TechSpot

System files integrity check and repair error 0x45d, possible virus

Inactive
By JeffreyG
Mar 14, 2013
  1. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Don't update it then. Can you run it at all?
     
  2. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    Trying, the machine is running like a snail and gets hung up whenever you click on something for a while. I have no access to the internet on that machine and I cannot get things to respond. Took a long time for the machine to start and to do any functions. Do you have any suggestions. Should I try safe mode or is there some other way to do this? Thank you again
     
  3. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Give safe mode a shot.
     
  4. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    Scan says its enumerating the registry so it is going very slowly
     
  5. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Keep it going then.
     
  6. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    Do you have any other suggestions because this virus is essentially preventing the computer from performing any functions. I have to restart since it hung up and I got a black screen. I thought malware was running but I think I only got as far as starting it and then the virus took over and bogged it down and I got not responding along the top? Thank you
     
  7. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    See if safe mode is better.
     
  8. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    I am trying that now. Should I try logging in as a different user or not under the domain but rather the local computer?
     
  9. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    At first try regular account.
     
  10. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    I am trying and it just doesnt seem to want to let me get anything running. I am just totally bogged down in safe mode. The task manager is locked out also. I cannot get into my settings to change the network settings to get online and access anything and I cant get into the control panel. Any suggestions? Thank you
     
  11. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Give me fresh FRST log.
     
     
  12. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    Can I run that at the command prompt or do I need to go into recovery mode?
     
  13. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    You have to boot to System Recovery Options
     
  14. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    See new FRST scan log

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013
    Ran by SYSTEM at 16-03-2013 03:18:02
    Running from G:\
    Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10025576 2011-06-08] (Realtek Semiconductor)
    HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
    HKLM\...\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
    HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [115560 2010-10-29] (Symantec Corporation)
    HKLM\...\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax" [x]
    HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-05-31] (LogMeIn, Inc.)
    HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2010-12-28] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM\...\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [316864 2010-04-09] (Cyber Power Systems, Inc.)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
    HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1016464 2011-09-08] (Carbonite, Inc.)
    HKLM\...\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2643320 2012-10-25] (Intuit Inc. All rights reserved.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
    HKLM\...\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x]
    HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [380088 2012-07-27] (Citrix Systems, Inc.)
    HKLM\...\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-08] (Nuance Communications, Inc.)
    HKLM\...\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-08] (Nuance Communications, Inc.)
    HKLM\...\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [376 2013-03-15] ()
    HKLM\...\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
    HKLM\...\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
    HKLM\...\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
    HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
    HKU\administrator\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-27] (Google Inc.)
    HKU\administrator\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\administrator\...\Run: [Google Update] "C:\Users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-28] (Google Inc.)
    HKU\administrator\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    HKU\drgewirtz\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-27] (Google Inc.)
    HKU\drgewirtz\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\drgewirtz\...\Run: [Google Update] "C:\Users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-28] (Google Inc.)
    HKU\drgewirtz\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    HKU\Office\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-27] (Google Inc.)
    HKU\Office\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\Office\...\Run: [Google Update] "C:\Users\drgewirtz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-28] (Google Inc.)
    HKU\Office\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130
    AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll
    Tcpip\..\Interfaces\{42E0AB8B-0713-409B-8232-95614B27EFCB}: [NameServer]192.168.111.16,192.168.111.1
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
    Startup: C:\Users\drgewirtz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk
    ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
    Startup: C:\Users\drgewirtz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\drgewirtz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Services (Whitelisted) ===================

