no ImagePath
S0 aswVmm; no ImagePath
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S2 secdrv; no ImagePath
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-29] (Avast Software)
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S0 ACPI; system32\drivers\ACPI.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\drivers\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\drivers\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\drivers\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\drivers\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\drivers\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\drivers\amdsbs.sys [X]
S0 amdxata; system32\drivers\amdxata.sys [X]
S3 arc; \SystemRoot\system32\drivers\arc.sys [X]
S3 arcsas; \SystemRoot\system32\drivers\arcsas.sys [X]
S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X]
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X]
S0 atapi; system32\drivers\atapi.sys [X]
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [X]
S1 blbdrive; system32\DRIVERS\blbdrive.sys [X]
S3 BrFiltLo; \SystemRoot\system32\drivers\BrFiltLo.sys [X]
S3 BrFiltUp; \SystemRoot\system32\drivers\BrFiltUp.sys [X]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]
S3 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [X]
S1 cdrom; system32\DRIVERS\cdrom.sys [X]
S3 circlass; \SystemRoot\system32\drivers\circlass.sys [X]
S3 CmBatt; \SystemRoot\system32\drivers\CmBatt.sys [X]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [X]
S3 Compbatt; \SystemRoot\system32\drivers\compbatt.sys [X]
S3 CompositeBus; system32\DRIVERS\CompositeBus.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S4 crcdisk; \SystemRoot\system32\drivers\crcdisk.sys [X]
S0 Disk; system32\drivers\disk.sys [X]
S3 dmvsc; \SystemRoot\system32\drivers\dmvsc.sys [X]
S3 drmkaud; system32\drivers\drmkaud.sys [X]
S3 ebdrv; \SystemRoot\system32\drivers\evbda.sys [X]
S3 elxstor; \SystemRoot\system32\drivers\elxstor.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S3 fdc; \SystemRoot\system32\drivers\fdc.sys [X]
S3 flpydisk; \SystemRoot\system32\drivers\flpydisk.sys [X]
S3 gagp30kx; \SystemRoot\system32\drivers\gagp30kx.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X]
S3 HidBatt; \SystemRoot\system32\drivers\HidBatt.sys [X]
S3 HidBth; \SystemRoot\system32\drivers\hidbth.sys [X]
S3 HidIr; \SystemRoot\system32\drivers\hidir.sys [X]
S3 HidUsb; system32\DRIVERS\hidusb.sys [X]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [X]
S3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [X]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
S3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 iirsp; \SystemRoot\system32\drivers\iirsp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTDVHD64.sys [X]
S3 IntcDAud; system32\DRIVERS\IntcDAud.sys [X]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [X]
S3 intelppm; system32\DRIVERS\intelppm.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [X]
S0 iusb3hcs; system32\DRIVERS\iusb3hcs.sys [X]
S3 iusb3hub; system32\DRIVERS\iusb3hub.sys [X]
S3 iusb3xhc; system32\DRIVERS\iusb3xhc.sys [X]
S3 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S3 kbdhid; system32\DRIVERS\kbdhid.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [X]
S3 LSI_FC; \SystemRoot\system32\drivers\lsi_fc.sys [X]
S3 LSI_SAS; \SystemRoot\system32\drivers\lsi_sas.sys [X]
S3 LSI_SAS2; \SystemRoot\system32\drivers\lsi_sas2.sys [X]
S3 LSI_SCSI; \SystemRoot\system32\drivers\lsi_scsi.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 megasas; \SystemRoot\system32\drivers\megasas.sys [X]
S3 MegaSR; \SystemRoot\system32\drivers\MegaSR.sys [X]
S3 MEIx64; system32\DRIVERS\TeeDriverx64.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S3 mouclass; system32\DRIVERS\mouclass.sys [X]
S3 mouhid; system32\DRIVERS\mouhid.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S0 msahci; system32\drivers\msahci.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S1 mssmbios; system32\DRIVERS\mssmbios.sys [X]
