Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

White screen - Windows Vista - started when watching video content and

Started by svengoeman , Oct 28 2013 05:11 AM

  • Please log in to reply

#1
svengoeman
Posted 28 October 2013 - 05:11 AM

svengoeman

    New Member

  • Member
  • Pip
  • 4 posts
Hi

While watching a video on-line I suddenly got a white screen while the audio was still playing and I could not back to viewing normal screens. Esc did not help and CTRL+ALT+DEL only got me to the first selection page (lock computer, log off, ..., Task Manager, Cancel) but when trying to get the Task Manager up I just got the white screen again.

I tried to restart and log out/in a couple of times but no success: all goes well until I confirm my user login details, but as from then I get the white screen again. When shutting down the computer I get a quick glimpse of my normal desktop.

Edit: what I forgot to mention is that the LED next to the webcam (which was & is masked behind a piece of tape)
is also indicating the webcam is activated by the malware.

As I currently can't work on the machine, I could also not download and run the OTL tool as per the generic instructions.

Thank you very much in advance for your advice,
Kind regards,
Sven

Edited by svengoeman, 29 October 2013 - 12:45 AM.

  • 0

Advertisements

#2
RKinner
Posted 28 October 2013 - 01:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Can you get a FRST log?

http://www.geekstogo...ost__p__2151691
  • 0

#3
svengoeman
Posted 28 October 2013 - 02:29 PM

svengoeman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi. Thanks for the quick response. Hereunder the copy/paste from the FRST log.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by SYSTEM on MINWINPC on 28-10-2013 22:19:39
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6956576 2009-01-05] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-01-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [152576 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2185032 2009-10-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AML] - C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe [1101824 2009-03-09] (Sony)
HKLM-x32\...\Run: [BlackBerryAutoUpdate] - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [648536 2010-03-10] (Research In Motion Limited)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-04-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [442896 2013-06-27] (Research In Motion Limited)
HKLM-x32\...\Run: [RIM PeerManager] - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4423168 2013-09-12] (Research In Motion Limited)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-30] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [334848 2008-12-21] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [334848 2008-12-21] (Sony Corporation)
HKU\svengoeman\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [334848 2008-12-21] (Sony Corporation)
HKU\svengoeman\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\svengoeman\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\svengoeman\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-14] (Google Inc.)
HKU\svengoeman\...\Winlogon: [Shell] explorer.exe,C:\Users\svengoeman\AppData\Roaming\Other.res [153600 2013-07-09] () <==== ATTENTION

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-06-27] (Research In Motion Limited)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [361472 2008-12-21] (Sony Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-07] (Sony Corporation)
S2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-09-12] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1283072 2013-09-12] (Research In Motion Limited)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [141344 2009-01-05] (Realtek Semiconductor)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-02-05] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-02-05] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 usnjsvc; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [5184872 2009-01-14] (Sony Corporation)
S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation)
S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 DMICall; C:\Windows\SysWow64\DRIVERS\DMICall.sys [10216 2008-11-24] (Sony Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-28] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-28] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20131024.001\IDSvia64.sys [521816 2013-10-20] (Symantec Corporation)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-15] (McAfee, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20131025.001\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20131025.001\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-09-12] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2008-10-22] (REDC)
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2007-12-12] ()
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMTDIV.SYS [457304 2013-04-24] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 22:19 - 2013-10-28 22:19 - 00000000 ____D C:\FRST
2013-10-20 12:14 - 2013-10-20 12:14 - 00000000 ____D C:\Users\svengoeman\AppData\Local\CANON_INC
2013-10-20 12:11 - 2013-10-20 12:11 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\ZoomBrowser EX
2013-10-13 14:02 - 2013-09-22 06:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-13 14:02 - 2013-09-22 06:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-13 14:02 - 2013-09-22 06:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-13 14:02 - 2013-09-22 06:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-13 14:02 - 2013-09-22 06:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-13 14:02 - 2013-09-22 06:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-13 14:02 - 2013-09-22 06:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-13 14:02 - 2013-09-22 06:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-13 14:02 - 2013-09-22 06:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-13 14:02 - 2013-09-22 06:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-13 14:02 - 2013-09-22 06:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-13 14:02 - 2013-09-22 06:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-13 14:02 - 2013-09-22 06:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-13 14:02 - 2013-09-22 06:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-13 14:02 - 2013-09-22 02:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-13 14:02 - 2013-09-22 02:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-13 14:02 - 2013-09-22 02:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-13 14:02 - 2013-09-22 02:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-13 14:02 - 2013-09-22 02:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-13 14:02 - 2013-09-22 02:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-13 14:02 - 2013-09-22 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-13 14:02 - 2013-09-22 02:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-13 14:02 - 2013-09-22 02:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-13 14:02 - 2013-09-22 02:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-13 14:02 - 2013-09-22 02:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-13 14:02 - 2013-09-22 02:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-13 14:02 - 2013-09-22 02:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-13 14:02 - 2013-09-22 01:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-13 14:01 - 2013-09-22 07:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-13 14:01 - 2013-09-22 07:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-13 14:01 - 2013-09-22 02:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-13 14:01 - 2013-09-22 02:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-13 04:33 - 2013-10-13 04:33 - 00001694 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files\iTunes
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files\iPod
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-12 22:41 - 2013-08-28 23:48 - 02775552 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-12 22:41 - 2013-08-26 19:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-10-12 22:41 - 2013-08-26 19:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-10-12 22:41 - 2013-08-26 19:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-10-12 22:41 - 2013-08-26 19:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-10-12 22:41 - 2013-08-26 18:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-12 22:41 - 2013-08-26 18:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-12 22:41 - 2013-08-26 18:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-12 22:41 - 2013-08-26 18:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-12 22:41 - 2013-08-26 18:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-10-12 22:41 - 2013-08-26 18:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-10-12 22:41 - 2013-08-26 18:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-10-12 22:41 - 2013-08-26 18:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-10-12 22:41 - 2013-08-26 18:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-10-12 22:41 - 2013-08-26 17:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-12 22:41 - 2013-08-26 17:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-12 22:41 - 2013-08-26 17:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-12 22:41 - 2013-08-26 17:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-12 22:41 - 2013-07-31 20:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-12 22:41 - 2013-07-31 19:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-10-12 22:41 - 2013-07-20 02:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 22:41 - 2013-07-20 02:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 22:41 - 2013-07-12 01:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-12 22:41 - 2013-07-03 20:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-12 22:41 - 2013-07-03 20:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-12 22:41 - 2013-07-02 18:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-12 22:41 - 2013-07-02 18:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-12 22:41 - 2013-06-28 18:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-12 22:41 - 2013-06-28 18:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-12 22:41 - 2013-06-28 18:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-12 22:41 - 2013-06-28 18:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-12 22:41 - 2013-06-26 15:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-12 22:41 - 2013-06-03 20:16 - 00048128 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-12 22:41 - 2013-06-03 20:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-12 22:41 - 2013-06-03 18:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-12 22:41 - 2013-06-03 17:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-12 22:41 - 2011-05-05 06:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-12 22:41 - 2011-05-05 06:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-09-30 10:39 - 2013-09-30 10:39 - 00000000 ____D C:\Users\svengoeman\Documents\BLACKBERRY-A814
2013-09-30 10:34 - 2013-09-30 10:34 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2013-09-30 10:31 - 2013-09-30 10:31 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\XCPCSync.OEM
2013-09-30 10:19 - 2013-09-30 10:19 - 00000000 ____D C:\Users\svengoeman\AppData\Local\Research In Motion
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 _____ C:\Windows\SysWOW64\out.txt
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 _____ C:\Windows\SysWOW64\err.txt
2013-09-30 10:18 - 2012-12-10 05:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
2013-09-30 10:17 - 2013-09-30 10:17 - 00002132 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2013-09-30 10:11 - 2013-09-30 10:11 - 00381476 _____ C:\Users\svengoeman\AppData\Local\dd_vcredistMSI5C8F.txt
2013-09-30 10:11 - 2013-09-30 10:11 - 00011378 _____ C:\Users\svengoeman\AppData\Local\dd_vcredistUI5C8F.txt

==================== One Month Modified Files and Folders =======

2013-10-28 22:19 - 2013-10-28 22:19 - 00000000 ____D C:\FRST
2013-10-26 00:54 - 2009-09-21 23:34 - 01096732 _____ C:\Windows\WindowsUpdate.log
2013-10-26 00:54 - 2009-04-10 10:09 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-26 00:54 - 2006-11-02 07:42 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-26 00:54 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-26 00:54 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-26 00:54 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-26 00:40 - 2010-09-10 10:14 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-26 00:36 - 2010-09-10 10:14 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-25 12:59 - 2009-09-22 00:17 - 00000282 _____ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2013-10-25 01:58 - 2011-05-11 12:50 - 00003706 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B643984-6A2B-45DE-B51A-83D521B35E2D}
2013-10-20 12:14 - 2013-10-20 12:14 - 00000000 ____D C:\Users\svengoeman\AppData\Local\CANON_INC
2013-10-20 12:12 - 2011-07-15 12:04 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\Canon
2013-10-20 12:11 - 2013-10-20 12:11 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\ZoomBrowser EX
2013-10-14 12:05 - 2010-04-24 14:28 - 00000000 ____D C:\Users\svengoeman\AppData\Local\Google
2013-10-14 11:04 - 2006-11-02 04:46 - 00782144 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-14 10:57 - 2006-11-02 07:21 - 00412088 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-14 10:45 - 2010-12-01 12:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-14 10:45 - 2008-01-20 19:26 - 00121772 _____ C:\Windows\PFRO.log
2013-10-13 14:25 - 2009-09-21 23:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-13 14:03 - 2013-08-19 13:12 - 00000000 ____D C:\Windows\System32\MRT
2013-10-13 14:03 - 2006-11-02 04:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-10-13 04:33 - 2013-10-13 04:33 - 00001694 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files\iTunes
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files\iPod
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-13 04:28 - 2009-10-01 09:56 - 00000000 ____D C:\users\svengoeman
2013-10-13 03:31 - 2010-09-10 10:14 - 00004060 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 03:31 - 2010-09-10 10:14 - 00003808 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-30 10:39 - 2013-09-30 10:39 - 00000000 ____D C:\Users\svengoeman\Documents\BLACKBERRY-A814
2013-09-30 10:34 - 2013-09-30 10:34 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2013-09-30 10:34 - 2006-11-02 07:27 - 00157238 _____ C:\Windows\setupact.log
2013-09-30 10:31 - 2013-09-30 10:31 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\XCPCSync.OEM
2013-09-30 10:19 - 2013-09-30 10:19 - 00000000 ____D C:\Users\svengoeman\AppData\Local\Research In Motion
2013-09-30 10:19 - 2010-06-05 08:16 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\Research In Motion
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 _____ C:\Windows\SysWOW64\out.txt
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 _____ C:\Windows\SysWOW64\err.txt
2013-09-30 10:18 - 2010-09-12 00:17 - 00000000 ____D C:\ProgramData\Research In Motion
2013-09-30 10:17 - 2013-09-30 10:17 - 00002132 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2013-09-30 10:16 - 2010-06-05 08:14 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2013-09-30 10:11 - 2013-09-30 10:11 - 00381476 _____ C:\Users\svengoeman\AppData\Local\dd_vcredistMSI5C8F.txt
2013-09-30 10:11 - 2013-09-30 10:11 - 00011378 _____ C:\Users\svengoeman\AppData\Local\dd_vcredistUI5C8F.txt
2013-09-30 10:11 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

Files to move or delete:
====================
C:\Users\svengoeman\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\svengoeman\AppData\Local\Temp\hRDUSLU.exe
C:\Users\svengoeman\AppData\Local\Temp\hRDUSLU0.exe
C:\Users\svengoeman\AppData\Local\Temp\SkypeSetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

19
Restore point made on: 2013-09-06 22:51:34
Restore point made on: 2013-09-08 02:26:57
Restore point made on: 2013-09-15 00:01:38
Restore point made on: 2013-09-15 06:02:36
Restore point made on: 2013-09-15 07:07:31
Restore point made on: 2013-09-15 07:09:13
Restore point made on: 2013-09-18 12:04:24
Restore point made on: 2013-09-22 09:21:03
Restore point made on: 2013-09-23 14:29:47
Restore point made on: 2013-09-25 13:27:23
Restore point made on: 2013-09-28 10:20:28
Restore point made on: 2013-09-29 00:51:15
Restore point made on: 2013-09-30 10:14:30
Restore point made on: 2013-10-12 22:27:52
Restore point made on: 2013-10-13 04:28:52
Restore point made on: 2013-10-13 13:54:06
Restore point made on: 2013-10-16 12:55:48
Restore point made on: 2013-10-20 06:09:36
Restore point made on: 2013-10-24 23:18:05

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4062.11 MB
Available physical RAM: 3450.18 MB
Total Pagefile: 3788.12 MB
Available Pagefile: 3425.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:358.77 GB) (Free:136 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:13.84 GB) (Free:0.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: D8421184)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=359 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 000865CF)
Partition 1: (Not Active) - (Size=961 MB) - (Type=06)


LastRegBack: 2013-10-26 00:46

==================== End Of Log ============================
  • 0

#4
RKinner
Posted 28 October 2013 - 05:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Would have been better if you had included the addition.txt file but we can try with what we have:
On the computer you used to get the FRST program, put in the USB drive that has FRST on it and

Copy the next 4 lines.

HKU\svengoeman\...\Winlogon: [Shell] explorer.exe,C:\Users\svengoeman\AppData\Roaming\Other.res [153600 2013-07-09] () <==== ATTENTION
C:\Users\svengoeman\AppData\Local\Temp\hRDUSLU.exe
C:\Users\svengoeman\AppData\Local\Temp\hRDUSLU0.exe
C:\Users\svengoeman\AppData\Roaming\Other.res

Open notepad (Start, All Programs, Accessories, Notepad) and paste (Ctrl + v or Edit then Paste) and the copied lines should appear. File, Save As (to the USB drive that has FRST on it) fixlist, OK. This should create fixlist.txt. Now move the USB drive back to the sick computer and boot it as before (if it is not still in Command Prompt) Run FRST as before and press Fix.

It will create a fix log which I want to see in your next post. IF that doesn't fix it then run FRST one more time but this time click on Addition.txt before you hit Scan. When finished you will have two files. The FRST log and one called Addition.txt Please post them both.
  • 0

#5
svengoeman
Posted 29 October 2013 - 12:48 AM

svengoeman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
That seems to have fixed the issue (as I am posting it from the machine that had the problem).
Thank you so much for your help, I would never have solved this on my own! Hereunder you'll find the content of the fix log.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by SYSTEM at 2013-10-29 08:32:41 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\svengoeman\...\Winlogon: [Shell] explorer.exe,C:\Users\svengoeman\AppData\Roaming\Other.res [153600 2013-07-09] () <==== ATTENTION
C:\Users\svengoeman\AppData\Local\Temp\hRDUSLU.exe
C:\Users\svengoeman\AppData\Local\Temp\hRDUSLU0.exe
C:\Users\svengoeman\AppData\Roaming\Other.res
*****************

HKU\svengoeman\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\svengoeman\AppData\Local\Temp\hRDUSLU.exe => Moved successfully.
C:\Users\svengoeman\AppData\Local\Temp\hRDUSLU0.exe => Moved successfully.
C:\Users\svengoeman\AppData\Roaming\Other.res => Moved successfully.

==== End of Fixlog ====
  • 0

#6
RKinner
Posted 29 October 2013 - 08:59 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Let's see if there is anything else. Run FRST again but before you hit Scan check the box that says Addition.txt. You will get two logs. Copy and paste both.
  • 0

#7
svengoeman
Posted 29 October 2013 - 12:04 PM

svengoeman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi, I tried several times to generate both logs but I only get the FRST.txt log and not the addition.txt (although I verified each time the "addition" box was ticked before hitting the "scan" button)?

I tried running the FRST application from both the flash drive as well as the local hard drive but same result. Hereunder the FRST.txt log, happy to try an alternative approach to try and generate the addition.txt log?




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by SYSTEM on MINWINPC on 29-10-2013 18:42:57
Running from C:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6956576 2009-01-05] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-01-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [152576 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2185032 2009-10-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AML] - C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe [1101824 2009-03-09] (Sony)
HKLM-x32\...\Run: [BlackBerryAutoUpdate] - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [648536 2010-03-10] (Research In Motion Limited)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-04-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [442896 2013-06-27] (Research In Motion Limited)
HKLM-x32\...\Run: [RIM PeerManager] - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4423168 2013-09-12] (Research In Motion Limited)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-30] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [334848 2008-12-21] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [334848 2008-12-21] (Sony Corporation)
HKU\svengoeman\...\Run: [NSUFloatingUI] - C:\Program Files\Sony\Network Utility\LANUtil.exe [334848 2008-12-21] (Sony Corporation)
HKU\svengoeman\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\svengoeman\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\svengoeman\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-14] (Google Inc.)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-06-27] (Research In Motion Limited)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [361472 2008-12-21] (Sony Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-07] (Sony Corporation)
S2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-09-12] (Apple Inc.)
S2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1283072 2013-09-12] (Research In Motion Limited)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [141344 2009-01-05] (Realtek Semiconductor)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-02-05] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-02-05] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 usnjsvc; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [5184872 2009-01-14] (Sony Corporation)
S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation)
S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 DMICall; C:\Windows\SysWow64\DRIVERS\DMICall.sys [10216 2008-11-24] (Sony Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-28] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-28] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20131025.002\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-15] (McAfee, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20131028.003\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20131028.003\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-09-12] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2008-10-22] (REDC)
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2007-12-12] ()
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMTDIV.SYS [457304 2013-04-24] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 09:40 - 2013-10-28 12:09 - 01956538 _____ (Farbar) C:\FRST64.exe
2013-10-28 22:19 - 2013-10-28 22:19 - 00000000 ____D C:\FRST
2013-10-20 12:14 - 2013-10-20 12:14 - 00000000 ____D C:\Users\svengoeman\AppData\Local\CANON_INC
2013-10-20 12:11 - 2013-10-20 12:11 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\ZoomBrowser EX
2013-10-13 14:02 - 2013-09-22 06:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-13 14:02 - 2013-09-22 06:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-13 14:02 - 2013-09-22 06:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-10-13 14:02 - 2013-09-22 06:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-13 14:02 - 2013-09-22 06:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-10-13 14:02 - 2013-09-22 06:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-13 14:02 - 2013-09-22 06:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-10-13 14:02 - 2013-09-22 06:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-13 14:02 - 2013-09-22 06:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-10-13 14:02 - 2013-09-22 06:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-13 14:02 - 2013-09-22 06:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-13 14:02 - 2013-09-22 06:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-10-13 14:02 - 2013-09-22 06:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-13 14:02 - 2013-09-22 06:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-13 14:02 - 2013-09-22 02:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-13 14:02 - 2013-09-22 02:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-13 14:02 - 2013-09-22 02:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-13 14:02 - 2013-09-22 02:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-13 14:02 - 2013-09-22 02:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-13 14:02 - 2013-09-22 02:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-13 14:02 - 2013-09-22 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-13 14:02 - 2013-09-22 02:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-13 14:02 - 2013-09-22 02:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-13 14:02 - 2013-09-22 02:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-13 14:02 - 2013-09-22 02:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-13 14:02 - 2013-09-22 02:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-13 14:02 - 2013-09-22 02:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-13 14:02 - 2013-09-22 01:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-13 14:01 - 2013-09-22 07:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-13 14:01 - 2013-09-22 07:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-13 14:01 - 2013-09-22 02:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-13 14:01 - 2013-09-22 02:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-13 04:33 - 2013-10-13 04:33 - 00001694 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files\iTunes
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files\iPod
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-12 22:41 - 2013-08-28 23:48 - 02775552 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-12 22:41 - 2013-08-26 19:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-10-12 22:41 - 2013-08-26 19:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-10-12 22:41 - 2013-08-26 19:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-10-12 22:41 - 2013-08-26 19:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-10-12 22:41 - 2013-08-26 18:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-12 22:41 - 2013-08-26 18:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-12 22:41 - 2013-08-26 18:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-12 22:41 - 2013-08-26 18:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-12 22:41 - 2013-08-26 18:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-10-12 22:41 - 2013-08-26 18:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-10-12 22:41 - 2013-08-26 18:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-10-12 22:41 - 2013-08-26 18:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-10-12 22:41 - 2013-08-26 18:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-10-12 22:41 - 2013-08-26 17:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-12 22:41 - 2013-08-26 17:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-12 22:41 - 2013-08-26 17:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-12 22:41 - 2013-08-26 17:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-12 22:41 - 2013-07-31 20:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-12 22:41 - 2013-07-31 19:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-10-12 22:41 - 2013-07-20 02:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 22:41 - 2013-07-20 02:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-12 22:41 - 2013-07-12 01:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-12 22:41 - 2013-07-03 20:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-12 22:41 - 2013-07-03 20:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-12 22:41 - 2013-07-02 18:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-12 22:41 - 2013-07-02 18:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-12 22:41 - 2013-06-28 18:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-12 22:41 - 2013-06-28 18:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-12 22:41 - 2013-06-28 18:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-12 22:41 - 2013-06-28 18:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-12 22:41 - 2013-06-26 15:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-12 22:41 - 2013-06-03 20:16 - 00048128 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-12 22:41 - 2013-06-03 20:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-12 22:41 - 2013-06-03 18:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-12 22:41 - 2013-06-03 17:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-12 22:41 - 2011-05-05 06:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-12 22:41 - 2011-05-05 06:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-09-30 10:39 - 2013-09-30 10:39 - 00000000 ____D C:\Users\svengoeman\Documents\BLACKBERRY-A814
2013-09-30 10:34 - 2013-09-30 10:34 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2013-09-30 10:31 - 2013-09-30 10:31 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\XCPCSync.OEM
2013-09-30 10:19 - 2013-09-30 10:19 - 00000000 ____D C:\Users\svengoeman\AppData\Local\Research In Motion
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 _____ C:\Windows\SysWOW64\out.txt
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 _____ C:\Windows\SysWOW64\err.txt
2013-09-30 10:18 - 2012-12-10 05:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
2013-09-30 10:17 - 2013-09-30 10:17 - 00002132 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2013-09-30 10:11 - 2013-09-30 10:11 - 00381476 _____ C:\Users\svengoeman\AppData\Local\dd_vcredistMSI5C8F.txt
2013-09-30 10:11 - 2013-09-30 10:11 - 00011378 _____ C:\Users\svengoeman\AppData\Local\dd_vcredistUI5C8F.txt

==================== One Month Modified Files and Folders =======

2013-10-29 09:40 - 2009-09-21 23:34 - 01101041 _____ C:\Windows\WindowsUpdate.log
2013-10-29 09:40 - 2009-04-10 10:09 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-29 09:40 - 2006-11-02 07:42 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-29 09:40 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 09:40 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 09:40 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 09:40 - 2006-11-02 04:46 - 00782144 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-29 09:37 - 2010-09-10 10:14 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 09:33 - 2010-09-10 10:14 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-29 09:07 - 2008-01-20 19:26 - 00123342 _____ C:\Windows\PFRO.log
2013-10-28 22:19 - 2013-10-28 22:19 - 00000000 ____D C:\FRST
2013-10-28 12:09 - 2013-10-29 09:40 - 01956538 _____ (Farbar) C:\FRST64.exe
2013-10-25 12:59 - 2009-09-22 00:17 - 00000282 _____ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2013-10-25 01:58 - 2011-05-11 12:50 - 00003706 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B643984-6A2B-45DE-B51A-83D521B35E2D}
2013-10-20 12:14 - 2013-10-20 12:14 - 00000000 ____D C:\Users\svengoeman\AppData\Local\CANON_INC
2013-10-20 12:12 - 2011-07-15 12:04 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\Canon
2013-10-20 12:11 - 2013-10-20 12:11 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\ZoomBrowser EX
2013-10-14 12:05 - 2010-04-24 14:28 - 00000000 ____D C:\Users\svengoeman\AppData\Local\Google
2013-10-14 10:57 - 2006-11-02 07:21 - 00412088 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-14 10:45 - 2010-12-01 12:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-13 14:25 - 2009-09-21 23:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-13 14:06 - 2013-08-19 13:12 - 00000000 ____D C:\Windows\System32\MRT
2013-10-13 14:03 - 2006-11-02 04:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-10-13 04:33 - 2013-10-13 04:33 - 00001694 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files\iTunes
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files\iPod
2013-10-13 04:33 - 2013-10-13 04:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-13 04:28 - 2009-10-01 09:56 - 00000000 ____D C:\users\svengoeman
2013-10-13 03:31 - 2010-09-10 10:14 - 00004060 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 03:31 - 2010-09-10 10:14 - 00003808 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-30 10:39 - 2013-09-30 10:39 - 00000000 ____D C:\Users\svengoeman\Documents\BLACKBERRY-A814
2013-09-30 10:34 - 2013-09-30 10:34 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2013-09-30 10:34 - 2006-11-02 07:27 - 00157238 _____ C:\Windows\setupact.log
2013-09-30 10:31 - 2013-09-30 10:31 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\XCPCSync.OEM
2013-09-30 10:19 - 2013-09-30 10:19 - 00000000 ____D C:\Users\svengoeman\AppData\Local\Research In Motion
2013-09-30 10:19 - 2010-06-05 08:16 - 00000000 ____D C:\Users\svengoeman\AppData\Roaming\Research In Motion
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 _____ C:\Windows\SysWOW64\out.txt
2013-09-30 10:18 - 2013-09-30 10:18 - 00000000 _____ C:\Windows\SysWOW64\err.txt
2013-09-30 10:18 - 2010-09-12 00:17 - 00000000 ____D C:\ProgramData\Research In Motion
2013-09-30 10:17 - 2013-09-30 10:17 - 00002132 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2013-09-30 10:16 - 2010-06-05 08:14 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2013-09-30 10:11 - 2013-09-30 10:11 - 00381476 _____ C:\Users\svengoeman\AppData\Local\dd_vcredistMSI5C8F.txt
2013-09-30 10:11 - 2013-09-30 10:11 - 00011378 _____ C:\Users\svengoeman\AppData\Local\dd_vcredistUI5C8F.txt
2013-09-30 10:11 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

Files to move or delete:
====================
C:\Users\svengoeman\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\svengoeman\AppData\Local\Temp\SkypeSetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

19
Restore point made on: 2013-09-06 22:51:34
Restore point made on: 2013-09-08 02:26:57
Restore point made on: 2013-09-15 00:01:38
Restore point made on: 2013-09-15 06:02:36
Restore point made on: 2013-09-15 07:07:31
Restore point made on: 2013-09-15 07:09:13
Restore point made on: 2013-09-18 12:04:24
Restore point made on: 2013-09-22 09:21:03
Restore point made on: 2013-09-23 14:29:47
Restore point made on: 2013-09-25 13:27:23
Restore point made on: 2013-09-28 10:20:28
Restore point made on: 2013-09-29 00:51:15
Restore point made on: 2013-09-30 10:14:30
Restore point made on: 2013-10-12 22:27:52
Restore point made on: 2013-10-13 04:28:52
Restore point made on: 2013-10-13 13:54:06
Restore point made on: 2013-10-16 12:55:48
Restore point made on: 2013-10-20 06:09:36
Restore point made on: 2013-10-24 23:18:05

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4062.11 MB
Available physical RAM: 3448.71 MB
Total Pagefile: 3788.12 MB
Available Pagefile: 3425.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:358.77 GB) (Free:135.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:13.84 GB) (Free:0.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: D8421184)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=359 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 000865CF)
Partition 1: (Not Active) - (Size=961 MB) - (Type=06)


LastRegBack: 2013-10-29 09:40

==================== End Of Log ============================
  • 0

#8
RKinner
Posted 29 October 2013 - 12:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
I forgot we were using the Recovery console to run it. Try running FRST from within Windows.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

\FRST64.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP