Jump to content


Photo
- - - - -

Is my computer infected


  • This topic is locked This topic is locked
11 replies to this topic

#1 pcdaugs

pcdaugs

    New Member

  • Members
  • Pip
  • 12 posts

Posted 24 March 2014 - 09:42 PM

Hello All,

 

I posted earlier in the month with a drastically infected machine and in the end I decided to reformat the hard drive and start fresh. However I ran in to several problem when starting fresh but getting several blue screens of death that flickered by too quickly to understand the or even read the error screen. After seeing that I started back up in safe mode with networking and ran the Farbar Recovery Tool to get me the log below. Please let me know if you all see something that could be the problem. As far as I know I don't know why I continue to get the blue screen even after starting fresh. Any help would be appreciated.

 

Best Regards,

 

Paul

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Daugs (administrator) on DAUGS-PC on 24-03-2014 21:32:47
Running from C:\Users\Daugs\Downloads
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x626BDE5BD147CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (QR Creator) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2014-03-24]
CHR Extension: (Torrent Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2014-03-24]
CHR Extension: (Google Docs) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]
CHR Extension: (Google Drive) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]
CHR Extension: (YouTube) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24]
CHR Extension: (Google Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24]
CHR Extension: (Backtick) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2014-03-24]
CHR Extension: (MailChimp) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2014-03-24]
CHR Extension: (Pandora) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-03-24]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-03-24]
CHR Extension: (No Name) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-03-24]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-03-24]
CHR Extension: (Google Voice (by Google)) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-03-24]
CHR Extension: (Any.do Extension) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-03-24]
CHR Extension: (Ustream Lounge) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\klpjjhflaaojjogkompcfpoejaneeika [2014-03-24]
CHR Extension: (HootSuite) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-03-24]
CHR Extension: (Evernote Web) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-24]
CHR Extension: (LastPass Vault) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-03-24]
CHR Extension: (Google Wallet) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]
CHR Extension: (Gmail) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-24]
 
==================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys B9384E03479D2506BC924C16A3DB87BC
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 7A4B413614C055935567CF88A9734D38
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB
C:\Windows\System32\Drivers\dfsc.sys 3F1DC527070ACB87E40AFE46EF6DA749
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 7CB7D2B73813CE05C7BC0F5F95D27CEC
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys BBE1BF6D9B661C354D4857D5FADB943B
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys CFDCD8CA87C2A657DEBC150AC35B5E08
C:\Windows\System32\DRIVERS\mrxsmb10.sys 1BEE517B220B7F024F411AEC1571DD5A
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6B2D5FEF385828B6E485C1C90AFB8195
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC8F67289105BF270498095F14963464
C:\Windows\System32\DRIVERS\srv2.sys F773D2ED090B7BAA1C1A034F3CA476C8
C:\Windows\System32\DRIVERS\srvnet.sys 26E84D3649019C3244622E654DFCD75B
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895
C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\System32\DRIVERS\tcpip.sys 912107716BAB424C7870E8E6AF5E07E1
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1
C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-24 21:42 - 2014-03-24 21:18 - 00000000 ____D () C:\Windows\Panther
2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe
2014-03-24 21:32 - 2014-03-24 21:32 - 00019111 _____ () C:\Users\Daugs\Downloads\FRST.txt
2014-03-24 21:32 - 2014-03-24 21:32 - 00000000 ____D () C:\FRST
2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google
2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment
2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.0
2014-03-24 21:23 - 2014-03-24 21:23 - 490975017 _____ () C:\Windows\MEMORY.DMP
2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp
2014-03-24 21:23 - 2014-03-24 21:23 - 00000000 ____D () C:\Windows\Minidump
2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 21:20 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-24 21:20 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-24 21:20 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-03-24 21:20 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-24 21:19 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-24 21:19 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-03-24 21:18 - 2014-03-24 21:20 - 00025650 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 21:18 - 2014-03-24 21:20 - 00000000 ____D () C:\Users\Daugs
2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini
2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery
2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore
2014-03-24 21:18 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-24 21:18 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log
 
==================== One Month Modified Files and Folders =======
 
2014-03-24 23:17 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 23:17 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 23:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 23:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-03-24 21:42 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-03-24 21:42 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe
2014-03-24 21:32 - 2014-03-24 21:32 - 00019111 _____ () C:\Users\Daugs\Downloads\FRST.txt
2014-03-24 21:32 - 2014-03-24 21:32 - 00000000 ____D () C:\FRST
2014-03-24 21:27 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google
2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment
2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.0
2014-03-24 21:23 - 2014-03-24 21:23 - 490975017 _____ () C:\Windows\MEMORY.DMP
2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp
2014-03-24 21:23 - 2014-03-24 21:23 - 00000000 ____D () C:\Windows\Minidump
2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 21:20 - 2014-03-24 21:18 - 00025650 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 21:20 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs
2014-03-24 21:18 - 2014-03-24 21:42 - 00000000 ____D () C:\Windows\Panther
2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini
2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery
2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore
2014-03-24 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-03-24 21:18 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-24 20:47 - 2009-07-13 23:51 - 00021690 _____ () C:\Windows\setupact.log
2014-03-24 20:47 - 2009-07-13 23:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log
2014-03-24 20:45 - 2009-07-13 23:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2014-03-24 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-24 20:43 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\CSC
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {0a7cb8b4-b3c7-11e3-9b1e-814c7fe8d58b}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {0a7cb8b4-b3c7-11e3-9b1e-814c7fe8d58b}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b}
device                  ramdisk=[C:]\Recovery\0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b\Winre.wim,{0a7cb8b7-b3c7-11e3-9b1e-814c7fe8d58b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b\Winre.wim,{0a7cb8b7-b3c7-11e3-9b1e-814c7fe8d58b}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {0a7cb8b4-b3c7-11e3-9b1e-814c7fe8d58b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {0a7cb8b7-b3c7-11e3-9b1e-814c7fe8d58b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\0a7cb8b6-b3c7-11e3-9b1e-814c7fe8d58b\boot.sdi
 
 
 
LastRegBack: 2014-03-24 20:42
 
==================== End Of Log ============================


#2 Andro1d

Andro1d

    Trusted Advisor

  • Trusted Advisors
  • PipPip
  • 91 posts
  • Gender:Male

Posted 02 April 2014 - 11:34 PM

Hi pcdaugs,

Are you still in need of assistance?

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is always free, but if I have helped you, please consider making a donation to help me continue in the fight against Malware!
donate_4.gif


#3 pcdaugs

pcdaugs

    New Member

  • Members
  • Pip
  • 12 posts

Posted 03 April 2014 - 09:20 AM

Yes I am if I start the computer normally it shuts down 5 to 10 minutes after being started. Thus is after reformatting the hard drive and reinstalling. Any help would be great!

I well be home tonight to work on it.

Thanks,

Paul

#4 Andro1d

Andro1d

    Trusted Advisor

  • Trusted Advisors
  • PipPip
  • 91 posts
  • Gender:Male

Posted 03 April 2014 - 09:15 PM

Hi Paul,

We are currently studying your log and will be back to you as soon as possible. Thank you for your patience.

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is always free, but if I have helped you, please consider making a donation to help me continue in the fight against Malware!
donate_4.gif


#5 Andro1d

Andro1d

    Trusted Advisor

  • Trusted Advisors
  • PipPip
  • 91 posts
  • Gender:Male

Posted 07 April 2014 - 11:48 AM

Hi Paul,

Please follow the Instructions HERE and post the requested logs. Please make sure to copy and paste the logs into your post as opposed to attaching them. Please also make sure to run them in Normal mode if possible.
 

However I ran in to several problem when starting fresh but getting several blue screens of death that flickered by too quickly to understand the or even read the error screen.

You can follow the instructions below to prevent your computer from automatically restarting. Now if you get a BSOD again, you should be able to see it. Please post the exact error message you get in your next response. Since you were having some problems restarting before and after the reformat, it also could be a hardware issue since the problem persists.
http://pcsupport.abo...t-windows-7.htm

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is always free, but if I have helped you, please consider making a donation to help me continue in the fight against Malware!
donate_4.gif


#6 pcdaugs

pcdaugs

    New Member

  • Members
  • Pip
  • 12 posts

Posted 07 April 2014 - 02:23 PM

Hello Andro1d,

 

I will do as you prescribe tonight and post the logs. Thank you for the help.

 

Best Regards,

 

Paul



#7 Andro1d

Andro1d

    Trusted Advisor

  • Trusted Advisors
  • PipPip
  • 91 posts
  • Gender:Male

Posted 13 April 2014 - 09:06 PM

Hi Paul,

Any update?

