Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD After Using FixTDSS for Redirect Virus


  • This topic is locked This topic is locked
55 replies to this topic

#1 Mhess2788

Mhess2788

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 16 November 2011 - 12:42 AM

Hello :hello: ,

I am currently having a problem with not being able to reboot into normal or safe mode for Windows 7 Profession. My computer (Dell Latitude D630) was initially infected with the System Restore malware with Redirect. MBAM removed the System Restore Virus (or so I thought), but I was still having issues with the Redirect and IE 8 automatically opening periodically. I tried to run TDSSKiller and it would not open when I clicked on the icon, or running it as Administrator. I then downloaded and ran FixTDSS which worked and asked me to reboot to complete the scan. Upon restarting my computer a BSOD appears with a message that says:

"A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:

***STOP: 0x0000007B (0x80786B58, 0xc0000034, 0x00000000, 0x00000000)”




When trying to run safe mode, the last file to load before the BSOD appears is: “\Windows\ system32\DRIVERS\CLASSPNP.sys”

I opened the advanced boot options again and attempted to restore my computer to an earlier time, but received this message:

“An internal error occurred. The following information might help you resolve the error:
The system cannot find the file specified. (0x80070002)”



I then ran “X:\windows\system32>CHKDSK /F” under command prompt, and this is what was returned:

“The type of the file system is NTFS. Cannot lock current drive. Windows cannot run disk checking on this volume because it is write protected.”



I then ran “X:\windows\system32>sfc /SCANNOW” it returned:

“Beginning system scan. This process will take some time.
There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again.”


After restarting my computer and rerun sfc /SCANNOW, I get the same message.


I unfortunately can not access my MBAM logs to post them :( I really need help please.

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:04 PM

Posted 16 November 2011 - 03:09 PM

:welcome:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Mhess2788

Mhess2788
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 16 November 2011 - 04:59 PM

How do I know If I have a x32 (x86) or x64 system?

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:04 PM

Posted 16 November 2011 - 07:28 PM

Check the Certificate of Authenticity label that should be affixed to the computer, or the computer's documentation.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:04 PM

Posted 16 November 2011 - 07:35 PM

Windows 7 is most likely to be 64bit.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Mhess2788

Mhess2788
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 16 November 2011 - 09:35 PM

Okay, I still can't find it on the label :( So I guess I'll try the 64 bit version

#7 Mhess2788

Mhess2788
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 16 November 2011 - 09:57 PM

Alright, turns out I have an x32 system, because the x64 download didn't work. Here is the file log you requested, thank you for your help!!! and I'm apologize that it took me so long.


Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.8
Ran by SYSTEM at 2011-11-16 20:52:14
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow [849192 2009-09-08] (Trend Micro Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2010-01-07] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1300465858\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)
HKLM\...\Run: [BSDAppUpdater] C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2011-09-18] (Bootstrap Software Development)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Runonce: [FixTDSS] cmd /c start /D "C:\Users\User\Desktop" /B FixTDSS.exe -postboot [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1

================================ Services (Whitelisted) ==================

3 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
2 nicconfigsvc; "C:\Program Files\Dell\QuickSet\NicConfigSvc.exe" [390424 2008-02-22] (Dell Inc.)
2 ntrtscan; "C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe" [1389864 2009-09-04] (Trend Micro Inc.)
2 RetroLauncher; C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe [49152 2003-11-12] (Dantz Development Corporation)
2 Retrospect Helper; "C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe" [110592 2003-11-12] (Dantz Development Corporation)
2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2011-06-21] (Absolute Software Corp.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
3 TMBMServer; "C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe" /service [345352 2009-07-06] (Trend Micro Inc.)
2 tmlisten; "C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe" [1304528 2009-09-04] (Trend Micro Inc.)
3 TmProxy; "C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe" [689416 2009-07-15] (Trend Micro Inc.)