    2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [284160 2010-12-28] (Advanced Micro Devices, Inc.)
    2 AMD Reservation Manager; "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [140224 2010-06-17] (Advanced Micro Devices)
    2 AMD_RAIDXpert; "C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [122880 2009-03-15] (AMD)
    2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [110592 2009-07-10] (Broadcom Corporation)
    3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [245760 2010-01-25] (Brother Industries, Ltd.)
    2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [3908752 2011-09-08] (Carbonite, Inc. (www.carbonite.com))
    2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-10-29] (Symantec Corporation)
    2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-10-29] (Symantec Corporation)
    3 DMService; C:\Windows\DOWNLO~1\DMService.exe [468368 2011-03-16] (Microsoft ® Corporation)
    2 Hp.Skyroom.Windows.Service; "C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe" -startService [124984 2009-11-20] (Hewlett-Packard)
    3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2010-02-17] (Symantec Corporation)
    2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [635416 2009-06-18] (PDF Complete Inc)
    2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
    2 ppped; "C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe" [918976 2010-04-16] (Cyber Power Systems, Inc.)
    2 QBVSS; "C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe" [1248256 2011-08-19] (Intuit Inc.)
    2 SmcService; "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" [1881368 2010-10-29] (Symantec Corporation)
    4 SNAC; "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" [349512 2010-10-29] (Symantec Corporation)
    2 Symantec AntiVirus; "C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1831024 2010-10-29] (Symantec Corporation)
    2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [149904 2009-12-14] (Microsoft ® Corporation)
    2 rgsender; "c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe" -l logSetup [x]

    ==================== Drivers (Whitelisted) ====================

    0 ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [185912 2009-10-20] (Advanced Micro Devices, Inc)
    3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
    1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-02-14] (Symantec Corporation)
    3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-03-15] (Malwarebytes Corporation)
    3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVENG.SYS [86064 2010-11-01] (Symantec Corporation)
    3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101028.041\NAVEX15.SYS [1371184 2010-11-01] (Symantec Corporation)
    1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2010-10-29] (Symantec Corporation)
    1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [283184 2010-10-29] (Symantec Corporation)
    3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2010-10-29] (Symantec Corporation)
    1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-10-29] (Symantec Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2013-03-11] (Symantec Corporation)
    3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2010-10-29] (Symantec Corporation)
    1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2010-10-29] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    4 LMIRfsClientNP; [x]
    4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [x]
    3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [x]
    1 WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys [x]
    3 WpsHelper; \??\C:\Windows\system32\drivers\WpsHelper.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-03-15 22:39 - 2013-03-15 22:46 - 00000000 ____D C:\Windows\LastGood
    2013-03-15 21:42 - 2013-03-15 22:58 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
    2013-03-15 20:38 - 2013-03-15 22:59 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2013-03-15 08:31 - 2013-03-15 08:31 - 00000000 ____D C:\FRST
    2013-03-13 08:16 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-03-13 08:16 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-03-13 08:16 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-03-13 08:16 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-03-13 08:16 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-03-13 08:16 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-03-13 08:16 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-03-13 08:16 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-03-13 08:16 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-03-13 08:16 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-03-13 08:16 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-03-13 08:16 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-03-13 08:16 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-03-13 08:16 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-03-13 08:16 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-03-13 08:16 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-03-13 07:03 - 2013-03-13 07:03 - 13230080 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Mar 13,2013 11 02 AM).QBB
    2013-03-12 14:23 - 2013-03-12 14:23 - 15859416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
    2013-03-09 08:47 - 2013-03-09 08:47 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2013-03-09 08:47 - 2013-03-09 08:47 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-03-09 08:47 - 2013-03-09 08:47 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-03-09 08:47 - 2013-03-09 08:47 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
    2013-03-08 18:34 - 2013-03-08 18:34 - 00002566 ____A C:\Users\Public\Documents\encryptdoc.pfx
    2013-03-08 09:36 - 2013-03-08 09:36 - 13172736 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Mar 08,2013 12 36 PM).QBB
    2013-03-06 10:32 - 2013-03-06 10:32 - 00000000 ____A C:\Users\drgewirtz\Documents\Nuance Image Printer Writer Port
    2013-03-05 10:12 - 2013-03-05 10:12 - 00000000 _RASH C:\MSDOS.SYS
    2013-03-05 10:12 - 2013-03-05 10:12 - 00000000 _RASH C:\IO.SYS
    2013-02-26 15:13 - 2013-02-26 15:13 - 12996608 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Feb 26,2013 06 12 PM).QBB
    2013-02-21 09:17 - 2013-02-21 09:17 - 00001755 ____A C:\Users\Public\Desktop\iTunes.lnk
    2013-02-21 09:16 - 2013-02-21 09:17 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-02-21 09:16 - 2013-02-21 09:17 - 00000000 ____D C:\Program Files\iTunes
    2013-02-21 09:16 - 2013-02-21 09:16 - 00000000 ____D C:\Program Files\iPod
    2013-02-21 08:36 - 2013-02-21 08:36 - 00000000 ____A C:\t15o.2