S3 MTConfig; \SystemRoot\system32\drivers\MTConfig.sys [X]
S3 netvsc; system32\DRIVERS\netvsc60.sys [X]
S3 nfrd960; \SystemRoot\system32\drivers\nfrd960.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [X]
S3 Parport; \SystemRoot\system32\drivers\parport.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S3 pciide; \SystemRoot\system32\drivers\pciide.sys [X]
S3 pcmcia; \SystemRoot\system32\drivers\pcmcia.sys [X]
S3 Processor; \SystemRoot\system32\drivers\processr.sys [X]
S3 ql2300; \SystemRoot\system32\drivers\ql2300.sys [X]
S3 ql40xx; \SystemRoot\system32\drivers\ql40xx.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]
S3 rdpbus; system32\DRIVERS\rdpbus.sys [X]
S3 RTL8167; system32\DRIVERS\Rt64win7.sys [X]
S3 s3cap; \SystemRoot\system32\drivers\vms3cap.sys [X]
S1 SAVOnAccess; system32\DRIVERS\savonaccess.sys [X]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [X]
S3 sdbus; \SystemRoot\system32\drivers\sdbus.sys [X]
S3 sdcfilter; system32\DRIVERS\sdcfilter.sys [X]
S3 Serenum; \SystemRoot\system32\drivers\serenum.sys [X]
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
S3 sermouse; \SystemRoot\system32\drivers\sermouse.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 sfloppy; \SystemRoot\system32\drivers\sfloppy.sys [X]
S3 SiSRaid2; \SystemRoot\system32\drivers\SiSRaid2.sys [X]
S3 SiSRaid4; \SystemRoot\system32\drivers\sisraid4.sys [X]
S4 SophosBootDriver; system32\DRIVERS\SophosBootDriver.sys [X]
S3 stexstor; \SystemRoot\system32\drivers\stexstor.sys [X]
S3 StillCam; system32\DRIVERS\serscan.sys [X]
S3 storvsc; \SystemRoot\system32\drivers\storvsc.sys [X]
S3 swenum; system32\DRIVERS\swenum.sys [X]
S3 SynthVid; system32\DRIVERS\VMBusVideoM.sys [X]
S1 TermDD; system32\DRIVERS\termdd.sys [X]
S3 TsUsbGD; \SystemRoot\system32\drivers\TsUsbGD.sys [X]
S3 uagp35; \SystemRoot\system32\drivers\uagp35.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
S3 umbus; system32\DRIVERS\umbus.sys [X]
S3 UmPass; \SystemRoot\system32\drivers\umpass.sys [X]
S3 usbccgp; system32\DRIVERS\usbccgp.sys [X]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [X]
S3 usbehci; system32\DRIVERS\usbehci.sys [X]
S3 usbhub; system32\DRIVERS\usbhub.sys [X]
S3 usbohci; \SystemRoot\system32\drivers\usbohci.sys [X]
S3 usbprint; system32\DRIVERS\usbprint.sys [X]
S3 usbscan; system32\DRIVERS\usbscan.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S3 usbuhci; \SystemRoot\system32\drivers\usbuhci.sys [X]
S0 vdrvroot; system32\drivers\vdrvroot.sys [X]
S3 vga; system32\DRIVERS\vgapnp.sys [X]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [X]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [X]
S3 VMBusHID; \SystemRoot\system32\drivers\VMBusHID.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S0 volsnap; system32\drivers\volsnap.sys [X]
S3 vsmraid; \SystemRoot\system32\drivers\vsmraid.sys [X]
S3 WacomPen; \SystemRoot\system32\drivers\wacompen.sys [X]
S4 warpview; no ImagePath
S3 Wd; \SystemRoot\system32\drivers\wd.sys [X]
S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [X]
S3 WSDPrintDevice; system32\DRIVERS\WSDPrint.sys [X]
S3 WSDScan; system32\DRIVERS\WSDScan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-13 15:08 - 2016-01-13 15:08 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2016-01-11 21:08 - 2016-01-13 15:24 - 00000000 ____D C:\FRST
2016-01-11 10:13 - 2016-01-11 10:13 - 00000000 ____D C:\Windows\System32\NgBase
2016-01-11 09:03 - 2016-01-11 09:57 - 00000542 _____ C:\Windows\Tasks\Thursday.job
2016-01-11 08:19 - 2016-01-11 08:21 - 00000000 ____D C:\ProgramData\Sophos
2016-01-11 08:18 - 2016-01-11 08:20 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-01-11 07:49 - 2016-01-11 07:49 - 101109059 ____N (Igor Pavlov) C:\Users\Jonathan\Desktop\SophosEndpoint10.exe
2016-01-06 08:10 - 2015-07-28 15:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-01-06 08:10 - 2015-07-28 15:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\ProgramData\Desktop\Post Win10 Spybot-install.exe
2016-01-06 08:07 - 2016-01-06 08:07 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-06 08:07 - 2016-01-06 08:07 - 00001385 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2016-01-06 08:06 - 2016-01-06 08:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-06 08:06 - 2016-01-06 08:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-06 08:04 - 2016-01-06 08:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jonathan\Downloads\spybot-2.4.exe
2016-01-06 07:21 - 2016-01-06 07:21 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-06 07:21 - 2016-01-06 07:21 - 00001108 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-06 07:21 - 2016-01-06 07:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-06 07:21 - 2016-01-06 07:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-06 07:20 - 2016-01-06 07:21 - 22908888 _____ (Malwarebytes ) C:\Users\Jonathan\Downloads\mbam-setup-2.2.0.1024 (1).exe
2016-01-06 07:20 - 2016-01-06 07:20 - 22908888 _____ (Malwarebytes ) C:\Users\Jonathan\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-21 19:47 - 2016-01-06 07:50 - 00000000 ____D C:\ProgramData\Browser
2015-12-21 14:22 - 2015-12-21 14:22 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CEF
2015-12-21 11:42 - 2015-12-21 11:42 - 00000000 ____D C:\ProgramData\8c042848-2903-1
2015-12-21 11:42 - 2015-12-21 11:42 - 00000000 ____D C:\ProgramData\8c042848-06c1-0
2015-12-21 11:41 - 2015-12-21 11:41 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Setup Wizard
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-11 10:13 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\SMI
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Msdtc
2016-01-11 10:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2016-01-11 10:02 - 2015-03-06 10:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-11 10:02 - 2014-04-23 16:13 - 00000000 ____D C:\Scans
2016-01-11 10:00 - 2015-11-20 10:34 - 00003072 _____ C:\Datacollectors.db
2016-01-11 09:59 - 2015-11-20 08:38 - 00000000 ____D C:\Windows\LTSvc
2016-01-11 09:57 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-11 09:25 - 2015-03-06 10:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-11 07:47 - 2014-02-07 12:16 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-11 07:47 - 2014-02-07 12:16 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-11 07:39 - 2014-04-23 16:16 - 00000000 ____D C:\ProgramData\LogMeIn
2016-01-11 07:36 - 2015-05-12 11:42 - 00000000 ____D C:\Program Files\Google
2016-01-11 07:36 - 2015-01-28 08:12 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-06 08:58 - 2015-01-28 08:12 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Google
2016-01-06 08:10 - 2015-07-29 01:03 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-06 08:08 - 2015-07-23 12:55 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-01-06 07:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-06 07:27 - 2015-03-06 11:00 - 00002399 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-06 07:27 - 2015-03-06 11:00 - 00002399 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2016-01-06 06:31 - 2015-01-20 07:24 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CrashDumps
2016-01-04 06:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-21 11:41 - 2014-04-23 16:43 - 00001585 _____ C:\Users\Jonathan\Desktop\Internet Explorer.lnk
2015-12-21 11:41 - 2014-04-23 16:10 - 00000000 ____D C:\Users\Jonathan\Desktop\Old Desktop
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 47%
Total physical RAM: 1013.61 MB
Available physical RAM: 535.45 MB
Total Virtual: 1013.61 MB
Available Virtual: 528.64 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.04 GB) (Free:423.27 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:10.69 GB) (Free:3.19 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT
Drive g: (USB) (Removable) (Total:1.87 GB) (Free:1.83 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 95B449CA)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 5163262B)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0E)
 
 
LastRegBack: 2016-01-11 08:36
 
==================== End of FRST.txt ============================


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:13 AM

Posted 13 January 2016 - 03:29 PM

Hi from the recovery console select Command Prompt

At the prompt type the following command and press enter :

chkdsk c: /r

Wait for it to complete and then try a normal boot

If that fails then run an FRST scan again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 chrisbrown0804

chrisbrown0804
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 13 January 2016 - 05:22 PM

I ran checkdisk again. It completed, but I still cannot normal boot into windows. Here is my new FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by SYSTEM on MININT-T7JKS39 (13-01-2016 17:21:30)
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => "C:\Windows\system32\igfxtray.exe"
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-29] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [900120 2012-04-23] (Sophos Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Jonathan\...\Run: [HP Officejet Pro X576dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\Jonathan\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [218224 2016-01-11] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [221808 2016-01-11] (Sophos Limited)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-29] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-29] (Avast Software)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-21] (Intel Corporation)
S2 KDService; C:\Program Files\KDService\bin\KDService.exe [441856 2013-10-24] (KYOCERA Document Solutions Inc.)
S2 labvnc; C:\Windows\LTsvc\labvnc.exe [1640736 2015-11-20] (LabTech)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-12-07] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-12-07] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
S2 LTService; C:\Windows\LTSvc\LTSVC.exe [1723184 2015-01-27] (LabTech Software)
S2 LTSvcMon; C:\Windows\LTsvc\LTSvcMon.exe [144176 2015-11-20] (LabTech Software)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216600 2016-01-11] (Sophos Limited)
S2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [139840 2016-01-11] (Sophos Limited)
S2 ScreenConnect Client (24f817951c473ef8); C:\Program Files (x86)\ScreenConnect Client (24f817951c473ef8)\ScreenConnect.ClientService.exe [34272 2015-06-17] (Elsinore Technologies, Inc.)
S2 ScreenConnect Client (4c70b70f756f7b32); C:\Program Files (x86)\ScreenConnect Client (4c70b70f756f7b32)\ScreenConnect.ClientService.exe [35808 2015-09-29] (ScreenConnect Software)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [282624 2016-01-11] (Sophos Limited)
S2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [232472 2012-04-23] (Sophos Limited)
S2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [806912 2016-01-11] (Sophos Limited)
S2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2016-01-11] (Sophos Limited)
S2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2862656 2016-01-11] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2009152 2016-01-11] (Sophos Limited)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-08] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 aswRvrt; no ImagePath
S0 aswVmm; no ImagePath
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S2 secdrv; no ImagePath
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-29] (Avast Software)
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S0 ACPI; system32\drivers\ACPI.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\drivers\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\drivers\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\drivers\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\drivers\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\drivers\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\drivers\amdsbs.sys [X]
S0 amdxata; system32\drivers\amdxata.sys [X]
S3 arc; \SystemRoot\system32\drivers\arc.sys [X]
S3 arcsas; \SystemRoot\system32\drivers\arcsas.sys [X]
S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X]
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X]
S0 atapi; system32\drivers\atapi.sys [X]
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [X]
S1 blbdrive; system32\DRIVERS\blbdrive.sys [X]
S3 BrFiltLo; \SystemRoot\system32\drivers\BrFiltLo.sys [X]
S3 BrFiltUp; \SystemRoot\system32\drivers\BrFiltUp.sys [X]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]
S3 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [X]
S1 cdrom; system32\DRIVERS\cdrom.sys [X]
S3 circlass; \SystemRoot\system32\drivers\circlass.sys [X]
S3 CmBatt; \SystemRoot\system32\drivers\CmBatt.sys [X]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [X]
S3 Compbatt; \SystemRoot\system32\drivers\compbatt.sys [X]
S3 CompositeBus; system32\DRIVERS\CompositeBus.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S4 crcdisk; \SystemRoot\system32\drivers\crcdisk.sys [X]
S0 Disk; system32\drivers\disk.sys [X]
S3 dmvsc; \SystemRoot\system32\drivers\dmvsc.sys [X]
S3 drmkaud; system32\drivers\drmkaud.sys [X]
S3 ebdrv; \SystemRoot\system32\drivers\evbda.sys [X]
S3 elxstor; \SystemRoot\system32\drivers\elxstor.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S3 fdc; \SystemRoot\system32\drivers\fdc.sys [X]
S3 flpydisk; \SystemRoot\system32\drivers\flpydisk.sys [X]
S3 gagp30kx; \SystemRoot\system32\drivers\gagp30kx.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X]
S3 HidBatt; \SystemRoot\system32\drivers\HidBatt.sys [X]
S3 HidBth; \SystemRoot\system32\drivers\hidbth.sys [X]
S3 HidIr; \SystemRoot\system32\drivers\hidir.sys [X]
S3 HidUsb; system32\DRIVERS\hidusb.sys [X]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [X]
S3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [X]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
S3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 iirsp; \SystemRoot\system32\drivers\iirsp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTDVHD64.sys [X]
S3 IntcDAud; system32\DRIVERS\IntcDAud.sys [X]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [X]
S3 intelppm; system32\DRIVERS\intelppm.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [X]
S0 iusb3hcs; system32\DRIVERS\iusb3hcs.sys [X]
S3 iusb3hub; system32\DRIVERS\iusb3hub.sys [X]
S3 iusb3xhc; system32\DRIVERS\iusb3xhc.sys [X]
S3 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S3 kbdhid; system32\DRIVERS\kbdhid.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [X]
S3 LSI_FC; \SystemRoot\system32\drivers\lsi_fc.sys [X]
S3 LSI_SAS; \SystemRoot\system32\drivers\lsi_sas.sys [X]
S3 LSI_SAS2; \SystemRoot\system32\drivers\lsi_sas2.sys [X]
S3 LSI_SCSI; \SystemRoot\system32\drivers\lsi_scsi.sys [X]
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 megasas; \SystemRoot\system32\drivers\megasas.sys [X]
S3 MegaSR; \SystemRoot\system32\drivers\MegaSR.sys [X]
S3 MEIx64; system32\DRIVERS\TeeDriverx64.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S3 mouclass; system32\DRIVERS\mouclass.sys [X]
S3 mouhid; system32\DRIVERS\mouhid.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S0 msahci; system32\drivers\msahci.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S1 mssmbios; system32\DRIVERS\mssmbios.sys [X]
S3 MTConfig; \SystemRoot\system32\drivers\MTConfig.sys [X]
S3 netvsc; system32\DRIVERS\netvsc60.sys [X]
S3 nfrd960; \SystemRoot\system32\drivers\nfrd960.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [X]
S3 Parport; \SystemRoot\system32\drivers\parport.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S3 pciide; \SystemRoot\system32\drivers\pciide.sys [X]
S3 pcmcia; \SystemRoot\system32\drivers\pcmcia.sys [X]
S3 Processor; \SystemRoot\system32\drivers\processr.sys [X]
S3 ql2300; \SystemRoot\system32\drivers\ql2300.sys [X]
S3 ql40xx; \SystemRoot\system32\drivers\ql40xx.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]
S3 rdpbus; system32\DRIVERS\rdpbus.sys [X]
S3 RTL8167; system32\DRIVERS\Rt64win7.sys [X]
S3 s3cap; \SystemRoot\system32\drivers\vms3cap.sys [X]
S1 SAVOnAccess; system32\DRIVERS\savonaccess.sys [X]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [X]
S3 sdbus; \SystemRoot\system32\drivers\sdbus.sys [X]
S3 sdcfilter; system32\DRIVERS\sdcfilter.sys [X]
S3 Serenum; \SystemRoot\system32\drivers\serenum.sys [X]
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
S3 sermouse; \SystemRoot\system32\drivers\sermouse.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 sfloppy; \SystemRoot\system32\drivers\sfloppy.sys [X]
S3 SiSRaid2; \SystemRoot\system32\drivers\SiSRaid2.sys [X]
S3 SiSRaid4; \SystemRoot\system32\drivers\sisraid4.sys [X]
S4 SophosBootDriver; system32\DRIVERS\SophosBootDriver.sys [X]
S3 stexstor; \SystemRoot\system32\drivers\stexstor.sys [X]
S3 StillCam; system32\DRIVERS\serscan.sys [X]
S3 storvsc; \SystemRoot\system32\drivers\storvsc.sys [X]
S3 swenum; system32\DRIVERS\swenum.sys [X]
S3 SynthVid; system32\DRIVERS\VMBusVideoM.sys [X]
S1 TermDD; system32\DRIVERS\termdd.sys [X]
S3 TsUsbGD; \SystemRoot\system32\drivers\TsUsbGD.sys [X]
S3 uagp35; \SystemRoot\system32\drivers\uagp35.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
S3 umbus; system32\DRIVERS\umbus.sys [X]
S3 UmPass; \SystemRoot\system32\drivers\umpass.sys [X]
S3 usbccgp; system32\DRIVERS\usbccgp.sys [X]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [X]
S3 usbehci; system32\DRIVERS\usbehci.sys [X]
S3 usbhub; system32\DRIVERS\usbhub.sys [X]
S3 usbohci; \SystemRoot\system32\drivers\usbohci.sys [X]
S3 usbprint; system32\DRIVERS\usbprint.sys [X]
S3 usbscan; system32\DRIVERS\usbscan.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S3 usbuhci; \SystemRoot\system32\drivers\usbuhci.sys [X]
S0 vdrvroot; system32\drivers\vdrvroot.sys [X]
S3 vga; system32\DRIVERS\vgapnp.sys [X]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [X]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [X]
S3 VMBusHID; \SystemRoot\system32\drivers\VMBusHID.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S0 volsnap; system32\drivers\volsnap.sys [X]
S3 vsmraid; \SystemRoot\system32\drivers\vsmraid.sys [X]
S3 WacomPen; \SystemRoot\system32\drivers\wacompen.sys [X]
S4 warpview; no ImagePath
S3 Wd; \SystemRoot\system32\drivers\wd.sys [X]
S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [X]
S3 WSDPrintDevice; system32\DRIVERS\WSDPrint.sys [X]
S3 WSDScan; system32\DRIVERS\WSDScan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-13 15:08 - 2016-01-13 15:08 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2016-01-11 21:08 - 2016-01-13 17:21 - 00000000 ____D C:\FRST
2016-01-11 10:13 - 2016-01-11 10:13 - 00000000 ____D C:\Windows\System32\NgBase
2016-01-11 09:03 - 2016-01-11 09:57 - 00000542 _____ C:\Windows\Tasks\Thursday.job
2016-01-11 08:19 - 2016-01-11 08:21 - 00000000 ____D C:\ProgramData\Sophos
2016-01-11 08:18 - 2016-01-11 08:20 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-01-11 07:49 - 2016-01-11 07:49 - 101109059 ____N (Igor Pavlov) C:\Users\Jonathan\Desktop\SophosEndpoint10.exe
2016-01-06 08:10 - 2015-07-28 15:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-01-06 08:10 - 2015-07-28 15:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\ProgramData\Desktop\Post Win10 Spybot-install.exe
2016-01-06 08:07 - 2016-01-06 08:07 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-06 08:07 - 2016-01-06 08:07 - 00001385 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2016-01-06 08:06 - 2016-01-06 08:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-06 08:06 - 2016-01-06 08:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-06 08:04 - 2016-01-06 08:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jonathan\Downloads\spybot-2.4.exe
2016-01-06 07:21 - 2016-01-06 07:21 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-06 07:21 - 2016-01-06 07:21 - 00001108 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-06 07:21 - 2016-01-06 07:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-06 07:21 - 2016-01-06 07:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-06 07:20 - 2016-01-06 07:21 - 22908888 _____ (Malwarebytes ) C:\Users\Jonathan\Downloads\mbam-setup-2.2.0.1024 (1).exe
2016-01-06 07:20 - 2016-01-06 07:20 - 22908888 _____ (Malwarebytes ) C:\Users\Jonathan\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-21 19:47 - 2016-01-06 07:50 - 00000000 ____D C:\ProgramData\Browser
2015-12-21 14:22 - 2015-12-21 14:22 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CEF
2015-12-21 11:42 - 2015-12-21 11:42 - 00000000 ____D C:\ProgramData\8c042848-2903-1
2015-12-21 11:42 - 2015-12-21 11:42 - 00000000 ____D C:\ProgramData\8c042848-06c1-0
2015-12-21 11:41 - 2015-12-21 11:41 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Setup Wizard
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-11 10:13 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\SMI
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2016-01-11 10:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Msdtc
2016-01-11 10:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\com
2016-01-11 10:02 - 2015-03-06 10:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-11 10:02 - 2014-04-23 16:13 - 00000000 ____D C:\Scans
2016-01-11 10:00 - 2015-11-20 10:34 - 00003072 _____ C:\Datacollectors.db
2016-01-11 09:59 - 2015-11-20 08:38 - 00000000 ____D C:\Windows\LTSvc
2016-01-11 09:57 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-11 09:25 - 2015-03-06 10:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-11 07:47 - 2014-02-07 12:16 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-11 07:47 - 2014-02-07 12:16 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-11 07:39 - 2014-04-23 16:16 - 00000000 ____D C:\ProgramData\LogMeIn
2016-01-11 07:36 - 2015-05-12 11:42 - 00000000 ____D C:\Program Files\Google
2016-01-11 07:36 - 2015-01-28 08:12 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-06 08:58 - 2015-01-28 08:12 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Google
2016-01-06 08:10 - 2015-07-29 01:03 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-06 08:08 - 2015-07-23 12:55 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-01-06 07:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-06 07:27 - 2015-03-06 11:00 - 00002399 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-06 07:27 - 2015-03-06 11:00 - 00002399 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2016-01-06 06:31 - 2015-01-20 07:24 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CrashDumps
2016-01-04 06:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-21 11:41 - 2014-04-23 16:43 - 00001585 _____ C:\Users\Jonathan\Desktop\Internet Explorer.lnk
2015-12-21 11:41 - 2014-04-23 16:10 - 00000000 ____D C:\Users\Jonathan\Desktop\Old Desktop
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 47%
Total physical RAM: 1013.61 MB
Available physical RAM: 534.84 MB
Total Virtual: 1013.61 MB
Available Virtual: 519.5 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.04 GB) (Free:423.27 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:10.69 GB) (Free:3.19 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT
Drive g: (USB) (Removable) (Total:1.87 GB) (Free:1.83 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 95B449CA)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 5163262B)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0E)
 
 
LastRegBack: 2016-01-11 08:36
 
==================== End of FRST.txt ============================


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:13 AM

Posted 13 January 2016 - 07:04 PM

At this point we have no other option but to do a complete reinstall of the system.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 chrisbrown0804

chrisbrown0804
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 14 January 2016 - 08:14 AM

Ah, understood. Thanks for your help.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:13 AM

Posted 15 January 2016 - 08:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users