========================== Drivers (Whitelisted) =============

3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [155136 2007-06-25] (Alps Electric Co., Ltd.)
0 FixTDSS; C:\Windows\System32\drivers\FixTDSS.sys [26872 2011-11-15] (Symantec Corporation)
3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
3 netw5v32; C:\Windows\System32\DRIVERS\netw5v32.sys [4231168 2009-07-13] (Intel Corporation)
3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.)
3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.)
2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
2 TmFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [262416 2011-07-12] (Trend Micro Inc.)
2 TmPreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36624 2011-07-12] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.)
2 VSApiNt; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1405720 2011-07-12] (Trend Micro Inc.)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [x]
0 tbrmki; C:\Windows\System32\drivers\etlalkyl.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-11-16 20:51 - 2011-11-16 20:52 - 0000000 ____D C:\FRST
2011-11-15 18:20 - 2011-11-15 18:20 - 1932256 ____A (Symantec Corporation) C:\Users\User\Desktop\FixTDSS.exe
2011-11-15 18:20 - 2011-11-15 18:20 - 0026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2011-11-15 18:20 - 2011-11-15 18:20 - 0000000 ____D C:\Users\User\AppData\Roaming\FixTDSS
2011-11-15 18:18 - 2011-11-15 18:18 - 1564976 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2011-11-15 17:06 - 2011-11-15 17:07 - 0446464 ____A (OldTimer Tools) C:\Users\User\Desktop\TFC.exe
2011-11-15 17:04 - 2011-11-15 17:04 - 0000000 ____D C:\Program Files\Common Files\Java
2011-11-15 17:03 - 2010-04-12 15:29 - 0411368 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2011-11-15 17:03 - 2010-04-12 15:29 - 0153376 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2011-11-15 17:03 - 2010-04-12 15:29 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2011-11-15 17:03 - 2010-04-12 15:29 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2011-11-15 17:02 - 2011-11-15 17:03 - 0003314 ____A C:\Windows\System32\jupdate-1.6.0_20-b02.log
2011-11-15 16:55 - 2011-11-15 16:55 - 0000000 __SHD C:\$RECYCLE.BIN
2011-11-15 14:57 - 2011-11-15 17:10 - 0017408 ____A C:\Windows\System32\rpcnetp.exe
2011-11-15 14:08 - 2011-11-15 16:18 - 0000000 ___SD C:\ComboFix
2011-11-15 14:04 - 2011-11-15 14:04 - 0001304 ____A C:\Users\User\Desktop\Notepad.lnk
2011-11-15 14:00 - 2011-11-15 14:00 - 0001903 ____A C:\Users\User\Desktop\Mozilla Firefox.lnk
2011-11-15 07:23 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2011-11-15 07:23 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2011-11-15 07:23 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-11-15 07:23 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-11-15 07:23 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-11-15 07:23 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2011-11-15 07:23 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2011-11-15 07:23 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2011-11-15 07:11 - 2011-11-15 07:11 - 4294695 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2011-11-15 06:44 - 2011-11-15 06:44 - 0607260 ____R (Swearware) C:\Users\User\Desktop\dds.scr
2011-11-15 06:41 - 2011-11-15 10:35 - 0000470 ____A C:\Users\User\Desktop\defogger_disable.log
2011-11-15 06:41 - 2011-11-15 06:41 - 0000000 ____A C:\Users\User\defogger_reenable
2011-11-15 06:39 - 2011-11-15 06:39 - 0050477 ____A C:\Users\User\Desktop\Defogger.exe
2011-11-15 06:25 - 2011-11-15 06:25 - 1564976 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\Random124.com
2011-11-15 05:40 - 2010-02-11 13:22 - 0002020 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk
2011-11-15 05:40 - 2009-07-13 20:41 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2011-11-15 05:37 - 2011-11-15 05:37 - 0684297 ____A C:\Users\User\Desktop\unhide.exe
2011-11-14 20:43 - 2011-11-14 20:43 - 0002853 ____A C:\Users\User\Desktop\iexplore.PIF
2011-11-14 20:43 - 2011-11-14 20:43 - 0000000 _RASH C:\MSDOS.SYS
2011-11-14 20:43 - 2011-11-14 20:43 - 0000000 _RASH C:\IO.SYS
2011-11-14 20:42 - 2011-11-14 20:42 - 0000000 ____D C:\Windows\PIF
2011-11-14 20:38 - 2011-11-14 20:38 - 1564976 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\lalalaaa.com
2011-11-14 20:27 - 2011-11-14 20:27 - 1008092 ____A C:\Users\User\Desktop\rkill.scr
2011-11-14 20:26 - 2011-11-14 20:26 - 1008092 ____A C:\Users\User\Desktop\rkill.exe
2011-11-14 20:22 - 2011-11-14 20:22 - 1008092 ____A C:\Users\User\Desktop\rkill.com
2011-11-14 20:15 - 2011-11-14 20:15 - 1008092 ____A C:\Users\User\Desktop\iExplore.exe
2011-11-14 20:00 - 2011-10-11 21:40 - 0001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-11-14 20:00 - 2011-09-21 04:14 - 0002479 ____A C:\Users\Public\Desktop\Safari.lnk
2011-11-14 20:00 - 2011-09-21 04:05 - 0001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-11-14 20:00 - 2011-09-20 12:10 - 0001977 ____A C:\Users\Public\Desktop\PSI-Plot.lnk
2011-11-14 20:00 - 2011-07-17 14:52 - 0002170 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-11-14 20:00 - 2011-06-11 05:56 - 0001067 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-14 20:00 - 2011-03-18 08:32 - 0000999 ____A C:\Users\Public\Desktop\AOL Desktop 9.6.lnk
2011-11-14 20:00 - 2011-03-17 13:24 - 0001250 ____A C:\Users\Public\Desktop\ZoomBrowser EX.lnk
2011-11-14 09:09 - 2011-11-14 09:09 - 1564976 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\2788.com
2011-11-14 07:23 - 2011-05-04 00:33 - 0000134 ____A C:\Users\User\Desktop\hosts-perm.bat
2011-11-14 07:13 - 2011-11-14 07:06 - 1008092 ____A C:\Users\User\Desktop\iExplore(2).exe
2011-11-14 06:01 - 2011-11-15 14:56 - 0000000 ____D C:\Windows\ERDNT
2011-11-14 06:00 - 2011-11-15 14:17 - 0000000 ____D C:\Qoobox
2011-11-14 02:02 - 2011-11-14 02:02 - 0002522 ____A C:\Users\User\Desktop\GooredFix.txt
2011-11-14 02:02 - 2011-11-14 02:02 - 0000000 ____D C:\Users\User\Desktop\GooredFix Backups
2011-11-11 23:36 - 2011-11-11 23:36 - 0002310 ____A C:\Users\User\Desktop\Google Chrome.lnk
2011-11-11 23:35 - 2011-11-15 17:40 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806042063-359804937-2374725136-1000UA.job
2011-11-11 23:35 - 2011-11-11 23:40 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806042063-359804937-2374725136-1000Core.job
2011-11-11 18:48 - 2011-11-14 07:31 - 0000961 ____A C:\Users\User\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-11 18:42 - 2011-11-11 18:42 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.51.2.1300.exe
2011-11-11 17:56 - 2011-11-14 08:55 - 0007543 ____A C:\Users\User\Desktop\hijackthis.log
2011-11-11 17:55 - 2011-11-11 17:55 - 0388608 ____A (Trend Micro Inc.) C:\Users\User\Desktop\HiJackThis.exe
2011-11-11 17:11 - 2011-11-15 09:54 - 1605996 ____A C:\Windows\ntbtlog.txt
2011-11-11 13:30 - 2011-11-11 13:30 - 0264495 ____A C:\Users\User\Documents\Image247.jpg