    ==================== One Month Modified Files and Folders ========

    2013-03-15 22:59 - 2013-03-15 20:38 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2013-03-15 22:58 - 2013-03-15 21:42 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
    2013-03-15 22:56 - 2009-07-13 20:39 - 00059605 ____A C:\Windows\setupact.log
    2013-03-15 22:46 - 2013-03-15 22:39 - 00000000 ____D C:\Windows\LastGood
    2013-03-15 22:40 - 2009-07-25 04:54 - 00782838 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-03-15 22:12 - 2011-08-30 06:47 - 00000000 ____D C:\Program Files\CyberPower PowerPanel Personal Edition
    2013-03-15 22:12 - 2011-08-24 12:13 - 00000000 ____D C:\Users\drgewirtz\AppData\Roaming\Dropbox
    2013-03-15 22:10 - 2011-01-27 11:06 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-03-15 22:10 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-03-15 21:39 - 2012-04-02 07:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-03-15 21:19 - 2010-10-25 09:58 - 00000000 ____D C:\ProgramData\PDFC
    2013-03-15 21:16 - 2010-11-04 10:45 - 00000000 ____D C:\ProgramData\LogMeIn
    2013-03-15 19:15 - 2010-11-02 10:59 - 00000000 ____D C:\Users\drgewirtz\AppData\Roaming\Noisi
    2013-03-15 19:15 - 2010-10-29 20:39 - 00000000 ___AD C:\users\drgewirtz
    2013-03-15 08:31 - 2013-03-15 08:31 - 00000000 ____D C:\FRST
    2013-03-14 11:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
    2013-03-13 12:10 - 2010-10-25 12:51 - 01499510 ____A C:\Windows\WindowsUpdate.log
    2013-03-13 12:05 - 2010-10-29 08:28 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl
    2013-03-13 12:01 - 2011-01-27 11:06 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-03-13 11:54 - 2011-08-22 07:02 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3576482904-1308803037-2723772800-1000UA.job
    2013-03-13 11:16 - 2010-10-29 20:41 - 00000000 ____D C:\Users\drgewirtz\AppData\Local\PDFC
    2013-03-13 10:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
    2013-03-13 09:16 - 2010-10-29 21:31 - 00002008 ____A C:\Users\drgewirtz\Documents\Default.rdp
    2013-03-13 08:48 - 2010-11-01 18:10 - 00000000 ____D C:\Users\drgewirtz\AppData\Local\Deployment
    2013-03-13 08:47 - 2011-08-24 12:17 - 00000000 ___RD C:\Users\drgewirtz\Dropbox
    2013-03-13 08:40 - 2009-07-13 20:34 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-03-13 08:40 - 2009-07-13 20:34 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-03-13 08:31 - 2011-07-11 13:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-03-13 08:31 - 2010-10-25 10:38 - 00055346 ____A C:\Windows\PFRO.log
    2013-03-13 08:21 - 2010-10-25 09:54 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-03-13 08:18 - 2010-11-02 20:11 - 69796088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-03-13 07:03 - 2013-03-13 07:03 - 13230080 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Mar 13,2013 11 02 AM).QBB
    2013-03-13 03:54 - 2011-08-22 07:02 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3576482904-1308803037-2723772800-1000Core.job
    2013-03-12 14:23 - 2013-03-12 14:23 - 15859416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
    2013-03-12 14:23 - 2012-04-02 07:07 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2013-03-12 14:23 - 2011-05-16 05:00 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2013-03-12 13:33 - 2010-11-03 16:55 - 00000052 ____A C:\Windows\System32\DOErrors.log
