Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows 7 wont reboot [Solved]

windows 7 toshiba norton power eraser

  • This topic is locked This topic is locked

#1
mjdevo31

mjdevo31

    Member

  • Member
  • PipPip
  • 29 posts

I have a toshiba that recently crapped out. I was online, received a warning from norton that it detected a trojan virus and to either scan, which I should have tried first or download power eraser, which I did. after download it asked for a reboot after that I have a black screen. can you help as Norton techs were clueless. When I start computer now it goes through the toshiba logo and then asks if you want to start windows normally, safe, cmd prompt or safe network. I tried all, the safe mode will go through the driver list and then go black. the cmd prompt goes straight to black. Anyone have these similar issues.


  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi and welcome to Geeks to Go. :)

Lets check if you can get the below to run/create a log for myself to review...

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to a Flash/USB drive.

Note: If the above version of the Farbar Recovery Scan Tool tuns out not to be compatible, merely delete that version and download use this one instead: Farbar Recovery Scan Tool 32-Bit

Then insert the Flash/USB drive into your machine....

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste the contents of the aforementioned notepad file in your next reply.

  • 0

#3
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ran by SYSTEM on MININT-LA98VPQ on 24-05-2014 20:31:52
Running from F:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6156288 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-02-02] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [ApproveItForOfficeSetup] => C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [155648 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2009-01-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2236080 2014-03-10] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\Mario\...\Run: [Google Update] => C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-17] (Google Inc.)
HKU\Mario\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\Mario\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36125760 2013-12-18] (ooVoo LLC)
HKU\Mario\...\Run: [uTorrent] => C:\Users\Mario\AppData\Roaming\uTorrent\uTorrent.exe [1268560 2014-05-13] (BitTorrent Inc.)
HKU\Mario\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe [844976 2014-05-10] (Adobe Systems Incorporated)
HKU\Mario\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
 