============ 3 Months Modified Files and Folders ===============

2011-11-16 20:52 - 2011-11-16 20:51 - 0000000 ____D C:\FRST
2011-11-15 18:21 - 2010-02-11 13:03 - 0001839 ____A C:\Windows\TMFilter.log
2011-11-15 18:21 - 2010-02-10 15:00 - 1199359 ____A C:\Windows\WindowsUpdate.log
2011-11-15 18:20 - 2011-11-15 18:20 - 1932256 ____A (Symantec Corporation) C:\Users\User\Desktop\FixTDSS.exe
2011-11-15 18:20 - 2011-11-15 18:20 - 0026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2011-11-15 18:20 - 2011-11-15 18:20 - 0000000 ____D C:\Users\User\AppData\Roaming\FixTDSS
2011-11-15 18:18 - 2011-11-15 18:18 - 1564976 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2011-11-15 17:56 - 2011-05-10 13:40 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-11-15 17:40 - 2011-11-11 23:35 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806042063-359804937-2374725136-1000UA.job
2011-11-15 17:17 - 2010-02-10 14:23 - 0774564 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-15 17:17 - 2009-07-13 20:34 - 0012096 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-11-15 17:17 - 2009-07-13 20:34 - 0012096 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-11-15 17:10 - 2011-11-15 14:57 - 0017408 ____A C:\Windows\System32\rpcnetp.exe
2011-11-15 17:10 - 2011-05-10 13:40 - 0000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-11-15 17:10 - 2010-02-11 08:36 - 0058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll
2011-11-15 17:10 - 2010-02-10 14:57 - 1602723840 __ASH C:\hiberfil.sys
2011-11-15 17:10 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-15 17:10 - 2009-07-13 20:39 - 0032996 ____A C:\Windows\setupact.log
2011-11-15 17:07 - 2011-11-15 17:06 - 0446464 ____A (OldTimer Tools) C:\Users\User\Desktop\TFC.exe
2011-11-15 17:04 - 2011-11-15 17:04 - 0000000 ____D C:\Program Files\Common Files\Java
2011-11-15 17:03 - 2011-11-15 17:02 - 0003314 ____A C:\Windows\System32\jupdate-1.6.0_20-b02.log
2011-11-15 17:03 - 2010-02-22 11:03 - 0000000 ____D C:\Program Files\Java
2011-11-15 16:55 - 2011-11-15 16:55 - 0000000 __SHD C:\$RECYCLE.BIN
2011-11-15 16:18 - 2011-11-15 14:08 - 0000000 ___SD C:\ComboFix
2011-11-15 16:18 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2011-11-15 14:57 - 2010-02-11 11:45 - 0062384 ____A C:\Windows\PFRO.log
2011-11-15 14:57 - 2010-02-10 14:58 - 0017408 ____A C:\Windows\System32\rpcnetp.dll
2011-11-15 14:56 - 2011-11-14 06:01 - 0000000 ____D C:\Windows\ERDNT
2011-11-15 14:17 - 2011-11-14 06:00 - 0000000 ____D C:\Qoobox
2011-11-15 14:04 - 2011-11-15 14:04 - 0001304 ____A C:\Users\User\Desktop\Notepad.lnk
2011-11-15 14:00 - 2011-11-15 14:00 - 0001903 ____A C:\Users\User\Desktop\Mozilla Firefox.lnk
2011-11-15 11:42 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2011-11-15 11:42 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Default
2011-11-15 11:25 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2011-11-15 10:35 - 2011-11-15 06:41 - 0000470 ____A C:\Users\User\Desktop\defogger_disable.log
2011-11-15 09:54 - 2011-11-11 17:11 - 1605996 ____A C:\Windows\ntbtlog.txt
2011-11-15 07:11 - 2011-11-15 07:11 - 4294695 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2011-11-15 07:00 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\security
2011-11-15 06:44 - 2011-11-15 06:44 - 0607260 ____R (Swearware) C:\Users\User\Desktop\dds.scr
2011-11-15 06:41 - 2011-11-15 06:41 - 0000000 ____A C:\Users\User\defogger_reenable
2011-11-15 06:41 - 2010-02-10 14:19 - 0000000 ____D C:\users\User
2011-11-15 06:39 - 2011-11-15 06:39 - 0050477 ____A C:\Users\User\Desktop\Defogger.exe
2011-11-15 06:25 - 2011-11-15 06:25 - 1564976 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\Random124.com
2011-11-15 05:37 - 2011-11-15 05:37 - 0684297 ____A C:\Users\User\Desktop\unhide.exe
2011-11-14 21:02 - 2011-05-03 23:50 - 0004628 ____A C:\rkill.log
2011-11-14 20:43 - 2011-11-14 20:43 - 0002853 ____A C:\Users\User\Desktop\iexplore.PIF
2011-11-14 20:43 - 2011-11-14 20:43 - 0000000 _RASH C:\MSDOS.SYS
2011-11-14 20:43 - 2011-11-14 20:43 - 0000000 _RASH C:\IO.SYS
2011-11-14 20:42 - 2011-11-14 20:42 - 0000000 ____D C:\Windows\PIF
2011-11-14 20:38 - 2011-11-14 20:38 - 1564976 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\lalalaaa.com
2011-11-14 20:27 - 2011-11-14 20:27 - 1008092 ____A C:\Users\User\Desktop\rkill.scr
2011-11-14 20:26 - 2011-11-14 20:26 - 1008092 ____A C:\Users\User\Desktop\rkill.exe
2011-11-14 20:22 - 2011-11-14 20:22 - 1008092 ____A C:\Users\User\Desktop\rkill.com
2011-11-14 20:15 - 2011-11-14 20:15 - 1008092 ____A C:\Users\User\Desktop\iExplore.exe
2011-11-14 09:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2011-11-14 09:09 - 2011-11-14 09:09 - 1564976 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\2788.com
2011-11-14 08:55 - 2011-11-11 17:56 - 0007543 ____A C:\Users\User\Desktop\hijackthis.log
2011-11-14 07:31 - 2011-11-11 18:48 - 0000961 ____A C:\Users\User\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-14 07:07 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wfp
2011-11-14 07:06 - 2011-11-14 07:13 - 1008092 ____A C:\Users\User\Desktop\iExplore(2).exe
2011-11-14 07:06 - 2011-10-04 16:15 - 0000000 ____D C:\Program Files\Winamp Detect
2011-11-14 07:06 - 2011-10-04 16:14 - 0000000 ____D C:\Users\User\AppData\Roaming\Winamp
2011-11-14 07:06 - 2011-10-04 16:14 - 0000000 ____D C:\Program Files\Winamp
2011-11-14 07:06 - 2011-06-11 12:09 - 0000000 ____D C:\Users\User\AppData\Roaming\IrfanView
2011-11-14 07:06 - 2011-05-10 14:06 - 0000000 ____D C:\Users\User\AppData\Local\{889F101C-FDD6-41AF-9AE8-826E5AA51D5B}
2011-11-14 07:06 - 2011-05-10 08:27 - 0000000 ____D C:\Users\User\AppData\Local\{BE52A918-B3F1-422B-ADF5-FF014275BF18}
2011-11-14 07:06 - 2011-03-18 08:32 - 0000000 ____D C:\Users\All Users\Viewpoint
2011-11-14 07:06 - 2011-03-18 08:32 - 0000000 ____D C:\ProgramData\Viewpoint
2011-11-14 07:06 - 2011-03-18 08:32 - 0000000 ____D C:\Program Files\Viewpoint
2011-11-14 07:06 - 2011-03-18 08:30 - 0000000 ____D C:\Program Files\AOL Desktop 9.6
2011-11-14 07:06 - 2010-02-16 09:22 - 0000000 ____D C:\Program Files\Mozilla Firefox
2011-11-14 07:06 - 2010-02-11 12:05 - 0000000 ____D C:\Program Files\Trend Micro
2011-11-14 07:06 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2011-11-14 07:06 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2011-11-14 07:05 - 2010-02-16 09:23 - 0000000 ____D C:\Users\User\AppData\Local\Mozilla
2011-11-14 02:02 - 2011-11-14 02:02 - 0002522 ____A C:\Users\User\Desktop\GooredFix.txt
2011-11-14 02:02 - 2011-11-14 02:02 - 0000000 ____D C:\Users\User\Desktop\GooredFix Backups
2011-11-14 01:52 - 2011-05-03 23:47 - 0000031 ____A C:\Users\User\Desktop\hosts
2011-11-11 23:40 - 2011-11-11 23:35 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806042063-359804937-2374725136-1000Core.job
2011-11-11 23:36 - 2011-11-11 23:36 - 0002310 ____A C:\Users\User\Desktop\Google Chrome.lnk
2011-11-11 23:35 - 2011-05-10 13:40 - 0000000 ____D C:\Users\User\AppData\Local\Google
2011-11-11 18:45 - 2011-05-03 23:55 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-11-11 18:42 - 2011-11-11 18:42 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.51.2.1300.exe
2011-11-11 17:55 - 2011-11-11 17:55 - 0388608 ____A (Trend Micro Inc.) C:\Users\User\Desktop\HiJackThis.exe
2011-11-11 13:30 - 2011-11-11 13:30 - 0264495 ____A C:\Users\User\Documents\Image247.jpg
2011-11-11 13:22 - 2009-07-13 20:53 - 0032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-11-10 13:33 - 2011-03-17 13:20 - 0000000 ___RD C:\Users\User\Documents\Important School Stuff, References, Resumes, & Contacts
2011-11-10 13:31 - 2011-03-17 13:19 - 0000000 ____D C:\Users\User\Documents\GCCRI Dr. Yuan
2011-11-06 13:33 - 2011-03-17 13:20 - 0000000 ____D C:\Users\User\Documents\Budget Stuff
2011-11-05 09:33 - 2011-03-17 13:56 - 0000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2011-11-02 11:07 - 2011-10-11 21:36 - 0000000 ____D C:\Program Files\Bonjour
2011-11-02 11:05 - 2011-05-10 14:05 - 0000000 ____D C:\Windows\Minidump
2011-11-02 11:05 - 2011-03-20 09:00 - 0000000 ____D C:\Windows\CheckSur
2011-11-02 11:05 - 2010-02-11 08:34 - 0000000 ____D C:\Windows\System32\Lang
2011-11-02 11:05 - 2009-07-13 23:27 - 0000000 ____D C:\Windows\ShellNew
2011-11-02 11:05 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-11-02 11:05 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\TAPI
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-TW
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\zh-HK
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\tr-TR
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\sv-SE
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\spool
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\pt-BR
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nl-NL
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\nb-NO
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\Msdtc
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ko-KR
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\it-IT
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\he-IL
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fr-FR
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\fi-FI
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\el-GR
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\de-DE
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\ar-SA
2011-11-02 11:05 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2011-11-02 11:04 - 2011-10-11 21:39 - 0000000 ____D C:\Program Files\iTunes
2011-11-02 11:04 - 2011-10-04 16:50 - 0000000 ____D C:\Program Files\Media Widget
2011-11-02 11:04 - 2011-10-04 16:50 - 0000000 ____D C:\Program Files\Common Files\BSD
2011-11-02 11:04 - 2011-10-04 15:48 - 0000000 ____D C:\Users\User\AppData\Roaming\WindSolutions