    2013-03-12 10:26 - 2012-12-07 08:26 - 00000000 ____D C:\Users\drgewirtz\Documents\pathology project
    2013-03-11 11:51 - 2010-10-29 07:21 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-03-11 11:14 - 2010-10-29 07:22 - 00124976 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
    2013-03-11 11:14 - 2010-10-29 07:22 - 00007456 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
    2013-03-11 11:14 - 2010-10-25 12:55 - 00000000 ____D C:\Program Files\Symantec
    2013-03-09 08:47 - 2013-03-09 08:47 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2013-03-09 08:47 - 2013-03-09 08:47 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-03-09 08:47 - 2013-03-09 08:47 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-03-09 08:47 - 2013-03-09 08:47 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
    2013-03-09 08:47 - 2012-06-07 11:53 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2013-03-09 08:47 - 2010-11-15 11:48 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2013-03-08 18:34 - 2013-03-08 18:34 - 00002566 ____A C:\Users\Public\Documents\encryptdoc.pfx
    2013-03-08 09:36 - 2013-03-08 09:36 - 13172736 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Mar 08,2013 12 36 PM).QBB
    2013-03-08 06:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
    2013-03-06 10:32 - 2013-03-06 10:32 - 00000000 ____A C:\Users\drgewirtz\Documents\Nuance Image Printer Writer Port
    2013-03-05 13:06 - 2010-12-02 11:52 - 00000000 ____D C:\Users\drgewirtz\Documents\Outlook Files
    2013-03-05 10:12 - 2013-03-05 10:12 - 00000000 _RASH C:\MSDOS.SYS
    2013-03-05 10:12 - 2013-03-05 10:12 - 00000000 _RASH C:\IO.SYS
    2013-03-04 21:56 - 2011-08-22 07:03 - 00002352 ____A C:\Users\drgewirtz\Desktop\Google Chrome.lnk
    2013-03-01 07:07 - 2011-07-13 09:31 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleFordrgewirtz.job
    2013-02-28 12:47 - 2012-11-13 06:04 - 00000426 ____A C:\Windows\BRWMARK.INI
    2013-02-28 10:34 - 2012-12-12 15:00 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-02-28 10:34 - 2012-06-01 04:56 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-02-28 10:30 - 2011-09-26 05:38 - 00000000 ____D C:\Users\drgewirtz\Documents\Personal
    2013-02-26 15:13 - 2013-02-26 15:13 - 12996608 ____A C:\Users\drgewirtz\Documents\Jeffrey B Gewirtz, DPM, LLC (Backup Feb 26,2013 06 12 PM).QBB
    2013-02-25 12:55 - 2013-02-08 07:52 - 00000000 ____D C:\Users\drgewirtz\Documents\credentialling
    2013-02-21 15:32 - 2009-07-13 18:04 - 00000522 ____A C:\Windows\win.ini
    2013-02-21 09:17 - 2013-02-21 09:17 - 00001755 ____A C:\Users\Public\Desktop\iTunes.lnk
    2013-02-21 09:17 - 2013-02-21 09:16 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-02-21 09:17 - 2013-02-21 09:16 - 00000000 ____D C:\Program Files\iTunes
    2013-02-21 09:16 - 2013-02-21 09:16 - 00000000 ____D C:\Program Files\iPod
    2013-02-21 09:16 - 2011-08-18 12:22 - 00000000 ____D C:\Program Files\Common Files\Apple
    2013-02-21 09:14 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
    2013-02-21 08:36 - 2013-02-21 08:36 - 00000000 ____A C:\t15o.2
    2013-02-14 09:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-02-14 07:07 - 2009-07-13 20:33 - 00484976 ____A C:\Windows\System32\FNTCACHE.DAT