==================== Services (Whitelisted) =================
 
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-02-02] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-02-02] (Symantec Corporation)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 NPEService; C:\Users\Mario\Downloads\NPE.exe [3077584 2014-05-21] (Symantec Corporation)
S2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
S2 SITomcat; C:\Program Files (x86)\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe [65536 2003-10-27] (Alexandria Software Consulting)
S2 SITransbase; C:\Program Files (x86)\GM SPO\eSI\Transbase\tbmux32.exe [165376 2001-11-20] (TransAction Software, D 81737 Munich)
S2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3234848 2009-02-02] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [425800 2009-02-02] (Symantec Corporation)
S2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
S2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1832072 2009-02-02] (Symantec Corporation)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2014-03-10] (AVG Secure Search)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [25424 2009-02-02] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [126720 2012-03-28] (Gemalto)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140521.016\eng64.sys [126040 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140521.016\ex64.sys [2099288 2013-08-28] (Symantec Corporation)
S1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-14] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [74752 2013-04-03] (Identive)
S1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [447536 2009-02-02] (Symantec Corporation)
S1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [447536 2009-02-02] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2009-02-02] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482352 2009-02-02] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-02-02] (Symantec Corporation)
S1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2009-02-02] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-09] ()
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2011-01-20] (Symantec Corporation)
S1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-02-02] (Symantec Corporation)
S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-04] (Symantec Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-24 20:31 - 2014-05-24 20:31 - 00000000 ____D () C:\FRST
2014-05-21 18:07 - 2014-05-22 18:40 - 00000000 ____D () C:\NPE
2014-05-21 18:05 - 2014-05-21 18:38 - 00015776 _____ () C:\Windows\PFRO.log
2014-05-21 18:02 - 2014-05-21 18:02 - 03077584 ____N (Symantec Corporation) C:\Users\Mario\Downloads\NPE.exe
2014-05-21 18:02 - 2014-05-21 18:02 - 00000000 ____D () C:\ProgramData\SMR410
2014-05-21 02:23 - 2014-05-21 03:36 - 00000000 ____D () C:\Users\Mario\Desktop\FALL_OF_THE_HOUSE_OF_USHER
2014-05-20 19:08 - 2014-05-21 02:17 - 739713024 ____R () C:\Users\Mario\Desktop\Ethan Frome (1993).avi
2014-05-17 21:00 - 2014-05-19 20:17 - 00008208 _____ () C:\Windows\setupact.log
2014-05-17 21:00 - 2014-05-17 21:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 20:49 - 2014-05-17 21:02 - 367452574 _____ () C:\Users\Mario\Desktop\Justified.S01E13.HDTV.XviD-LOL.avi
2014-05-17 20:30 - 2014-05-17 20:49 - 365834302 _____ () C:\Users\Mario\Desktop\Justified.S01E09.HDTV.XviD-LOL.avi
2014-05-17 20:08 - 2014-05-17 20:30 - 365537384 _____ () C:\Users\Mario\Desktop\Justified.S01E08.HDTV.XviD-LOL.avi
2014-05-17 19:59 - 2014-05-17 20:07 - 365025506 ____R () C:\Users\Mario\Desktop\Justified.S01E07.HDTV.XviD-LOL.avi
2014-05-17 19:39 - 2014-05-17 19:59 - 366684190 _____ () C:\Users\Mario\Desktop\Justified.S01E06.HDTV.XviD-LOL.avi
2014-05-17 19:39 - 2014-05-17 19:45 - 366164094 _____ () C:\Users\Mario\Desktop\Justified.S01E05.HDTV.XviD-XII.avi
2014-05-17 19:32 - 2014-05-17 19:39 - 365547874 _____ () C:\Users\Mario\Desktop\Justified.S01E04.HDTV.XviD-LOL.avi
2014-05-16 18:31 - 2014-05-16 18:58 - 1315870528 _____ () C:\Users\Mario\Desktop\Witness.To.The.Mob.[1998].DVDRip.XviD-BLiTZKRiEG.avi
2014-05-16 18:24 - 2014-05-16 18:25 - 04745984 _____ (Piriform Ltd) C:\Users\Mario\Downloads\ccsetup413.exe
2014-05-15 17:50 - 2014-05-05 20:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-15 17:50 - 2014-05-05 20:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-15 17:50 - 2014-05-05 19:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 17:50 - 2014-05-05 19:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 17:50 - 2014-05-05 19:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-15 17:50 - 2014-05-05 18:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 17:39 - 2014-05-15 17:39 - 00921512 _____ (Oracle Corporation) C:\Users\Mario\Downloads\chromeinstall-7u55.exe
2014-05-15 17:28 - 2014-04-14 16:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-15 17:28 - 2014-04-14 16:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-15 17:28 - 2014-04-14 16:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-15 17:28 - 2014-04-14 16:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-15 17:26 - 2014-05-15 17:28 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-14 18:24 - 2014-05-14 18:24 - 00000000 ____D () C:\Users\Default\AppData\Local\Trusteer
2014-05-14 18:24 - 2014-05-14 18:24 - 00000000 ____D () C:\Users\Default User\AppData\Local\Trusteer
2014-05-14 17:03 - 2014-05-08 22:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-14 17:03 - 2014-05-08 22:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-14 17:03 - 2014-03-24 18:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-14 17:03 - 2014-03-24 18:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:01 - 2014-04-11 18:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-05-14 17:01 - 2014-04-11 18:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2014-05-14 17:01 - 2014-04-11 18:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-05-14 17:01 - 2014-04-11 18:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2014-05-14 17:01 - 2014-04-11 18:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2014-05-14 17:01 - 2014-04-11 18:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2014-05-14 17:01 - 2014-04-11 18:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2014-05-14 17:01 - 2014-04-11 18:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:01 - 2014-03-04 01:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-05-14 17:01 - 2014-03-04 01:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-05-14 17:01 - 2014-03-04 01:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\System32\objsel.dll