2011-11-02 11:04 - 2011-09-21 04:14 - 0000000 ____D C:\Program Files\Safari
2011-11-02 11:04 - 2011-09-21 04:05 - 0000000 ____D C:\Program Files\QuickTime
2011-11-02 11:04 - 2011-09-21 04:00 - 0000000 ____D C:\Program Files\Apple Software Update
2011-11-02 11:04 - 2011-06-11 12:09 - 0000000 ____D C:\Program Files\IrfanView
2011-11-02 11:04 - 2011-05-25 18:56 - 0000000 ____D C:\Program Files\Common Files\DivX Shared
2011-11-02 11:04 - 2011-05-25 18:50 - 0000000 ____D C:\Program Files\DivX
2011-11-02 11:04 - 2011-05-25 18:49 - 0000000 ____D C:\Users\All Users\DivX
2011-11-02 11:04 - 2011-05-25 18:49 - 0000000 ____D C:\ProgramData\DivX
2011-11-02 11:04 - 2011-03-18 09:56 - 0000000 ____D C:\Users\All Users\Retrospect
2011-11-02 11:04 - 2011-03-18 09:56 - 0000000 ____D C:\ProgramData\Retrospect
2011-11-02 11:04 - 2011-03-18 09:48 - 0000000 ____D C:\Program Files\Initio
2011-11-02 11:04 - 2011-03-18 08:32 - 0000000 ____D C:\Users\All Users\Macromedia
2011-11-02 11:04 - 2011-03-18 08:32 - 0000000 ____D C:\ProgramData\Macromedia
2011-11-02 11:04 - 2011-03-18 08:30 - 0000000 ____D C:\Program Files\Common Files\aolshare
2011-11-02 11:04 - 2011-03-18 08:30 - 0000000 ____D C:\Program Files\Common Files\AOL
2011-11-02 11:04 - 2011-03-17 13:24 - 0000000 ____D C:\Program Files\Common Files\Canon
2011-11-02 11:04 - 2011-03-17 13:24 - 0000000 ____D C:\Program Files\Canon
2011-11-02 11:04 - 2010-02-22 11:32 - 0000000 ____D C:\Users\User\AppData\Local\Apple
2011-11-02 11:04 - 2010-02-22 11:32 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-11-02 11:04 - 2010-02-22 11:32 - 0000000 ____D C:\ProgramData\Apple Computer
2011-11-02 11:04 - 2010-02-22 11:31 - 0000000 ____D C:\Users\All Users\Apple
2011-11-02 11:04 - 2010-02-22 11:31 - 0000000 ____D C:\ProgramData\Apple
2011-11-02 11:04 - 2010-02-22 11:07 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-11-02 11:04 - 2010-02-22 11:06 - 0000000 ____D C:\Users\All Users\NOS
2011-11-02 11:04 - 2010-02-22 11:06 - 0000000 ____D C:\ProgramData\NOS
2011-11-02 11:04 - 2010-02-18 14:36 - 0000000 ____D C:\Program Files\Common Files\SureThing Shared
2011-11-02 11:04 - 2010-02-18 14:35 - 0000000 ____D C:\Program Files\Common Files\Sonic Shared
2011-11-02 11:04 - 2010-02-18 14:35 - 0000000 ____D C:\Program Files\Common Files\PX Storage Engine
2011-11-02 11:04 - 2010-02-18 14:34 - 0000000 ____D C:\Program Files\Roxio
2011-11-02 11:04 - 2010-02-18 14:34 - 0000000 ____D C:\Program Files\Common Files\Roxio Shared
2011-11-02 11:04 - 2010-02-18 14:28 - 0000000 ____D C:\Users\User\AppData\Local\PowerDVD DX
2011-11-02 11:04 - 2010-02-18 14:26 - 0000000 ____D C:\Users\All Users\CyberLink
2011-11-02 11:04 - 2010-02-18 14:26 - 0000000 ____D C:\ProgramData\CyberLink
2011-11-02 11:04 - 2010-02-18 14:25 - 0000000 ____D C:\Program Files\CyberLink
2011-11-02 11:04 - 2010-02-18 12:52 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2011-11-02 11:04 - 2010-02-16 09:14 - 0000000 ____D C:\Program Files\Microsoft Games
2011-11-02 11:04 - 2010-02-11 13:17 - 0000000 ____D C:\Program Files\DellTPad
2011-11-02 11:04 - 2010-02-11 12:10 - 0000000 ____D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2011-11-02 11:04 - 2010-02-11 08:55 - 0000000 ____D C:\Program Files\Microsoft Works
2011-11-02 11:04 - 2010-02-11 08:55 - 0000000 ____D C:\Program Files\Microsoft Visual Studio
2011-11-02 11:04 - 2010-02-11 08:55 - 0000000 ____D C:\Program Files\Common Files\DESIGNER
2011-11-02 11:04 - 2010-02-11 08:54 - 0000000 ____D C:\Program Files\Microsoft.NET
2011-11-02 11:04 - 2010-02-11 08:51 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-11-02 11:04 - 2010-02-11 08:51 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-11-02 11:04 - 2010-02-11 08:51 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 8
2011-11-02 11:04 - 2010-02-11 08:34 - 0000000 ____D C:\Program Files\Intel
2011-11-02 11:04 - 2010-02-10 14:28 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-11-02 11:04 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\MSBuild
2011-11-02 11:04 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\AppCompat
2011-11-02 11:04 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-02 11:04 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-11-02 11:03 - 2010-02-11 13:16 - 0000000 ____D C:\dell
2011-11-02 11:02 - 2010-02-22 11:15 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-02 11:02 - 2009-07-13 20:56 - 0000000 ____D C:\Windows\System32\winrm
2011-11-02 11:02 - 2009-07-13 20:56 - 0000000 ____D C:\Windows\System32\WCN
2011-11-02 11:02 - 2009-07-13 20:56 - 0000000 ____D C:\Windows\System32\slmgr
2011-11-02 11:02 - 2009-07-13 20:56 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2011-11-02 11:02 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2011-11-02 11:02 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2011-11-02 11:02 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Web
2011-11-02 11:02 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Vss