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 3583.39 MB
    Available physical RAM: 3039.98 MB
    Total Pagefile: 3581.68 MB
    Available Pagefile: 3080.57 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1969.39 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:139.85 GB) (Free:69.27 GB) NTFS
    2 Drive e: (HP_RECOVERY) (Fixed) (Total:7.19 GB) (Free:0.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (GSP1RMCPRFREO_EN_DVD) (CDROM) (Total:2.39 GB) (Free:0 GB) UDF
    4 Drive g: (0704120902) (Removable) (Total:1.92 GB) (Free:0.38 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (SYSTEM) (Fixed) (Total:2 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 149 GB 9 MB
    Disk 1 Online 1968 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: DA7766AF

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 2047 MB 1024 KB
    Partition 2 Primary 139 GB 2048 MB
    Partition 3 Primary 7360 MB 141 GB

    =========================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 2047 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 139 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E HP_RECOVERY NTFS Partition 7360 MB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: A83B35C6

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1967 MB 16 KB

    =========================================================

    Disk: 1
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G 0704120902 FAT Removable 1967 MB Healthy

    =========================================================
    ============================== MBR Partition Table ==================

    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: DA7766AF

    Partition 1:
    =========
    Hex: 80202100071550050008000000F83F00
    Active: YES
    Type: 07 (NTFS)
    Size: 2 GB

    Partition 2:
    =========
    Hex: 0015510507FEFFFF0000400000487B11
    Active: NO
    Type: 07 (NTFS)
    Size: 140 GB

    Partition 3:
    =========
    Hex: 00FEFFFF07FEFFFF0048BB110000E600
    Active: NO
    Type: 07 (NTFS)
    Size: 7 GB

    ==============================
    Partitions of Disk 1:
    ===============
    Disk ID: A83B35C6

    Partition 1:
    =========
    Hex: 800101000E0FA0BF20000000E07F3D00
    Active: YES
    Type: 0E
    Size: 2 GB


    Last Boot: 2013-03-04 21:59

    ==================== End Of Log ============================
     
  15. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Well, the log is clean.
    There was some infection before but it's gone.

    You mentioned "error 0x45d" at the beginning of your topic.
    That's an I/O error so my first suspect would be failing hard drive.

    Run hard drive diagnostics: http://www.bleepingcomputer.com/forums/topic28744.html/page__view__findpost__p__160520
    Make sure, you select tool, which is appropriate for the brand of your hard drive.
    Depending on the program, it'll create bootable floppy, or bootable CD.
    If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
    For Toshiba hard drives, see here: http://storage.toshiba.com/storage-services-support/warranty-support/software-utilities#diagnostic

    Note : If you do not know how to set your computer to boot from CD follow the steps here
     
  16. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    If the hard drive is failing or may still be infected, should I take it out and make it a slave in another computer to run antiviral scans? The computer is under warranty still, do I contact HP for a replacement? Also should I consider trying to re install windows?
     
  17. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    If you had some serious infection it'd show in your last FRST log.
    There is none.

    If you have some important data on that drive I'd suggest slaving it and backup your data first.
    Then run hard drive diagnostic.
    If it fails you surely have to call HP.
    Just to let you know that when I bought my previous desktop (also HP) the hard drive failed after 6 weeks. It happens.
     
  18. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    I just cant believe its the hard drive since its been perfectly fine until the virus prevented me from booting. Are there any programs to use to scan the computer that can bypass my issues. Can anything run from a prompt or be bootable? Since so many functions seem to be stuck I have to believe it has something ot do with the virus and malware on the computer? Your thoughts
     
  19. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    I will have to burn and run the diagnostic tomorrow since I am out of blank discs at home. I have everything I need I think on my carbonite backup. I will slave it and check. I will run the diagnostic. will that log tell you if the drive is still viable or in its way out? I guess I am ok with frying it and reinstalling windows. I that is the quickest solution
     
  20. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    Besides the computer is booting up consistantly without a problem now. Just slow to function
     
  21. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Slow booting + "error 0x45d", as I said run HDD diagnostic.
    That's the very first thing to check.
     
  22. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    The program creates a bootable floppy but I dont own one. Should it be created on a usb drive?
     
  23. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    I realize that maybe I wasnt clear initially. I noticed the error after running system repair at the end of the log. It did not appear on the screen as an error. I only found that message looking for a reason code. I am very confused because I can start he computer totally normally now but there are functions that cannot be launched such as the task manager. There are some things that are not working because I have no internet support and they are trying to launch autoupdates.
    I tried to create a bootable cd with the WD software but it does not allow me to. I am not sure what step to take now. Please advise. Thanks.
     
  24. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    To give you an update, I have the computer running and am currently running the western digital diagnostic test with the computer in safe mode. I can run things in safe mode but still have some functions and apps that dont . I will post the log of the scan as soon as it completes. I am going to try and run malware bytes and dss when this completes in safe mode if possible. or try with networking to get on the internet to update. Thank you again for your help. I get the sense that I have a hidden virus since I had run a recent malware bytes scan as well as symantec endpoint in the background and only had the problem when I shut the computer down the other night and its the first shut down in a couple of days.
     
  25. JeffreyG

    JeffreyG TS Rookie Topic Starter Posts: 62

    Quick test failed with a message that said too many bad sectors. could not get the report because I had no internet connection. I can run it again but assume this means the drive is fried? please advise. Thank you.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.