2014-05-14 17:01 - 2014-03-04 01:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-05-14 17:01 - 2014-03-04 01:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-05-14 17:01 - 2014-03-04 01:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-05-14 17:01 - 2014-03-04 01:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-05-14 17:01 - 2014-03-04 01:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-05-14 17:01 - 2014-03-04 01:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\wincredprovider.dll
2014-05-14 17:01 - 2014-03-04 01:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-05-14 17:01 - 2014-03-04 01:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\cngprovider.dll
2014-05-14 17:01 - 2014-03-04 01:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\adprovider.dll
2014-05-14 17:01 - 2014-03-04 01:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\capiprovider.dll
2014-05-14 17:01 - 2014-03-04 01:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\dpapiprovider.dll
2014-05-14 17:01 - 2014-03-04 01:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\dimsroam.dll
2014-05-14 17:01 - 2014-03-04 01:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-05-14 17:01 - 2014-03-04 01:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:01 - 2014-03-04 01:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:01 - 2014-03-04 01:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:01 - 2014-03-04 01:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:01 - 2014-03-04 01:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 17:00 - 2014-04-11 18:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-10 19:07 - 2014-05-10 19:07 - 00000000 ___RD () C:\Users\Mario\Desktop\2013-14 Taxes
2014-05-10 09:35 - 2014-05-10 09:35 - 02143381 _____ () C:\Users\Mario\Downloads\IMG_8216 (4).jpeg
2014-05-10 07:15 - 2014-05-10 07:15 - 00000000 __SHD () C:\Users\Mario\AppData\Local\EmieUserList
2014-05-10 07:15 - 2014-05-10 07:15 - 00000000 __SHD () C:\Users\Mario\AppData\Local\EmieSiteList
2014-05-07 17:25 - 2014-03-06 00:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-05-07 17:25 - 2014-03-06 00:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-05-07 17:25 - 2014-03-06 00:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 17:25 - 2014-03-05 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 17:24 - 2014-03-06 01:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-05-07 17:24 - 2014-03-06 00:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-05-07 17:24 - 2014-03-06 00:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-05-07 17:24 - 2014-03-06 00:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-05-07 17:24 - 2014-03-06 00:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-05-07 17:24 - 2014-03-06 00:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-05-07 17:24 - 2014-03-06 00:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-05-07 17:24 - 2014-03-06 00:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-05-07 17:24 - 2014-03-06 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 17:24 - 2014-03-05 23:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-07 17:24 - 2014-03-05 23:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-05-07 17:24 - 2014-03-05 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 17:24 - 2014-03-05 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 17:24 - 2014-03-05 23:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-05-07 17:24 - 2014-03-05 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 17:24 - 2014-03-05 23:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 17:24 - 2014-03-05 23:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-05-07 17:24 - 2014-03-05 23:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 17:24 - 2014-03-05 23:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 17:24 - 2014-03-05 23:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 17:24 - 2014-03-05 22:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 17:23 - 2014-03-06 00:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-05-07 17:23 - 2014-03-06 00:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-05-07 17:23 - 2014-03-06 00:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 17:23 - 2014-03-05 23:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 17:23 - 2014-03-05 21:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-05-07 17:23 - 2014-03-05 21:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 17:22 - 2014-03-06 00:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-05-07 17:22 - 2014-03-06 00:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-07 17:22 - 2014-03-06 00:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-05-07 17:22 - 2014-03-05 23:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 17:22 - 2014-03-05 23:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 17:22 - 2014-03-05 23:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-05-07 17:22 - 2014-03-05 22:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-05-07 17:22 - 2014-03-05 22:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 17:22 - 2014-03-05 22:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 17:22 - 2014-03-05 22:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-05-07 17:22 - 2014-03-05 21:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-05-07 17:22 - 2014-03-05 21:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 17:22 - 2014-03-05 21:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-07 17:21 - 2014-05-15 19:36 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-05-05 17:46 - 2014-05-05 17:46 - 00000000 ____D () C:\Users\Mario\AppData\Local\{09A462D1-48EC-44BA-AE18-CA5434A3DF87}
2014-05-01 16:55 - 2014-05-03 18:55 - 00358552 _____ (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2014-05-01 16:53 - 2014-05-01 16:53 - 00000000 ____D () C:\Users\Mario\AppData\Local\Trusteer
2014-05-01 16:53 - 2014-05-01 16:53 - 00000000 ____D () C:\Program Files (x86)\Trusteer
2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ____D () C:\ProgramData\Trusteer
2014-05-01 16:49 - 2014-05-01 16:49 - 00272664 _____ (Trusteer Ltd.) C:\Users\Mario\Downloads\RapportSetup.exe
 
