Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c0000135 Error after trojan removal by MSE

Started by crackerjax , Apr 28 2012 01:28 PM

  • This topic is locked This topic is locked
3 replies to this topic

#1 crackerjax

crackerjax

    New Member

  • Members
  • Pip
  • 1 posts

Posted 28 April 2012 - 01:28 PM

I have had some obvious malware on this MacBook Pro when most Google searches would be redirected and lots of popups on any other site. Installed the April 2012 Malicious Software Removal Tool via Windows Update and got Microsoft Security Essentials to install, update, and remove 4 trojans. It asked for a restart and now the best I can do is get to a command prompt in System Recovery. dds.scr wouldn't run in this limited boot mode. No system restore points, but absolutely no data of use on this windows install. Windows 7 x64. Here is the log I got from FRST64:

Scan result of Farbar Recovery Scan Tool Version: 27-04-2012
Ran by SYSTEM at 28-04-2012 14:09:47
Running from F:\
Windows 7 Professional   (X64) OS Language: English(US) 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8114720 2010-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2010-01-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe [740152 2010-11-11] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2010-01-05] (NVIDIA Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [FtLnSOP_setup] C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe [143360 2010-02-07] (PFU LIMITED)
HKLM-x32\...\Run: [NPSStartup]  [x]
HKLM-x32\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Macbook Pro\...\Run: [Google Update] "C:\Users\Macbook Pro\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Macbook Pro\...\Run: [Akamai NetSession Interface] "C:\Users\Macbook Pro\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\Macbook Pro\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-25] (Valve Corporation)
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [223544 2010-11-11] ()
2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [110904 2010-01-16] (Apple Inc.)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [658432 2009-12-09] (Macrovision Europe Ltd.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
0 AppleHFS; C:\Windows\System32\Drivers\AppleHFS.sys [69688 2010-11-11] (Apple Inc.)
0 AppleMNT; C:\Windows\System32\Drivers\AppleMNT.sys [14392 2010-11-11] (Apple Inc.)
3 applemtm; C:\Windows\System32\Drivers\applemtm.sys [12288 2010-10-14] (Apple Inc.)
3 applemtp; C:\Windows\System32\Drivers\applemtp.sys [38912 2010-10-14] (Apple Inc.)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-01] (HTC, Corporation)
3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [18432 2009-07-22] (Apple Inc.)
2 KeyAgent; C:\Windows\System32\Drivers\KeyAgent.sys [15928 2010-11-11] (Apple Inc.)
3 KeyMagic; C:\Windows\System32\Drivers\KeyMagic.sys [29184 2009-07-22] (Apple Inc.)
2 MacHALDriver; C:\Windows\System32\Drivers\MacHALDriver.sys [21048 2010-11-11] (Apple Inc.)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 mcdbus; C:\Windows\SysWow64\Drivers\mcdbus.sys [255552 2009-02-24] (MagicISO, Inc.)
3 MSDV; C:\Windows\System32\Drivers\MSDV.sys [61440 2009-07-13] (Microsoft Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvmfdx64.sys [1495456 2009-07-22] (NVIDIA Corporation)
3 nvsmu; C:\Windows\System32\Drivers\nvsmu.sys [27680 2009-07-22] (NVIDIA Corporation)
3 pneteth; C:\Windows\System32\Drivers\pneteth.sys [15360 2011-07-19] (June Fabrics Technology Inc.)
3 SWNC8U12; C:\Windows\System32\Drivers\SWNC8U12.sys [280064 2009-07-22] (Sierra Wireless Inc.)
3 swumx12; C:\Windows\System32\Drivers\swumx12.sys [199552 2009-07-22] (Sierra Wireless Inc.)
3 TFsExDisk; C:\Windows\System32\Drivers\TFsExDisk.sys [16448 2010-06-14] (Teruten Inc)
3 TFsExDisk; C:\Windows\SysWow64\Drivers\TFsExDisk.sys [16448 2010-06-14] (Teruten Inc)
1 aokcimzw; \??\C:\Windows\system32\drivers\aokcimzw.sys [x]
1 bbdoogpr; \??\C:\Windows\system32\drivers\bbdoogpr.sys [x]
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]
3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [x]
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]
3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]
3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]
1 ofdpzxia; \??\C:\Windows\system32\drivers\ofdpzxia.sys [x]
3 SWUMX20; C:\Windows\System32\DRIVERS\swumx20.sys [x]
1 trytecng; \??\C:\Windows\system32\drivers\trytecng.sys [x]
1 zqlpllle; \??\C:\Windows\system32\drivers\zqlpllle.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-28 07:15 - 2012-04-25 15:44 - 0330900 ____A C:\Users\Macbook Pro\Downloads\Titan.Quest.v1.30.NO-DVD_CRKEXE-FFF.rar
2012-04-28 07:10 - 2011-11-15 17:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-28 07:10 - 2011-11-15 17:29 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-28 07:10 - 2009-07-13 17:16 - 0657024 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-28 07:03 - 2012-03-23 09:41 - 12621696 ____A (Microsoft Corporation) C:\Users\Macbook Pro\Downloads\mseinstall.exe
2012-04-28 07:03 - 2009-07-13 21:37 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-28 07:02 - 2011-03-04 08:04 - 0368252 ____A C:\Windows\ntbtlog.txt
2012-04-28 06:42 - 2009-07-13 20:45 - 0000168 ____A C:\Windows\setupact.log
2012-04-28 06:07 - 2012-04-25 15:53 - 0309248 ____A (Renan) C:\Users\Macbook Pro\Desktop\Titan_Quest_v1.30.exe
2012-04-28 06:00 - 2012-04-28 07:15 - 0309867 ____A C:\Users\Macbook Pro\Downloads\Titan_Quest_v1.30.zip
2012-04-28 06:00 - 2012-04-28 06:00 - 1015928 ____A C:\Users\Macbook Pro\Downloads\Titan_Quest_V1.30r2_+_8_Trainer.rar
2012-04-28 06:00 - 2012-04-28 06:00 - 1015928 ____A C:\Users\Macbook Pro\Downloads\Titan_Quest_V1.30r2_+_8_Trainer (1).rar
2012-04-25 16:56 - 2011-03-04 10:12 - 0000000 ____D C:\Users\Macbook Pro\Documents\My Games
2012-04-25 15:53 - 2010-06-22 12:32 - 0000220 ____A C:\Users\Macbook Pro\Desktop\Titan Quest.url
2012-04-25 15:46 - 2012-04-28 06:42 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-25 15:46 - 2009-07-13 20:54 - 0000925 ____A C:\Users\Public\Desktop\Steam.lnk
2012-04-25 15:44 - 2012-03-23 19:12 - 1606656 ____A C:\Users\Macbook Pro\Downloads\SteamInstall.msi


============ 3 Months Modified Files and Folders =============

2012-04-28 14:10 - 2012-04-28 14:09 - 0000000 ____D C:\FRST
2012-04-28 09:42 - 2012-04-28 07:02 - 0368252 ____A C:\Windows\ntbtlog.txt
2012-04-28 07:22 - 2009-12-06 23:26 - 1407073 ____A C:\Windows\WindowsUpdate.log
2012-04-28 07:15 - 2012-04-28 07:15 - 0330900 ____A C:\Users\Macbook Pro\Downloads\Titan.Quest.v1.30.NO-DVD_CRKEXE-FFF.rar
2012-04-28 07:15 - 2009-07-13 20:45 - 0015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-28 07:15 - 2009-07-13 20:45 - 0015040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-28 07:13 - 2009-07-13 21:13 - 0643178 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-28 07:10 - 2012-04-28 07:10 - 0657024 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-28 07:10 - 2012-04-28 07:10 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-28 07:10 - 2012-04-28 07:10 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-28 07:10 - 2012-04-28 07:03 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-28 07:09 - 2012-04-25 15:46 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-28 07:06 - 2012-03-12 03:21 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-28 07:05 - 2012-04-28 06:42 - 0000168 ____A C:\Windows\setupact.log
2012-04-28 07:05 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-28 07:03 - 2012-04-28 07:03 - 12621696 ____A (Microsoft Corporation) C:\Users\Macbook Pro\Downloads\mseinstall.exe
2012-04-28 06:59 - 2009-12-07 15:52 - 0000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1427652963-2183689151-3639516765-1000UA.job
2012-04-28 06:42 - 2012-03-08 10:22 - 0000000 ____D C:\Program Files (x86)\SlySoft
2012-04-28 06:00 - 2012-04-28 06:00 - 1015928 ____A C:\Users\Macbook Pro\Downloads\Titan_Quest_V1.30r2_+_8_Trainer.rar
2012-04-28 06:00 - 2012-04-28 06:00 - 1015928 ____A C:\Users\Macbook Pro\Downloads\Titan_Quest_V1.30r2_+_8_Trainer (1).rar
2012-04-28 06:00 - 2012-04-28 06:00 - 0309867 ____A C:\Users\Macbook Pro\Downloads\Titan_Quest_v1.30.zip
2012-04-25 19:42 - 2009-12-06 21:07 - 0048558 ____A C:\Windows\PFRO.log
2012-04-25 16:56 - 2012-04-25 16:56 - 0000000 ____D C:\Users\Macbook Pro\Documents\My Games
2012-04-25 15:53 - 2012-04-25 15:53 - 0000220 ____A C:\Users\Macbook Pro\Desktop\Titan Quest.url
2012-04-25 15:46 - 2012-04-25 15:46 - 0000925 ____A C:\Users\Public\Desktop\Steam.lnk
2012-04-25 15:44 - 2012-04-25 15:44 - 1606656 ____A C:\Users\Macbook Pro\Downloads\SteamInstall.msi
2012-03-28 23:00 - 2009-12-06 16:50 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-26 18:05 - 2012-03-26 18:05 - 0002022 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-03-26 18:05 - 2010-10-09 16:55 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-26 18:05 - 2009-12-06 17:04 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-26 18:05 - 2009-12-06 17:04 - 0000000 ____D C:\ProgramData\Adobe
2012-03-26 18:04 - 2009-12-06 17:00 - 0000000 ____D C:\Users\Macbook Pro\AppData\Local\Adobe
2012-03-26 18:02 - 2012-03-26 18:02 - 1009192 ____A C:\Windows\Minidump\032612-33883-01.dmp
2012-03-26 18:02 - 2012-03-26 18:02 - 0000000 ____D C:\Windows\Minidump
2012-03-23 19:40 - 2012-03-23 19:13 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-23 19:40 - 2012-03-23 19:13 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-23 19:18 - 2012-03-23 19:18 - 0433273 ____R C:\Windows\hosts
2012-03-23 19:12 - 2012-03-23 19:11 - 45641536 ____A (Safer-Networking Ltd.                                       ) C:\Users\Macbook Pro\Downloads\spybotsd-2.0.7-beta5.exe
2012-03-23 09:48 - 2011-11-18 17:02 - 0000000 ____D C:\Users\Macbook Pro\AppData\Roaming\uTorrent
2012-03-23 09:42 - 2012-03-23 09:42 - 0493107 ____A C:\Users\Macbook Pro\Downloads\Fire Officer Study Guide unlocked.pdf
2012-03-23 09:41 - 2012-03-23 09:41 - 0489928 ____A C:\Users\Macbook Pro\Downloads\Fire Officer Study Guide.pdf
2012-03-23 09:41 - 2012-03-23 09:41 - 0000052 ____A C:\Users\Macbook Pro\Downloads\license.dat
2012-03-23 09:38 - 2012-03-23 09:37 - 0569959 ____A C:\Users\Macbook Pro\Downloads\PDF-Password-Remover-v3.0.rar
2012-03-20 16:44 - 2012-03-20 16:44 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 16:44 - 2012-03-20 16:44 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-12 10:05 - 2012-03-12 10:05 - 0161060 ____A C:\Users\Macbook Pro\Documents\Crash.pdf
2012-03-12 10:04 - 2012-03-12 10:04 - 0753087 ____A C:\Users\Macbook Pro\Documents\LICB_FLSA_Manual_2010.pdf
2012-03-12 10:04 - 2012-03-12 10:03 - 8099113 ____A C:\Users\Macbook Pro\Documents\LICB_Pension_Survey.pdf
2012-03-12 10:03 - 2012-03-12 10:03 - 2629052 ____A C:\Users\Macbook Pro\Documents\LICB_EconomicCrisis.pdf
2012-03-12 10:03 - 2012-03-12 10:03 - 2457848 ____A C:\Users\Macbook Pro\Documents\LICB_LocalUnionAdmin.pdf
2012-03-12 10:03 - 2012-03-12 10:03 - 1941939 ____A C:\Users\Macbook Pro\Documents\LICB_Pensions_Handbook.pdf
2012-03-12 10:03 - 2012-03-12 10:03 - 0657218 ____A C:\Users\Macbook Pro\Documents\LICB_4StepsToPension.pdf
2012-03-12 10:02 - 2012-03-12 10:02 - 3282671 ____A C:\Users\Macbook Pro\Documents\LICB_CollectiveBargaining.pdf
2012-03-12 10:02 - 2012-03-12 10:02 - 3053417 ____A C:\Users\Macbook Pro\Documents\LICB_LocalUAdmOverview.pdf
2012-03-12 07:59 - 2009-12-07 15:52 - 0000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1427652963-2183689151-3639516765-1000Core.job
2012-03-12 05:13 - 2012-03-12 05:13 - 101356142 ____A C:\Users\Macbook Pro\Documents\ronwed0004.avi
2012-03-12 05:12 - 2012-03-12 05:12 - 162442324 ____A C:\Users\Macbook Pro\Documents\ronwed0003.avi
2012-03-12 05:12 - 2009-12-06 20:49 - 0000000 ____D C:\users\Macbook Pro
2012-03-12 05:10 - 2012-03-12 05:10 - 191243674 ____A C:\Users\Macbook Pro\Documents\ronwed0002.avi
2012-03-12 05:09 - 2012-03-12 05:09 - 162434924 ____A C:\Users\Macbook Pro\Documents\ronwed0001.avi
2012-03-12 03:19 - 2012-03-12 03:19 - 10103920 ____A C:\Users\Macbook Pro\Downloads\ScenalyzerLive.v4.2.3.zip
2012-03-12 03:19 - 2012-03-12 03:19 - 0036864 ____A C:\Windows\unslive.exe
2012-03-12 03:19 - 2012-03-12 03:19 - 0000000 ____D C:\Windows\system64
2012-03-12 03:19 - 2012-03-12 03:19 - 0000000 ____D C:\Users\Macbook Pro\Downloads\sclive20051228
2012-03-08 16:29 - 2011-10-04 13:58 - 0000000 ____D C:\Windows\rescache
2012-03-08 15:27 - 2009-12-06 17:00 - 0000000 ____D C:\Users\Macbook Pro\AppData\Roaming\Adobe
2012-03-08 15:26 - 2009-12-06 20:49 - 0000000 ____D C:\Users\Macbook Pro\AppData\LocalLow
2012-03-08 15:20 - 2010-10-09 17:01 - 0000000 ____D C:\Users\Macbook Pro\AppData\Roaming\vlc
2012-03-08 15:20 - 2009-12-07 15:52 - 0000000 ____D C:\Users\Macbook Pro\AppData\Local\Google
2012-03-08 15:12 - 2012-02-14 11:10 - 0000000 ____D C:\Users\Macbook Pro\AppData\Local\Downloaded Installations
2012-03-08 14:32 - 2009-07-13 20:45 - 0266544 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-08 14:30 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-03-08 13:46 - 2009-12-06 20:49 - 0000174 ___SH C:\Users\Macbook Pro\Start Menu\Programs\Startup\desktop.ini
2012-03-08 13:46 - 2009-12-06 20:49 - 0000174 ___SH C:\Users\Macbook Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-08 13:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-03-08 13:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-03-08 13:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-03-08 13:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-03-08 13:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-03-08 13:20 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2012-03-08 13:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-08 13:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-03-08 13:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-03-08 13:16 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-03-08 13:16 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-03-08 12:50 - 2012-03-08 12:50 - 0000000 ____D C:\Windows\System32\SPReview
2012-03-08 12:49 - 2012-03-08 12:49 - 0000000 ____D C:\Windows\System32\EventProviders
2012-03-08 11:32 - 2012-03-08 11:32 - 0000000 ____A C:\Windows\setuperr.log
2012-03-08 11:22 - 2012-03-08 11:22 - 0114678 ____A C:\Users\Macbook Pro\Downloads\Du.zip
2012-03-08 10:52 - 2012-03-08 10:52 - 0264838 ____A C:\Windows\msxml4-KB973685-enu.LOG
2012-03-08 10:42 - 2011-09-25 07:10 - 0000000 ____D C:\Users\Macbook Pro\AppData\Roaming\IGN_DLM
2012-03-08 10:41 - 2009-12-06 20:59 - 0304228 ____A C:\Windows\DPINST.LOG
2012-03-08 10:28 - 2012-03-08 10:28 - 0000000 ____D C:\Users\Macbook Pro\Documents\AnyDVDHD
2012-03-08 10:22 - 2012-03-08 10:22 - 0000000 ____D C:\Users\All Users\SlySoft
2012-03-08 10:22 - 2012-03-08 10:22 - 0000000 ____D C:\ProgramData\SlySoft
2012-02-21 12:06 - 2012-02-21 12:06 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2012-02-21 09:28 - 2012-02-21 07:46 - 0000000 ____D C:\Users\Macbook Pro\AppData\Local\Motosftemp
2012-02-21 07:49 - 2012-02-21 07:49 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motusbdevice_01007.Wdf
2012-02-21 07:49 - 2012-02-21 07:49 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2012-02-21 07:49 - 2012-02-21 07:49 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motmodem_01007.Wdf
2012-02-21 07:49 - 2012-02-21 07:49 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2012-02-21 07:49 - 2012-02-21 07:49 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2012-02-21 07:49 - 2012-02-21 07:49 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2012-02-21 07:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\ModemLogs
2012-02-14 11:09 - 2012-02-14 11:09 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2012-02-14 10:09 - 2012-02-14 10:09 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-02-14 09:40 - 2012-02-14 09:40 - 0004129 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2012-02-14 08:59 - 2011-03-04 07:39 - 0000000 ____D C:\Users\Macbook Pro\AppData\Roaming\Mozilla
2012-01-31 04:44 - 2009-12-06 20:53 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ====================== 

Percentage of memory in use: 13%
Total physical RAM: 4071.71 MB
Available physical RAM: 3517.53 MB
Total Pagefile: 4069.86 MB
Available Pagefile: 3500.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (BOOTCAMP) (Fixed) (Total:29.48 GB) (Free:10.53 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
4 Drive f: () (Removable) (Total:29.42 GB) (Free:11.38 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB   128 MB         
  Disk 1    No Media           0 B      0 B         
  Disk 2    Online           29 GB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            200 MB    512 B
  Partition 2    Primary            435 GB   200 MB
  Partition 3    Primary             29 GB   436 GB

======================================================================================================

Disk: 0
Partition 1
Type  : EE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type  : AF
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   BOOTCAMP     NTFS   Partition     29 GB  Healthy            

======================================================================================================

Partitions of Disk 2:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             29 GB  4096 KB

======================================================================================================

Disk: 2
Partition 1
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F                FAT32  Removable     29 GB  Healthy            

======================================================================================================

==========================================================

Last Boot: 2012-03-23 14:39

======================= End Of Log ==========================

What now? Cannot boot into OSX but I'm sure I can find a way to make that happen if it would be easier to act from another OS.

Edited by Orange Blossom, 28 April 2012 - 03:19 PM.
Moved to log forum. ~ OB

 

  • BC Ads
  • BleepingComputer.com

#2 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 28 April 2012 - 01:58 PM

This can be easily fixed.Someone from malware response team would soon help you

good luck

#3 JSntgRvr

JSntgRvr

    Master Surgeon General

  • Malware Response Team
  • PipPipPipPipPipPip
  • 7,121 posts
  • Gender:Male
  • Location:Puerto Rico

Posted 28 April 2012 - 03:09 PM

:welcome:

Let's try this and see if the fix can be applied.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it in the flashdrive as fixlist.txt 

start
HKLM-x32\...\Run: [NPSStartup]  [x]
SubSystems: [Windows] ==> ZeroAccess
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST64 as you did before, excep that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). Copy and Paste the contents of the Fixlog.txt in your next reply.

Start in Normal Mode. If successful, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

#4 JSntgRvr

JSntgRvr

    Master Surgeon General

  • Malware Response Team
  • PipPipPipPipPipPip
  • 7,121 posts
  • Gender:Male
  • Location:Puerto Rico

Posted 24 May 2012 - 08:35 PM

Due to the lack of feedback this Topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
Posted Image

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·