2011-11-02 11:02 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\spp
2011-11-02 11:02 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\Speech
2011-11-02 11:02 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\SMI
2011-11-02 11:02 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NetworkList
2011-11-02 11:02 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\MUI
2011-11-02 11:02 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\IME
2011-11-02 11:01 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Performance
2011-11-02 11:01 - 2009-07-13 20:34 - 0000000 ____D C:\Windows\ServiceProfiles
2011-11-02 11:01 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\com
2011-11-02 11:01 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Speech
2011-11-02 11:01 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\schemas
2011-11-02 11:01 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Resources
2011-11-02 11:01 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\PLA
2011-11-02 10:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\IME
2011-11-02 10:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Help
2011-11-02 10:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Globalization
2011-11-02 10:56 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Branding
2011-11-02 10:54 - 2011-05-02 08:42 - 0000000 ____D C:\Users\User\Documents\All STMU College classes
2011-11-02 10:54 - 2010-02-22 11:07 - 0000000 ____D C:\Users\User\AppData\Roaming\Macromedia
2011-11-02 10:54 - 2010-02-22 11:07 - 0000000 ____D C:\Users\User\AppData\Roaming\Adobe
2011-11-02 10:54 - 2010-02-16 09:23 - 0000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2011-11-02 10:54 - 2010-02-10 14:19 - 0000000 ____D C:\Users\User\AppData\LocalLow
2011-11-02 10:53 - 2011-09-21 04:12 - 0000000 ____D C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-11-02 10:53 - 2011-09-21 04:12 - 0000000 ____D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-11-02 10:53 - 2011-05-03 23:55 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-02 10:53 - 2011-05-03 23:55 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-02 10:53 - 2011-03-18 08:31 - 0000000 ____D C:\Users\User\AppData\Local\AOL
2011-11-02 10:53 - 2011-03-18 08:30 - 0000000 ____D C:\Users\All Users\AOL
2011-11-02 10:53 - 2011-03-18 08:30 - 0000000 ____D C:\ProgramData\AOL
2011-11-02 10:53 - 2011-03-18 08:25 - 0000000 ____D C:\Users\All Users\AOL Downloads
2011-11-02 10:53 - 2011-03-18 08:25 - 0000000 ____D C:\ProgramData\AOL Downloads
2011-11-02 10:53 - 2010-02-22 11:07 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2011-11-02 10:53 - 2010-02-22 11:07 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2011-11-02 10:53 - 2010-02-22 11:07 - 0000000 ____D C:\Users\All Users\Adobe
2011-11-02 10:53 - 2010-02-22 11:07 - 0000000 ____D C:\ProgramData\Adobe
2011-11-02 10:53 - 2010-02-18 14:36 - 0000000 ____D C:\Users\All Users\Uninstall
2011-11-02 10:53 - 2010-02-18 14:36 - 0000000 ____D C:\ProgramData\Uninstall
2011-11-02 10:53 - 2010-02-18 14:34 - 0000000 ____D C:\Users\All Users\InstallShield
2011-11-02 10:53 - 2010-02-18 14:34 - 0000000 ____D C:\ProgramData\InstallShield
2011-11-02 10:53 - 2009-07-13 23:27 - 0000000 ____D C:\Program Files\Windows Journal
2011-11-02 10:53 - 2009-07-13 23:26 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-11-02 10:53 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-11-02 10:53 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Defender
2011-11-02 10:53 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Windows NT
2011-11-02 10:52 - 2011-08-24 06:18 - 0000000 ____D C:\Program Files\PSI
2011-11-02 10:52 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Reference Assemblies
2011-11-02 10:50 - 2011-10-11 21:39 - 0000000 ____D C:\Program Files\iPod
2011-11-02 10:50 - 2011-05-10 13:40 - 0000000 ____D C:\Program Files\Google
2011-11-02 10:50 - 2010-02-18 14:25 - 0000000 ____D C:\Program Files\InstallShield Installation Information
2011-11-02 10:50 - 2010-02-11 08:51 - 0000000 ____D C:\Program Files\Microsoft Office
2011-11-02 10:49 - 2011-03-18 09:46 - 0000000 ____D C:\Program Files\Dantz
2011-11-02 10:49 - 2010-02-11 13:22 - 0000000 ____D C:\Program Files\Dell
2011-11-02 10:49 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\DVD Maker
2011-11-02 10:49 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2011-11-02 10:48 - 2010-02-22 11:31 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-11-02 10:48 - 2010-02-22 11:07 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2011-11-02 10:47 - 2010-02-22 11:07 - 0000000 ____D C:\Program Files\Adobe
2011-11-02 10:46 - 2010-02-11 08:50 - 0000000 ___RD C:\MSOCache
2011-11-02 10:41 - 2009-07-13 20:56 - 0000000 ____D C:\Windows\DigitalLocker
2011-10-16 01:41 - 2011-03-17 14:14 - 0000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2011-10-14 10:41 - 2011-10-14 10:41 - 0002188 ____A C:\Users\User\Documents\lanl_a_126038_o_f0001.gif
2011-10-12 06:18 - 2009-07-13 20:33 - 0409752 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-12 04:27 - 2010-02-10 14:30 - 48324552 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-10-11 21:40 - 2011-11-14 20:00 - 0001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-10-04 16:51 - 2011-10-04 16:51 - 0000000 ____D C:\Users\User\AppData\Roaming\EurekaLog
2011-10-04 16:51 - 2011-10-04 16:51 - 0000000 ____D C:\Users\User\AppData\Roaming\BSD
2011-10-04 16:51 - 2009-07-13 18:04 - 0000540 ____A C:\Windows\win.ini
2011-10-04 16:50 - 2011-10-04 16:50 - 0000000 ____D C:\Users\All Users\BSD
2011-10-04 16:50 - 2011-10-04 16:50 - 0000000 ____D C:\ProgramData\BSD
2011-10-04 15:50 - 2011-10-04 15:48 - 0000000 ____D C:\Users\All Users\WindSolutions
2011-10-04 15:50 - 2011-10-04 15:48 - 0000000 ____D C:\ProgramData\WindSolutions
2011-10-04 15:48 - 2011-10-04 15:48 - 0001364 ____A C:\Users\User\Desktop\CopyTrans Control Center.lnk
2011-10-04 12:51 - 2011-10-04 12:51 - 1131500 ____A C:\Users\User\Documents\Music.txt
2011-09-30 20:42 - 2011-10-12 03:36 - 5990912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-09-30 18:59 - 2011-10-12 03:36 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-09-27 22:31 - 2011-09-27 22:19 - 0102400 ____A C:\Users\User\Documents\Some properties of integrals and Trig Ident..docx
2011-09-27 11:20 - 2011-09-27 11:20 - 0146800 ____A C:\Windows\Minidump\092711-16879-01.dmp
2011-09-27 11:20 - 2011-05-10 14:05 - 268850299 ____A C:\Windows\MEMORY.DMP
2011-09-26 06:44 - 2011-09-26 06:38 - 0000000 ____D C:\Users\User\Documents\Medical Health
2011-09-25 19:25 - 2011-09-25 19:25 - 0004286 ____A C:\Users\User\Documents\nat870.cur
2011-09-21 09:01 - 2010-02-11 13:08 - 0016896 ____A C:\Windows\cfgall.ini
2011-09-21 04:14 - 2011-11-14 20:00 - 0002479 ____A C:\Users\Public\Desktop\Safari.lnk
2011-09-21 04:05 - 2011-11-14 20:00 - 0001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2011-09-21 03:52 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-09-21 03:44 - 2011-09-21 03:44 - 0187432 ____A C:\Windows\System32\mlfcache.dat
2011-09-21 03:44 - 2010-02-22 11:34 - 0000000 ____D C:\Users\User\AppData\Local\Apple Computer
2011-09-20 12:10 - 2011-11-14 20:00 - 0001977 ____A C:\Users\Public\Desktop\PSI-Plot.lnk
2011-09-18 09:27 - 2011-10-04 16:50 - 2219008 ____A (Bootstrap Development, LLC.) C:\Windows\bsdsetup.dll
2011-09-17 06:45 - 2011-03-17 13:20 - 0000000 ____D C:\Users\User\Documents\Recipes
2011-09-06 12:25 - 2011-09-06 12:25 - 5371780 ____A (Andrew Zhezherun) C:\Users\User\Downloads\WinDjView-1.0.3-Setup.exe
2011-09-05 18:38 - 2011-10-12 03:36 - 2332672 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-08-31 15:00 - 2011-05-07 13:13 - 0022216 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-08-30 20:05 - 2011-08-30 20:05 - 0178536 ____A (Apple Inc.) C:\Windows\System32\dnssdX.dll
2011-08-30 20:05 - 2011-08-30 20:05 - 0083816 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-08-30 20:05 - 2011-08-30 20:05 - 0073064 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-08-30 09:44 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\rescache
2011-08-26 20:43 - 2011-10-12 03:36 - 0571904 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-08-26 20:43 - 2011-10-12 03:36 - 0233472 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-08-22 09:15 - 2011-08-22 09:15 - 0130910 ____A C:\Users\User\Downloads\Q-test table.pdf
2011-08-19 20:38 - 2011-10-12 03:36 - 1230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-19 20:38 - 2011-10-12 03:36 - 0981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-19 20:38 - 2011-10-12 03:36 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-19 20:36 - 2011-10-12 03:36 - 0606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-08-19 20:35 - 2011-10-12 03:36 - 2072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-19 20:35 - 2011-10-12 03:36 - 10990080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-19 20:35 - 2011-10-12 03:36 - 0599552 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-08-19 20:35 - 2011-10-12 03:36 - 0185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-08-19 20:35 - 2011-10-12 03:36 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-19 20:35 - 2011-10-12 03:36 - 0067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-19 20:35 - 2011-10-12 03:36 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-08-19 20:35 - 2011-10-12 03:36 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-19 20:35 - 2011-10-12 03:36 - 0044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-08-19 20:34 - 2011-10-12 03:36 - 0381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-08-19 20:32 - 2011-10-12 03:36 - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-08-19 19:26 - 2011-10-12 03:36 - 0386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

========================= Known DLLs (Whitelisted) ============

[2009-07-13 15:11] - [2009-07-13 17:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 2037.97 MB
Available physical RAM: 1627.2 MB
Total Pagefile: 2037.97 MB
Available Pagefile: 1626.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.31 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:148.61 GB) (Free:87.52 GB) NTFS ==>[OS]
3 Drive f: () (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.35 GB) (Free:0.31 GB) NTFS ==>[Boot]

==========================================================

Last Boot: 2011-11-15 11:59

======================= End Of Log ==========================

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:04 PM

Posted 17 November 2011 - 12:03 AM

Download the enclosed file and save it in the USB drive:

Insert the USB drive in the ailing computer.

Now please enter System Recovery Options.

Run FRST as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

If successful, attempt to boot in Normal Mode.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Mhess2788

Mhess2788
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 17 November 2011 - 12:29 AM

I was able to run FRST as before, and the 'Fix' scan said that it was successful. After this I attempted to boot in Normal mode, but it did not work, the BSOD comes up as before. Here is the Fixlog:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.8)
Ran by SYSTEM at 2011-11-16 23:22:42 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FixTDSS Value deleted successfully.
catchme service deleted successfully.
tbrmki service deleted successfully.
C:\Users\User\Desktop\iExplore(2).exe moved successfully.

==== End of Fixlog ====

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:04 PM

Posted 17 November 2011 - 09:35 AM

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix.exe to the USB drive. (32bit)

Also download the enclosed file and save it in the USB drive.

Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Mhess2788

Mhess2788
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 17 November 2011 - 02:46 PM

Attached File  MBRDUMP.txt   512bytes   7 downloadsFRST Fixlog:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.8)
Ran by SYSTEM at 2011-11-17 13:42:04 R:2
Running from F:\

==============================================


========= F:\MbrFix /drive 0 savembr F:\MBRDUMP.txt =========


========= End of CMD: =========


==== End of Fixlog ====

And Attached is the MBRDUMP file.

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:04 PM

Posted 17 November 2011 - 03:49 PM

Download the enclosed file and save it in the USB drive overwriting the existing one:

Insert the USB drive in the ailing computer.

Now please enter System Recovery Options.

Run FRST as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. It will also create a folder in the flash drive labeled Minidump. Zip that folder and attach it to a reply. If too large, upload the folder here:

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Mhess2788

Mhess2788
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 17 November 2011 - 06:13 PM

Okay, here is the new Fixlog:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.8)
Ran by SYSTEM at 2011-11-17 17:06:18 R:3
Running from F:\

==============================================


========= mkdir F:\Minidump =========


========= End of CMD: =========


========= Copy C:\Windows\Minidump\*.* F:\Minidump =========

C:\Windows\Minidump\051011-23571-01.dmp
C:\Windows\Minidump\073111-17690-01.dmp
C:\Windows\Minidump\092711-16879-01.dmp
3 file(s) copied.

========= End of CMD: =========


==== End of Fixlog ====




Other MBR documents will be attached to your previous post :)

#14 Mhess2788

Mhess2788
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 17 November 2011 - 06:21 PM

Okay, I hope I did this correctly. The Minidump folder created was not a zip so I had to make one. Here it is:

Attached File  MBRminidump.zip   78.07KB   2 downloads

Let know if you got them okay.

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:04 PM

Posted 17 November 2011 - 07:03 PM

These are too old.

Run FRST as you did before, except that this time around remove all checkmarks, but put a check mark on "List drivers MD5", press the Scan button just once and wait.

The tool will make a log on the flashdrive (FRST.txt) please post it to your reply.

At the command prompt also type the following and press Enter:

Copy C:\Windows\ntbtlog.txt F:\

That should copy the bootlog to the flash drive. Have it uploaded if too large here.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users