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is always free, but if I have helped you, please consider making a donation to help me continue in the fight against Malware!
donate_4.gif


#8 pcdaugs

pcdaugs

    New Member

  • Members
  • Pip
  • 12 posts

Posted 16 April 2014 - 10:01 PM

Here is the log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by Daugs (administrator) on DAUGS-PC on 16-04-2014 21:58:49
Running from C:\Users\Daugs\Downloads
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Farbar) C:\Users\Daugs\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x626BDE5BD147CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (QR Creator) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2014-03-24]
CHR Extension: (Torrent Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2014-03-24]
CHR Extension: (Google Docs) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]
CHR Extension: (Google Drive) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]
CHR Extension: (YouTube) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24]
CHR Extension: (Google Search) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24]
CHR Extension: (Backtick) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2014-03-24]
CHR Extension: (MailChimp) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2014-03-24]
CHR Extension: (Pandora) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-03-24]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-03-24]
CHR Extension: (No Name) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-03-24]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-03-24]
CHR Extension: (Google Voice (by Google)) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-03-24]
CHR Extension: (Any.do Extension) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-03-24]
CHR Extension: (Ustream Lounge) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\klpjjhflaaojjogkompcfpoejaneeika [2014-03-24]
CHR Extension: (HootSuite) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-03-24]
CHR Extension: (Evernote Web) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-03-24]
CHR Extension: (LastPass Vault) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-03-24]
CHR Extension: (Google Wallet) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]
CHR Extension: (Gmail) - C:\Users\Daugs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-24]
 
==================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-16 21:58 - 2014-04-16 21:58 - 02158592 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64 (1).exe
2014-04-16 21:56 - 2014-04-16 21:56 - 00286760 _____ () C:\Windows\Minidump\041614-21855-01.dmp
2014-04-16 21:15 - 2014-04-16 21:15 - 00291976 _____ () C:\Windows\Minidump\041614-22479-01.dmp
2014-03-24 21:46 - 2014-03-24 21:46 - 00000320 _____ () C:\Windows\PFRO.log
2014-03-24 21:42 - 2014-03-24 21:18 - 00000000 ____D () C:\Windows\Panther
2014-03-24 21:33 - 2014-03-24 21:33 - 00017547 _____ () C:\Users\Daugs\Downloads\Shortcut.txt
2014-03-24 21:33 - 2014-03-24 21:33 - 00007613 _____ () C:\Users\Daugs\Downloads\Addition.txt
2014-03-24 21:32 - 2014-04-16 21:58 - 00006549 _____ () C:\Users\Daugs\Downloads\FRST.txt
2014-03-24 21:32 - 2014-04-16 21:58 - 00000000 ____D () C:\FRST
2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe
2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google
2014-03-24 21:25 - 2014-03-24 21:26 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment
2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.0
2014-03-24 21:23 - 2014-04-16 21:56 - 409689897 _____ () C:\Windows\MEMORY.DMP
2014-03-24 21:23 - 2014-04-16 21:56 - 00000000 ____D () C:\Windows\Minidump
2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp
2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 21:20 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-24 21:20 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-24 21:20 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-03-24 21:20 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-24 21:19 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-24 21:19 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-03-24 21:18 - 2014-03-24 21:40 - 00027947 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 21:18 - 2014-03-24 21:20 - 00000000 ____D () C:\Users\Daugs
2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini
2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery
2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore
2014-03-24 21:18 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-24 21:18 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log
 
==================== One Month Modified Files and Folders =======
 
2014-04-16 21:58 - 2014-04-16 21:58 - 02158592 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64 (1).exe
2014-04-16 21:58 - 2014-03-24 21:32 - 00006549 _____ () C:\Users\Daugs\Downloads\FRST.txt
2014-04-16 21:58 - 2014-03-24 21:32 - 00000000 ____D () C:\FRST
2014-04-16 21:58 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 21:58 - 2009-07-13 23:45 - 00013616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 21:56 - 2014-04-16 21:56 - 00286760 _____ () C:\Windows\Minidump\041614-21855-01.dmp
2014-04-16 21:56 - 2014-03-24 21:23 - 409689897 _____ () C:\Windows\MEMORY.DMP
2014-04-16 21:56 - 2014-03-24 21:23 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 21:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 21:56 - 2009-07-13 23:51 - 00021858 _____ () C:\Windows\setupact.log
2014-04-16 21:15 - 2014-04-16 21:15 - 00291976 _____ () C:\Windows\Minidump\041614-22479-01.dmp
2014-03-24 23:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-03-24 21:46 - 2014-03-24 21:46 - 00000320 _____ () C:\Windows\PFRO.log
2014-03-24 21:42 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-03-24 21:42 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-03-24 21:40 - 2014-03-24 21:18 - 00027947 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 21:33 - 2014-03-24 21:33 - 00017547 _____ () C:\Users\Daugs\Downloads\Shortcut.txt
2014-03-24 21:33 - 2014-03-24 21:33 - 00007613 _____ () C:\Users\Daugs\Downloads\Addition.txt
2014-03-24 21:32 - 2014-03-24 21:32 - 02157056 _____ (Farbar) C:\Users\Daugs\Downloads\FRST64.exe
2014-03-24 21:27 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-24 21:26 - 2014-03-24 21:26 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Google
2014-03-24 21:26 - 2014-03-24 21:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-24 21:25 - 2014-03-24 21:25 - 00008224 _____ () C:\Users\Daugs\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-24 21:25 - 2014-03-24 21:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Deployment
2014-03-24 21:25 - 2014-03-24 21:25 - 00000000 ____D () C:\Users\Daugs\AppData\Local\Apps\2.0
2014-03-24 21:23 - 2014-03-24 21:23 - 00288152 _____ () C:\Windows\Minidump\032414-30076-01.dmp
2014-03-24 21:20 - 2014-03-24 21:20 - 00001443 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-24 21:20 - 2014-03-24 21:20 - 00001409 _____ () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 21:20 - 2014-03-24 21:20 - 00000000 ___RD () C:\Users\Daugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 21:20 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs
2014-03-24 21:18 - 2014-03-24 21:42 - 00000000 ____D () C:\Windows\Panther
2014-03-24 21:18 - 2014-03-24 21:18 - 00000020 ___SH () C:\Users\Daugs\ntuser.ini
2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 __SHD () C:\Recovery
2014-03-24 21:18 - 2014-03-24 21:18 - 00000000 ____D () C:\Users\Daugs\AppData\Local\VirtualStore
2014-03-24 21:18 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-03-24 21:18 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-24 20:47 - 2009-07-13 23:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 20:45 - 2014-03-24 20:45 - 00001313 _____ () C:\Windows\TSSysprep.log
2014-03-24 20:45 - 2009-07-13 23:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2014-03-24 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-24 20:43 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\CSC
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-24 20:42
 
==================== End Of Log ============================


#9 Andro1d

Andro1d

    Trusted Advisor

  • Trusted Advisors
  • PipPip
  • 91 posts
  • Gender:Male

Posted 17 April 2014 - 09:02 AM

Hi Paul,

I am not seeing anything in your log.

Are you still getting the BSODs? If you are, you should now be able to post the full error message if you turned off Automatic Restart.

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is always free, but if I have helped you, please consider making a donation to help me continue in the fight against Malware!
donate_4.gif


#10 pcdaugs

pcdaugs

    New Member

  • Members
  • Pip
  • 12 posts

Posted 17 April 2014 - 04:50 PM

Hello Andro1d,

 

I think I might have gotten this figured out, time will tell. I went into the BIOS and reset all of the defaults. Now my system is starting and staying on with out the BSODs. I was able to run the computer and work on it for over 2 hours before shutting down last night. I am not sure why this worked but as you noted my log for the desktop doesn't seem to have anything wrong with it.

 

Thank you for your help and I will certainly let others know about the help that is on this website. I also made sure I have an anti-virus product on my computer and I download the premium malwarebytes product and have that running daily.

 

Thank You,

 

Paul



#11 Andro1d

Andro1d

    Trusted Advisor

  • Trusted Advisors
  • PipPip
  • 91 posts
  • Gender:Male

Posted 21 April 2014 - 08:01 AM

Glad I was able to help pcdaugs!

Please use the following suggestions to help prevent reinfection.

It's time to remove some of the tools that we used, if not already deleted, and any logs they produced:
Farbar Recovery Scan Tool

The following is a list of tools and utilities that I like to suggest to people to help keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.

FileHippo.com Update Checker - Stay up to date on all of your applications with this powerful tool that will scan, detect, check, and secure the applications installed on your computer.

WOT Web of Trust - Warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory.

MVPS Hosts file - This handy download replaces your current HOSTS file with one containing well known ad sites and other bad/malicous sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

TFC Cleaner - Great tool to help speed up your computer and knock out malware that like to reside in temporary folders.

Firewall A firewall is very important program in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend enabling Windows built in firewall.
**Tutorial on enabling Windows Firewall can be found HERE**

Internet Browser - Internet Explorer is not the safest nor the fastest internew browser anymore. There are way better alternatives out there that are faster, more secure, and have many more useful features. I recommend Opera or Google Chrome

It is important to run only one of each type of protection program in active scanning mode at a time since conflicts can make them less effective. Let me know if you have any questions about this. I will be more then happy to clarify anything that is confusing.

Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.

Finally, I strongly recommend action-smiley-036.gifHow did I get infected in the first place? (by Tony Klein)

Good luck and safe surfing :)

CompTIA A+ Certified IT Technician
If I haven't replied in 48 hours, please send me a friendly PM.
My help is always free, but if I have helped you, please consider making a donation to help me continue in the fight against Malware!
donate_4.gif


#12 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,497 posts
  • Gender:Male
  • Location:US

Posted Today, 03:49 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users