==================== One Month Modified Files and Folders =======
 
2014-05-24 20:31 - 2014-05-24 20:31 - 00000000 ____D () C:\FRST
2014-05-22 18:40 - 2014-05-21 18:07 - 00000000 ____D () C:\NPE
2014-05-21 18:38 - 2014-05-21 18:05 - 00015776 _____ () C:\Windows\PFRO.log
2014-05-21 18:03 - 2012-11-20 21:58 - 01339920 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 18:03 - 2012-08-13 16:26 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\uTorrent
2014-05-21 18:02 - 2014-05-21 18:02 - 03077584 ____N (Symantec Corporation) C:\Users\Mario\Downloads\NPE.exe
2014-05-21 18:02 - 2014-05-21 18:02 - 00000000 ____D () C:\ProgramData\SMR410
2014-05-21 18:02 - 2012-09-24 16:17 - 00000000 ____D () C:\Users\Mario\AppData\Local\NPE
2014-05-21 18:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\sysprep
2014-05-21 17:29 - 2012-09-24 18:59 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2349173154-2153486983-3080027658-1000UA.job
2014-05-21 17:29 - 2012-09-24 18:59 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2349173154-2153486983-3080027658-1000Core.job
2014-05-21 17:29 - 2011-10-17 08:35 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 17:29 - 2011-10-17 08:35 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 03:36 - 2014-05-21 02:23 - 00000000 ____D () C:\Users\Mario\Desktop\FALL_OF_THE_HOUSE_OF_USHER
2014-05-21 02:17 - 2014-05-20 19:08 - 739713024 ____R () C:\Users\Mario\Desktop\Ethan Frome (1993).avi
2014-05-21 01:33 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-20 19:06 - 2014-04-08 17:37 - 00000000 ____D () C:\Users\Mario\Desktop\LITR221
2014-05-19 20:17 - 2014-05-17 21:00 - 00008208 _____ () C:\Windows\setupact.log
2014-05-17 21:02 - 2014-05-17 20:49 - 367452574 _____ () C:\Users\Mario\Desktop\Justified.S01E13.HDTV.XviD-LOL.avi
2014-05-17 21:00 - 2014-05-17 21:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 20:49 - 2014-05-17 20:30 - 365834302 _____ () C:\Users\Mario\Desktop\Justified.S01E09.HDTV.XviD-LOL.avi
2014-05-17 20:30 - 2014-05-17 20:08 - 365537384 _____ () C:\Users\Mario\Desktop\Justified.S01E08.HDTV.XviD-LOL.avi
2014-05-17 20:07 - 2014-05-17 19:59 - 365025506 ____R () C:\Users\Mario\Desktop\Justified.S01E07.HDTV.XviD-LOL.avi
2014-05-17 19:59 - 2014-05-17 19:39 - 366684190 _____ () C:\Users\Mario\Desktop\Justified.S01E06.HDTV.XviD-LOL.avi
2014-05-17 19:45 - 2014-05-17 19:39 - 366164094 _____ () C:\Users\Mario\Desktop\Justified.S01E05.HDTV.XviD-XII.avi
2014-05-17 19:39 - 2014-05-17 19:32 - 365547874 _____ () C:\Users\Mario\Desktop\Justified.S01E04.HDTV.XviD-LOL.avi
2014-05-17 13:47 - 2012-11-20 20:37 - 00009728 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 13:47 - 2012-11-20 20:37 - 00009728 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 13:42 - 2011-07-25 20:59 - 00000336 _____ () C:\Windows\Tasks\TuneUpMedic_scan_schedule_task_3cdbc06e-a3b8-4e48-9904-ff03ce22e75b.job
2014-05-16 18:58 - 2014-05-16 18:31 - 1315870528 _____ () C:\Users\Mario\Desktop\Witness.To.The.Mob.[1998].DVDRip.XviD-BLiTZKRiEG.avi
2014-05-16 18:25 - 2014-05-16 18:24 - 04745984 _____ (Piriform Ltd) C:\Users\Mario\Downloads\ccsetup413.exe
2014-05-16 18:25 - 2011-01-15 16:20 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-16 18:25 - 2011-01-15 16:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-16 17:40 - 2012-11-20 22:18 - 00000660 __RSH () C:\Users\Mario\ntuser.pol
2014-05-16 17:40 - 2012-11-20 20:41 - 00000000 ____D () C:\users\Mario
2014-05-16 17:40 - 2012-09-23 20:27 - 00000376 ____H () C:\Windows\Tasks\WxDFastUpdaterTask{3BDB104A-A161-445F-A7FA-B134036443A1}.job
2014-05-15 20:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 19:39 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 19:36 - 2014-05-07 17:21 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-05-15 19:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 17:50 - 2011-01-06 21:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 17:39 - 2014-05-15 17:39 - 00921512 _____ (Oracle Corporation) C:\Users\Mario\Downloads\chromeinstall-7u55.exe
2014-05-15 17:38 - 2013-11-08 11:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-15 17:30 - 2013-07-13 12:43 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-15 17:28 - 2014-05-15 17:26 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-15 17:28 - 2008-05-16 06:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-15 17:22 - 2012-11-28 19:15 - 93223848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-05-14 18:24 - 2014-05-14 18:24 - 00000000 ____D () C:\Users\Default\AppData\Local\Trusteer
2014-05-14 18:24 - 2014-05-14 18:24 - 00000000 ____D () C:\Users\Default User\AppData\Local\Trusteer
2014-05-14 17:08 - 2012-09-24 19:02 - 00002380 _____ () C:\Users\Mario\Desktop\Google Chrome.lnk
2014-05-13 18:05 - 2011-06-02 11:06 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Skype
2014-05-12 14:16 - 2012-06-28 20:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-12 13:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-05-10 19:07 - 2014-05-10 19:07 - 00000000 ___RD () C:\Users\Mario\Desktop\2013-14 Taxes
2014-05-10 18:12 - 2012-04-23 17:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-10 18:12 - 2011-05-23 19:52 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-10 09:35 - 2014-05-10 09:35 - 02143381 _____ () C:\Users\Mario\Downloads\IMG_8216 (4).jpeg
2014-05-10 07:15 - 2014-05-10 07:15 - 00000000 __SHD () C:\Users\Mario\AppData\Local\EmieUserList
2014-05-10 07:15 - 2014-05-10 07:15 - 00000000 __SHD () C:\Users\Mario\AppData\Local\EmieSiteList
2014-05-08 22:14 - 2014-05-14 17:03 - 00477184 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-08 22:11 - 2014-05-14 17:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-08 17:24 - 2012-09-24 18:59 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2349173154-2153486983-3080027658-1000UA
2014-05-08 17:24 - 2012-09-24 18:59 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2349173154-2153486983-3080027658-1000Core
2014-05-08 17:24 - 2011-10-17 08:35 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 17:24 - 2011-10-17 08:35 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-05 20:40 - 2014-05-15 17:50 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-05 20:17 - 2014-05-15 17:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-05 19:25 - 2014-05-15 17:50 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 19:07 - 2014-05-15 17:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 19:00 - 2014-05-15 17:50 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-05 18:10 - 2014-05-15 17:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 17:46 - 2014-05-05 17:46 - 00000000 ____D () C:\Users\Mario\AppData\Local\{09A462D1-48EC-44BA-AE18-CA5434A3DF87}
2014-05-05 14:15 - 2009-07-13 20:45 - 00505536 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-05-05 14:14 - 2014-03-04 10:49 - 00000000 ____D () C:\Program Files (x86)\Search-Protect
2014-05-03 18:55 - 2014-05-01 16:55 - 00358552 _____ (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2014-05-01 16:53 - 2014-05-01 16:53 - 00000000 ____D () C:\Users\Mario\AppData\Local\Trusteer
2014-05-01 16:53 - 2014-05-01 16:53 - 00000000 ____D () C:\Program Files (x86)\Trusteer
2014-05-01 16:50 - 2014-05-01 16:50 - 00000000 ____D () C:\ProgramData\Trusteer
2014-05-01 16:49 - 2014-05-01 16:49 - 00272664 _____ (Trusteer Ltd.) C:\Users\Mario\Downloads\RapportSetup.exe
2014-04-30 17:58 - 2013-01-12 13:59 - 00000000 ____D () C:\Users\Mario\Desktop\Resume
 
Some content of TEMP:
====================
C:\Users\Mario\AppData\Local\Temp\94E7.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0520192 ____A (Microsoft Corporation) 424A3C9D3661966C2FE672D9634FCCC4
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-14 03:36:36
Restore point made on: 2014-03-18 03:25:31
Restore point made on: 2014-03-18 23:00:30
Restore point made on: 2014-03-24 22:15:14
Restore point made on: 2014-03-29 00:08:20
Restore point made on: 2014-04-01 17:54:20
Restore point made on: 2014-04-04 19:02:46
Restore point made on: 2014-04-08 15:45:21
Restore point made on: 2014-04-09 16:35:32
Restore point made on: 2014-04-16 18:25:22
Restore point made on: 2014-04-17 20:45:31
Restore point made on: 2014-04-23 15:53:03
Restore point made on: 2014-04-23 16:31:15
Restore point made on: 2014-04-29 14:19:35
Restore point made on: 2014-05-01 16:52:16
Restore point made on: 2014-05-02 18:56:30
Restore point made on: 2014-05-03 13:27:10
Restore point made on: 2014-05-06 17:48:53
Restore point made on: 2014-05-07 17:20:22
Restore point made on: 2014-05-10 06:59:10
Restore point made on: 2014-05-13 18:14:45
Restore point made on: 2014-05-14 18:23:37
Restore point made on: 2014-05-15 17:14:59
Restore point made on: 2014-05-20 17:36:27
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4093.99 MB
Available physical RAM: 3460.28 MB
Total Pagefile: 4092.19 MB
Available Pagefile: 3456.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (SQ004739V04) (Fixed) (Total:289.21 GB) (Free:60.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS
Drive f: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7AB97035)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 981 MB) (Disk ID: 00AC5157)
Partition 1: (Active) - (Size=981 MB) - (Type=06)
 
 
LastRegBack: 2014-05-19 06:50
 
==================== End Of Log ============================

  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :)

Your machine most likely ended up infected from the use of the presently installed peer to peer software uTorrent. I will advise about this further in due course and what you downloaded with it etc.

Anyway lets proceed as follows shall we...

Custom FRST Scan:
  • Now please enter System Recovery Options on your infected machine again and then select Command Prompt.
  • Then run/launch FRST64 again as outlined in my prior post .
  • Type the following in the edit box after "Search:".
rpcss.dll
  • Click on the Search File(s) button/radio tab.
  • Once the search is complete a notepad file named Search.txt will be saved you your usb drive.
  • Post the contents of the aforementioned notepad file in your next reply.

  • 0

#5
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
i will have to get back to you, last night my other computer was also infected, i believe it came while using oovoo again as this computer never had any downloaded torrents.
  • 0

#6
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Farbar Recovery Scan Tool (x64) Version: 24-05-2014 1
Ran by SYSTEM at 2014-05-25 10:40:17
Running from F:\
Boot Mode: Recovery
 
================== Search Files: "rpcss.dll
" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\System32\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0520192 ____A (Microsoft Corporation) 424A3C9D3661966C2FE672D9634FCCC4
 
X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 02:36] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
X:\Windows\System32\rpcss.dll
[2010-11-20 02:36] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
====== End Of Search ======

  • 0

#7
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :)
 

last night my other computer was also infected


Most unfortunate...all sorted now and or do you require any assistance with that machine ?

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save it to your usb drive.

  • Now please enter System Recovery Options on the infected machine again and then select Command Prompt.
  • Run FRST64 again as outlined in my prior post and then press the Fix button just once and wait.
  • The tool will make a log on the usb drive (Fixlog.txt). Please copy and paste the contents of the aforementioned notepad file in your next reply
  • Reboot the machine back into Normal Mode.
Note: This above custom script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Next:

When completed the above, please post back the following in the order asked for:
  • Is you machine able to bootup normally now or not ?
  • Fixlog Log from the Custom Script.

  • 0

#8
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

That worked, it booted up normal, however after the computer booted up the fixfile and text were gone off of my flash drive. The other computer that has the same issue is also a toshiba. Would it work if I did the same procedure to it?


  • 0

#9
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :)
 

That worked, it booted up normal


Good.
 

however after the computer booted up the fixfile and text were gone off of my flash drive.


OK fair play, I will be able to double check anyway via one of the scans below.
 

The other computer that has the same issue is also a toshiba. Would it work if I did the same procedure to it?

Not advisable for the reason I posted prior:-
 

Note: This above custom script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.


I will continue to assist you/work upon the first machine. Then once I give the all clear I will gladly check out the second machine in this topic. Or you could create a new topic seeking assistance for the second machine, either is absolutely fine by me.

The below pertains to the machine we have been working on...

Scan with aswMBR:

Please download aswMBR.exe to your desktop.
  • Right-click on aswMBR.exe and select Run as Administrator to launch the application
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select Yes
  • The Avast! virus definitions database will automatically be downloaded. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once it has downloaded >> ensure the option next to AV scan: >> QuickScan is selected only. It should be by default.
  • Now click on the Scan button to start the scan.
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
  • Click on Exit.
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to your desktop.
  • Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
Next:

When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any further symptoms and or problems encountered ?
  • awsMBR Log.
  • Both FRST Logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#10
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Seems to be running fine at the moment. I ran a full scan and did not detect anything.

Attached Files


  • 0

Advertisements


#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts
Hi. :)
 

Seems to be running fine at the moment.


Good.
 

I ran a full scan and did not detect anything.


Do you mean with the presently installed Symantec Endpoint Protection ? If so fair play, however I would prefer if you made no changes to your machine and or run any scans etc unless advised by myself for the duration of the Malware Removal process. This will make it that bit easier for myself to fully assist you, thank you.

Disable Windows Defender:

Windows Defender at present is active in system memory and there is a chance it will cause a conflict with the installed Symantec Endpoint Protection. The latter if not aware is actually meant to be used on either a Server or Workstation not a home use machine per-say; but since it is a subscription product might as well leave it installed.

Going back to Windows Defender, if left active it will hinder the actual Malware Removal process. Unfortunately it cannot be uninstalled because it is a integral part of the Windows 7 Operating System.

Anyway, how to fully disable the software can be read here.

Java Advice:

There has been a recent severe exploitation of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software, the below is currently all that it is installed Java related:-

Java 7 Update 55

Further infomation can be read here. The aforementioned article will also explain on how to disable the plugins, though my friendly advice would be to uninstall if you do not use anything Java related.

Peer to Peer Advice:

I see µTorrent is installed and Akamai NetSession Interface(which use's P2P technology) If you have used either recently, you can be fairly confident this is a principal reason your computer became infected. Plus everything you have downloaded via P2P I strongly advise you delete then empty the Recycle Bin.

It's really important, if you value your machine at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

My friendly advice would be to uninstall the aforementioned. To be honest I have lost count of the number of machines I have dealt with over the years that became infected due to the use of P2P software...

However if you opt not to...please refrain from using them for the duration of the Malware Removal process, thank you.

Uninstall Software:

Click on Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

Privacy SafeGuard

To do so click once on the above to highlight, then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Custom FRST Script:

It appears you downloaded and in turn ran the scan with FRST from the removable E drive, please move the executable for FRST to the actual desktop of your machine.

Please download the attached fixlist.txt(see below) and save to the desktop.
  • Now right-click on FRST.exe and select Run as Administrator to start FRST.
  • Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
  • Reboot your machine(ensure you do this) when prompted to do so and post the contents of the newly created Fixlog in your next reply.
Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Edited by Dakeyras, 30 May 2014 - 01:09 PM.
Removed DL for another post in topic etc.

  • 0

#12
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

When I try to rt click the frst64 and hit fix it says no fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located


  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts

When I try to rt click the frst64 and hit fix it says no fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located


That is why I advised you move FRST and save the fixlist to your desktop...IE both need to be in the same location on the same drive, which would be:-

C:\Users\Mario\Desktop\FRST64.exe

and

C:\Users\Mario\Desktop\fixlist.txt

Any problems moving and or locating to do so, merely download both again to your desktop as outlined above please. :)
  • 0

#14
mjdevo31

mjdevo31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

C:\Users\Mario\Desktop\ fixlist (2).txt 

 

  C:\Users\Mario\Desktop\ FRST64.exe

 

this is where it says it is located, but everytime I try to run frst its says that fixlist not on same drive.

can we skip this and move to the next machine as this one is running fine now.


  • 0

#15
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,723 posts

can we skip this and move to the next machine as this one is running fine now.


Your machine is still infected and the malware removal process is not completed. Absence of symptoms does not mean that everything is clear.

However this is your choice on how you wish to proceed as the machine is your property after all. Merely let myself know... :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: windows 7, toshiba, norton power eraser

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP