Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

White Screen...Please Help! [Solved]


  • This topic is locked This topic is locked

#1
bochner43

bochner43

    Member

  • Member
  • PipPip
  • 10 posts
Hi,

I have Windows Vista, and when I start up my computer I see my desktop briefly with all of the files, and then a white screen appears. The white screen will not go away. When I press control-alt-delete and go to the task manager, the screen then turns black. Please help. Thanks.
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.


Can you boot into Safe Mode (tap F8 while booting)? Do you get the Advance Boot Menu with an option to "Repair your computer"? Do you have a Vista CD?

Let me know the answers and then I will choose the best method to fix this. :)



  • 0

#3
bochner43

bochner43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you very much for your prompt response. I can get into safe mode. I can also get into advance boot menu with the option to "Repair your computer". I also have the Vista CD. Thanks!!!
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
So, if you can run programs in Safe Mode with Networking, please download and run the following scan:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    dir C:\ /S /A:L /C
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

If you can't run the program in Safe Mode, let me know.
  • 0

#5
bochner43

bochner43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I selected "Safe Mode with Networking", and it said "Loading Windows Files" at the top with a list of a bunch of files. Then it took me to safe mode for maybe a second or two, and then back to normal login with the white screen showing. Any ideas why this is?
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
That's our buddy, mr. ransom infection. Let's go in outside of windows:

Please choose the correct download below for 32-bit or 64-bit. If you are unsure which to choose, let me know.



For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.

Posted Image

[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#7
bochner43

bochner43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-06-2013
Ran by SYSTEM on 06-06-2013 21:07:24
Running from E:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-03-04] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-20] (AVG Secure Search)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKU\Michael Bochner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3882312 2008-12-02] (Microsoft Corporation)
HKU\Michael Bochner\...\Winlogon: [Shell] explorer.exe,C:\Users\Michael Bochner\AppData\Roaming\skype.dat [66560 2011-11-18] () <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
S3 msiserver; %systemroot%\system32\msiexec /V [x]

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-20] (AVG Technologies)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-06 21:06 - 2013-06-06 21:06 - 00000000 ____D C:\FRST
2013-06-05 15:44 - 2013-06-06 16:08 - 00000004 ____A C:\Users\Michael Bochner\AppData\Roaming\skype.ini
2013-06-03 15:23 - 2013-06-06 16:08 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-26 16:46 - 2013-05-26 17:55 - 00013893 ____A C:\Users\Michael Bochner\Desktop\Fantasy Football Analysis.xlsx
2013-05-14 17:00 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-14 17:00 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-14 17:00 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-14 17:00 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-14 17:00 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-14 17:00 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-14 17:00 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-14 17:00 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-14 17:00 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-14 17:00 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-14 17:00 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-14 17:00 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-14 17:00 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-14 17:00 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-14 17:00 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-14 17:00 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-14 17:00 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-14 17:00 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-14 17:00 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-14 17:00 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-14 17:00 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-14 17:00 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-14 17:00 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-14 17:00 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-14 17:00 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-14 17:00 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-14 17:00 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-14 17:00 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-14 16:58 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-14 16:58 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-14 16:58 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-14 16:58 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-14 15:32 - 2013-04-15 06:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 15:32 - 2013-04-12 19:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 15:32 - 2013-04-08 17:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-13 17:04 - 2013-05-13 17:04 - 00000706 ____A C:\Users\Michael Bochner\Desktop\Internet Security 2013.lnk
2013-05-13 17:04 - 2013-05-13 17:04 - 00000000 ____A C:\Users\Michael Bochner\rundll32.exe
2013-05-13 17:04 - 2013-05-13 17:04 - 00000000 ____A C:\Users\Michael Bochner\googleupdate.exe

==================== One Month Modified Files and Folders =======

2013-06-06 21:06 - 2013-06-06 21:06 - 00000000 ____D C:\FRST
2013-06-06 16:11 - 2009-06-25 14:09 - 01157262 ____A C:\Windows\WindowsUpdate.log
2013-06-06 16:10 - 2012-04-04 11:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-06 16:08 - 2013-06-05 15:44 - 00000004 ____A C:\Users\Michael Bochner\AppData\Roaming\skype.ini
2013-06-06 16:08 - 2013-06-03 15:23 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-06 16:08 - 2012-08-24 16:18 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-06 16:08 - 2011-03-07 17:50 - 00000000 ____D C:\Users\Michael Bochner\Tracing
2013-06-06 16:08 - 2011-01-10 16:35 - 00007052 ____A C:\Users\Michael Bochner\AppData\Local\d3d9caps.dat
2013-06-06 16:08 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-06 16:08 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-06 16:08 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-06 14:08 - 2006-11-02 07:42 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-06 13:44 - 2012-08-24 16:18 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-06 13:40 - 2006-11-02 04:46 - 00690960 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-06 12:46 - 2012-08-24 16:19 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-06 11:51 - 2011-01-01 08:34 - 00000000 ____D C:\ProgramData\MFAData
2013-06-03 15:23 - 2012-06-05 16:41 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-05-26 17:55 - 2013-05-26 16:46 - 00013893 ____A C:\Users\Michael Bochner\Desktop\Fantasy Football Analysis.xlsx
2013-05-20 15:20 - 2012-10-31 15:20 - 00000874 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-20 15:13 - 2012-09-03 18:04 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-15 17:10 - 2012-04-04 11:00 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 17:10 - 2011-05-16 15:08 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 16:55 - 2006-11-02 07:21 - 00379280 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-14 17:01 - 2010-12-29 17:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-14 16:59 - 2006-11-02 04:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-14 15:37 - 2010-12-29 17:11 - 00000000 ____D C:\users\Michael Bochner
2013-05-13 17:04 - 2013-05-13 17:04 - 00000706 ____A C:\Users\Michael Bochner\Desktop\Internet Security 2013.lnk
2013-05-13 17:04 - 2013-05-13 17:04 - 00000000 ____A C:\Users\Michael Bochner\rundll32.exe
2013-05-13 17:04 - 2013-05-13 17:04 - 00000000 ____A C:\Users\Michael Bochner\googleupdate.exe

Files to move or delete:
====================
C:\Users\Michael Bochner\googleupdate.exe
C:\Users\Michael Bochner\rundll32.exe
C:\Users\Michael Bochner\AppData\Roaming\skype.dat
C:\Users\Michael Bochner\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-30 10:27:59
Restore point made on: 2013-05-01 14:36:48
Restore point made on: 2013-05-02 16:44:51
Restore point made on: 2013-05-03 15:43:06
Restore point made on: 2013-05-04 09:05:10
Restore point made on: 2013-05-05 07:05:56
Restore point made on: 2013-05-07 13:40:58
Restore point made on: 2013-05-08 06:16:21
Restore point made on: 2013-05-09 12:40:48
Restore point made on: 2013-05-10 03:37:08
Restore point made on: 2013-05-10 18:08:20
Restore point made on: 2013-05-11 08:32:45
Restore point made on: 2013-05-12 16:40:12
Restore point made on: 2013-05-13 16:09:54
Restore point made on: 2013-05-14 16:57:48
Restore point made on: 2013-05-16 16:57:37
Restore point made on: 2013-05-18 16:11:01
Restore point made on: 2013-05-19 06:07:17
Restore point made on: 2013-05-22 17:04:44
Restore point made on: 2013-05-23 13:06:36
Restore point made on: 2013-05-24 12:55:20
Restore point made on: 2013-05-25 07:52:13
Restore point made on: 2013-05-26 08:16:53
Restore point made on: 2013-05-27 06:53:16
Restore point made on: 2013-05-28 16:38:03
Restore point made on: 2013-05-29 15:11:40
Restore point made on: 2013-05-30 16:51:53
Restore point made on: 2013-06-01 04:47:27
Restore point made on: 2013-06-02 05:44:47
Restore point made on: 2013-06-02 18:08:23
Restore point made on: 2013-06-04 13:45:42
Restore point made on: 2013-06-06 12:38:00

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 4060.14 MB
Available physical RAM: 3634.62 MB
Total Pagefile: 3933.78 MB
Available Pagefile: 3613.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:340.74 GB) NTFS (Disk=0 Partition=3) ==>[Drive with boot components (obtained from BCD)]
Drive e: (NANO PRO) (Removable) (Total:3.73 GB) (Free:3.71 GB) FAT32 (Disk=1 Partition=1)
Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.38 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)


Last Boot: 2013-06-06 13:42

==================== End Of Log ============================
  • 0

#8
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's clean the nasties.
Please download the attached file to your USB. Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.



Your computer should be able to boot to normal mode. If so, please run a new FRST scan in normal mode and post the log for me. :)

Attached Files


  • 0

#9
bochner43

bochner43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the fixlog:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-06-2013
Ran by SYSTEM at 2013-06-07 18:04:26 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

HKU\Michael Bochner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Michael Bochner\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Michael Bochner\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Michael Bochner\Desktop\Internet Security 2013.lnk => Moved successfully.
C:\Users\Michael Bochner\rundll32.exe => Moved successfully.
C:\Users\Michael Bochner\googleupdate.exe => Moved successfully.

==== End of Fixlog ====
  • 0

#10
bochner43

bochner43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks again for all of your assistance. Here is the output of the new FRST scan in normal mode. Please note that there were two separate results and I have pasted both below.



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2013
Ran by Michael Bochner at 2013-06-07 18:14:05 Run:
Running from F:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.7) (Version: 10.1.7)
AVG 2013 (Version: 13.0.3184)
AVG 2013 (Version: 13.0.3343)
AVG 2013 (Version: 2013.0.3343)
AVG Security Toolbar (Version: 15.2.0.5)
Bing Bar (Version: 7.0.850.0)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.6.0.13)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities PhotoStitch (Version: 3.1.19.43)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Security Update
Dell Getting Started Guide (Version: 1.00.0000)
Evolution Client 12.12.5.1 (Version: 12.12.5.1)
Evolution Help (Version: 1.0.0)
Google Chrome (Version: 27.0.1453.110)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Intel® Graphics Media Accelerator Driver
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 13 (64-bit) (Version: 6.0.130)
Java™ 6 Update 23 (Version: 6.0.230)
Junk Mail filter update (Version: 14.0.8050.1202)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox (3.6.13) (Version: 3.6.13 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PowerDVD DX (Version: 8.2.5024)
Quicken 2013 (Version: 22.1.10.2)
Realtek High Definition Audio Driver (Version: 6.0.1.5780)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Syracuse University (Version: 3.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)

==================== Restore Points =========================

30-04-2013 18:27:43 Scheduled Checkpoint
01-05-2013 22:36:30 Scheduled Checkpoint
03-05-2013 00:44:33 Scheduled Checkpoint
03-05-2013 23:42:49 Scheduled Checkpoint
04-05-2013 17:04:52 Scheduled Checkpoint
05-05-2013 15:05:38 Scheduled Checkpoint
07-05-2013 21:40:42 Scheduled Checkpoint
08-05-2013 14:16:04 Scheduled Checkpoint
09-05-2013 20:40:29 Scheduled Checkpoint
10-05-2013 11:37:03 Scheduled Checkpoint
11-05-2013 02:08:05 Scheduled Checkpoint
11-05-2013 16:32:27 Scheduled Checkpoint
13-05-2013 00:39:54 Scheduled Checkpoint
14-05-2013 00:09:36 Scheduled Checkpoint
15-05-2013 00:57:22 Windows Update
17-05-2013 00:57:22 Scheduled Checkpoint
19-05-2013 00:10:44 Scheduled Checkpoint
19-05-2013 14:07:00 Scheduled Checkpoint
23-05-2013 01:04:27 Scheduled Checkpoint
23-05-2013 21:06:17 Scheduled Checkpoint
24-05-2013 20:55:02 Scheduled Checkpoint
25-05-2013 15:51:54 Scheduled Checkpoint
26-05-2013 16:16:37 Scheduled Checkpoint
27-05-2013 14:52:57 Scheduled Checkpoint
29-05-2013 00:37:44 Scheduled Checkpoint
29-05-2013 23:11:22 Scheduled Checkpoint
31-05-2013 00:51:36 Scheduled Checkpoint
01-06-2013 12:47:10 Scheduled Checkpoint
02-06-2013 13:44:32 Scheduled Checkpoint
03-06-2013 02:08:02 Scheduled Checkpoint
04-06-2013 21:45:26 Scheduled Checkpoint
06-06-2013 20:37:47 Scheduled Checkpoint

==================== Hosts content: ==========================

::1 localhost

127.0.0.1 localhost


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2013 06:11:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2013 08:09:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2013 08:08:42 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207, exception code 0xc00002b4, fault offset 0x00414f38,
process id 0xae0, application start time 0xsvchost.exe0.

Error: (06/06/2013 08:04:21 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/06/2013 05:38:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2013 05:37:04 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207, exception code 0xc00002b4, fault offset 0x00414f38,
process id 0xb00, application start time 0xsvchost.exe0.

Error: (06/06/2013 05:34:34 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/06/2013 05:31:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2013 05:31:14 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207, exception code 0xc00002b4, fault offset 0x00414f38,
process id 0x77c, application start time 0xsvchost.exe0.

Error: (06/06/2013 05:29:36 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (06/07/2013 06:09:58 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:10:56 PM on 6/6/2013 was unexpected.

Error: (06/06/2013 08:09:41 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (06/06/2013 08:07:11 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:05:11 PM on 6/6/2013 was unexpected.

Error: (06/06/2013 08:04:22 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/06/2013 08:04:22 PM) (Source: DCOM) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (06/06/2013 08:04:22 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/06/2013 08:04:21 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/06/2013 08:04:11 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/06/2013 06:08:38 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (06/06/2013 05:34:36 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-06-07 18:13:39.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-07 18:13:39.789
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-07 18:13:39.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-07 18:13:39.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-20 19:20:54.346
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-20 19:20:54.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-20 19:20:54.074
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-20 19:20:53.939
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-20 19:20:53.777
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-20 19:20:53.654
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2013\Drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 4060.14 MB
Available physical RAM: 2185.8 MB
Total Pagefile: 8295.57 MB
Available Pagefile: 6262.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:340.71 GB) NTFS (Disk=0 Partition=3) ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.39 GB) NTFS (Disk=0 Partition=2)
Drive f: (NANO PRO) (Removable) (Total:3.73 GB) (Free:3.71 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================





Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-06-2013
Ran by Michael Bochner (administrator) on 07-06-2013 18:12:47
Running from F:\
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-03-05] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1555968 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3882312 2008-12-02] (Microsoft Corporation)
MountPoints2: {922eb410-61d4-11de-b03d-806e6f6e6963} - E:\setup.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-20] (AVG Secure Search)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKCU SearchScopes: DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...fr&d=2012-06-05 20:41:43&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...fr&d=2012-06-05 20:41:43&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
PDF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Michael Bochner\AppData\Roaming\Mozilla\Firefox\Profiles\hch6269t.default
FF SelectedSearchEngine: AVG Secure Search
FF Keyword.URL: https://isearch.avg....41:43&sap=ku&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Michael Bochner\AppData\Roaming\Mozilla\Firefox\Profiles\hch6269t.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"]},"sync_promo":{"show_on_first_run_allowed"
CHR Extension: (YouTube) - C:\Users\Michael Bochner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Michael Bochner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (AVG Security Toolbar) - C:\Users\Michael Bochner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0
CHR Extension: (Gmail) - C:\Users\Michael Bochner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
S3 msiserver; %systemroot%\system32\msiexec /V [x]

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-20] (AVG Technologies)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-07 01:06 - 2013-06-07 01:06 - 00000000 ____D C:\FRST
2013-06-03 19:23 - 2013-06-07 18:10 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-26 20:46 - 2013-05-26 21:55 - 00013893 ____A C:\Users\Michael Bochner\Desktop\Fantasy Football Analysis.xlsx
2013-05-14 21:00 - 2013-04-04 21:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-14 21:00 - 2013-04-04 21:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-14 21:00 - 2013-04-04 21:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-14 21:00 - 2013-04-04 21:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-14 21:00 - 2013-04-04 20:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-14 21:00 - 2013-04-04 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-14 21:00 - 2013-04-04 20:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-14 21:00 - 2013-04-04 20:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-14 21:00 - 2013-04-04 20:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-14 21:00 - 2013-04-04 20:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-14 21:00 - 2013-04-04 20:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-14 21:00 - 2013-04-04 20:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-14 21:00 - 2013-04-04 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-14 21:00 - 2013-04-04 20:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-14 21:00 - 2013-04-04 18:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-14 21:00 - 2013-04-04 18:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-14 21:00 - 2013-04-04 18:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-14 21:00 - 2013-04-04 18:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-14 21:00 - 2013-04-04 18:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-14 21:00 - 2013-04-04 18:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-14 21:00 - 2013-04-04 17:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-14 21:00 - 2013-04-04 17:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-14 21:00 - 2013-04-04 17:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-14 21:00 - 2013-04-04 17:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-14 21:00 - 2013-04-04 17:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-14 21:00 - 2013-04-04 17:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-14 21:00 - 2013-04-04 17:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-14 21:00 - 2013-04-04 17:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-14 20:58 - 2013-05-05 17:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-14 20:58 - 2013-05-05 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-14 20:58 - 2013-05-05 15:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-14 20:58 - 2013-05-05 15:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-14 19:32 - 2013-04-15 10:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 19:32 - 2013-04-12 23:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 19:32 - 2013-04-08 21:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

==================== One Month Modified Files and Folders =======

2013-06-07 22:04 - 2010-12-29 21:11 - 00000000 ____D C:\users\Michael Bochner
2013-06-07 18:13 - 2011-01-01 12:34 - 00000000 ____D C:\ProgramData\MFAData
2013-06-07 18:12 - 2009-06-25 18:09 - 01163728 ____A C:\Windows\WindowsUpdate.log
2013-06-07 18:11 - 2006-11-02 11:27 - 00161747 ____A C:\Windows\setupact.log
2013-06-07 18:10 - 2013-06-03 19:23 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-07 18:10 - 2012-08-24 20:18 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-07 18:10 - 2012-04-04 15:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-07 18:10 - 2011-03-07 21:50 - 00000000 ____D C:\Users\Michael Bochner\Tracing
2013-06-07 18:10 - 2011-01-10 20:35 - 00007052 ____A C:\Users\Michael Bochner\AppData\Local\d3d9caps.dat
2013-06-07 18:10 - 2006-11-02 11:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-07 18:10 - 2006-11-02 11:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-07 18:09 - 2006-11-02 11:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-07 01:06 - 2013-06-07 01:06 - 00000000 ____D C:\FRST
2013-06-06 18:08 - 2006-11-02 11:42 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-06 17:44 - 2012-08-24 20:18 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-06 17:40 - 2006-11-02 08:46 - 00690960 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-06 16:46 - 2012-08-24 20:19 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-03 19:23 - 2012-06-05 20:41 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-05-26 21:55 - 2013-05-26 20:46 - 00013893 ____A C:\Users\Michael Bochner\Desktop\Fantasy Football Analysis.xlsx
2013-05-20 19:20 - 2012-10-31 19:20 - 00000874 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-20 19:13 - 2012-09-03 22:04 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-15 21:10 - 2012-04-04 15:00 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 21:10 - 2011-05-16 19:08 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 20:55 - 2006-11-02 11:21 - 00379280 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-14 21:01 - 2010-12-29 21:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-14 20:59 - 2006-11-02 08:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-06-07 18:16

==================== End Of Log ============================
  • 0

Advertisements


#11
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Just wanted to let you know, it may be Monday before I post the next set of instructions. How is the computer running?
  • 0

#12
bochner43

bochner43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for the follow up. Monday works fine with me. Computer is running great. I ran the AVG antivirus free edition 2013, and it eliminated the one threat that it found. Thanks again.
  • 0

#13
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi bochner43,

Let's sweep for any remnants.

Step 1: Disable sidebar.

You have Windows Sidebar enabled on one of your user accounts. Please run this fixit to disable it. This is recommended by Microsoft, as it is a known security flaw.

Step 2: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 3: Run MBAM.

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 4: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • Any trouble disabling sidebar?
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • 0

#14
bochner43

bochner43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
•SecurityCheck log:

Results of screen317's Security Check version 0.99.64
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 23
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (3.6.13) Firefox out of Date!
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````



MBAM Log (Two text files):

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.11.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael Bochner :: MICHAELBOCHN-PC [administrator]

Protection: Enabled

6/10/2013 9:41:43 PM
mbam-log-2013-06-10 (21-41-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209486
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Michael Bochner\AppData\Local\Temp\84FB.tmp (Trojan.Krypt) -> Quarantined and deleted successfully.
C:\Users\Michael Bochner\AppData\Local\Temp\8B23.tmp (Trojan.Krypt) -> Quarantined and deleted successfully.

(end)


2013/06/10 21:39:08 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Starting protection
2013/06/10 21:39:08 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Protection started successfully
2013/06/10 21:39:08 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Starting IP protection
2013/06/10 21:39:23 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE IP Protection started successfully
2013/06/10 21:40:15 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Starting database refresh
2013/06/10 21:40:15 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Stopping IP protection
2013/06/10 21:40:16 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE IP Protection stopped successfully
2013/06/10 21:40:18 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Database refreshed successfully
2013/06/10 21:40:18 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Starting IP protection
2013/06/10 21:40:21 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE IP Protection started successfully
2013/06/10 21:51:54 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Executing scheduled update: Daily
2013/06/10 21:51:59 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Database already up-to-date
2013/06/10 21:54:37 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Starting protection
2013/06/10 21:54:37 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Protection started successfully
2013/06/10 21:54:37 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE Starting IP protection
2013/06/10 21:54:41 -0400 MICHAELBOCHN-PC Michael Bochner MESSAGE IP Protection started successfully


I ran ESET, and there wasn't a log. It said that it detected three threats and eliminated them. Please let me know how to proceed. Thanks.
  • 0

#15
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Could you tell me what AVG detected?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP