Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Repair Virus


  • This topic is locked This topic is locked
30 replies to this topic

#1 pirateicechick

pirateicechick

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 12 February 2012 - 11:35 PM

I am having a problem with the startup repair virus... I keep just getting the start up repair menu when restarting my computer. It will not allow me to go into safe mode and I don't have an installtion cd. When I do press F8 it just brings a screen that says launch normally or startup repair, either one I chose it brings it to the repair loop. I have seen other people with problem and gotten help would really like to get computer back thanks. The computer is a windows 7 dell and the problem started by shutting down all that I had open and shut down my computer, when I restarted it the startup repair just keeps coming up not allowing me to go into my accounts or desktop.

Edited by pirateicechick, 13 February 2012 - 08:51 AM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:36 PM

Posted 14 February 2012 - 07:58 PM

:welcome:

When you tap on F8, is there an option to "Repair Your Computer"? If you do, follow these steps:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:36 PM

Posted 14 February 2012 - 08:06 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 pirateicechick

pirateicechick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 14 February 2012 - 08:58 PM

i tried what you said but the tool didnt start.. it might be because I don't have to press f8 it just starts the startup repair then I can hit advanced options and go to the system recover options.

Edited by pirateicechick, 14 February 2012 - 09:29 PM.


#5 pirateicechick

pirateicechick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 14 February 2012 - 09:38 PM

ok it worked here it is


Scan result of Farbar Recovery Scan Tool Version: 11-02-2012
Ran by SYSTEM at 2012-02-13 23:32:41
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1909032 2010-01-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3168336 2009-11-03] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2011-12-24] (Malwarebytes Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1674896 2011-09-16] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2011-12-24] (Malwarebytes Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKU\Danielle Compton\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Danielle Compton\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Guest\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [x]
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-10] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

==================== Services (Whitelisted) ======

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-07-05] (Creative Technology Ltd)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652872 2011-12-24] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [501768 2011-06-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-11 13:37 - 2012-02-11 13:37 - 0400590 ____A C:\Users\Danielle Compton\My Documents\books in 2011.docx
2012-02-11 13:37 - 2012-02-11 13:37 - 0400590 ____A C:\Users\Danielle Compton\Documents\books in 2011.docx
2012-02-11 11:19 - 2012-02-11 11:20 - 0000000 ____D C:\Windows\System32\config\mybackup
2012-02-06 22:30 - 2012-02-06 22:30 - 2557665 ____A C:\Users\Danielle Compton\My Documents\VDay 2012.docx
2012-02-06 22:30 - 2012-02-06 22:30 - 2557665 ____A C:\Users\Danielle Compton\Documents\VDay 2012.docx
2012-02-01 11:39 - 2012-02-01 11:39 - 0000000 ____D C:\Users\Admin\Local Settings\Application Data\Apple
2012-02-01 11:39 - 2012-02-01 11:39 - 0000000 ____D C:\Users\Admin\Local Settings\Apple
2012-02-01 11:39 - 2012-02-01 11:39 - 0000000 ____D C:\Users\Admin\AppData\Local\Apple
2012-01-31 15:00 - 2012-01-31 15:01 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Application Data\{4ABEA0A0-4128-408A-B011-4C3904058ADA}
2012-01-31 15:00 - 2012-01-31 15:01 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\{4ABEA0A0-4128-408A-B011-4C3904058ADA}
2012-01-31 15:00 - 2012-01-31 15:01 - 0000000 ____D C:\Users\Danielle Compton\AppData\Local\{4ABEA0A0-4128-408A-B011-4C3904058ADA}
2012-01-31 14:59 - 2012-01-31 14:59 - 0689417 ____A C:\Users\Danielle Compton\Downloads\0131121317.jpg
2012-01-26 15:57 - 2012-02-11 13:09 - 0017542 ____A C:\Users\Danielle Compton\My Documents\Gas Transaction for 2011.docx
2012-01-26 15:57 - 2012-02-11 13:09 - 0017542 ____A C:\Users\Danielle Compton\Documents\Gas Transaction for 2011.docx
2012-01-23 22:10 - 2012-01-23 22:10 - 0543024 ____A (Microsoft Corporation) C:\Users\Danielle Compton\Downloads\IE9-Windows7-x64-enu(1).exe
2012-01-21 15:18 - 2012-01-21 15:18 - 0014083 ____A C:\Users\Danielle Compton\My Documents\Discussions for Music Appreciation.docx
2012-01-21 15:18 - 2012-01-21 15:18 - 0014083 ____A C:\Users\Danielle Compton\Documents\Discussions for Music Appreciation.docx


============ 3 Months Modified Files and Folders =============

2012-02-13 23:32 - 2012-02-13 23:32 - 0000000 ____D C:\FRST
2012-02-11 19:31 - 2011-12-30 03:30 - 0000000 ____D C:\users\Admin
2012-02-11 19:31 - 2011-11-17 23:55 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-11 19:31 - 2010-08-02 19:07 - 0000000 ____D C:\users\Guest
2012-02-11 19:31 - 2010-05-28 15:26 - 0000000 ____D C:\users\Danielle Compton
2012-02-11 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-02-11 19:31 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\registration
2012-02-11 13:37 - 2012-02-11 13:37 - 0400590 ____A C:\Users\Danielle Compton\My Documents\books in 2011.docx
2012-02-11 13:37 - 2012-02-11 13:37 - 0400590 ____A C:\Users\Danielle Compton\Documents\books in 2011.docx
2012-02-11 13:09 - 2012-01-26 15:57 - 0017542 ____A C:\Users\Danielle Compton\My Documents\Gas Transaction for 2011.docx
2012-02-11 13:09 - 2012-01-26 15:57 - 0017542 ____A C:\Users\Danielle Compton\Documents\Gas Transaction for 2011.docx
2012-02-11 11:20 - 2012-02-11 11:19 - 0000000 ____D C:\Windows\System32\config\mybackup
2012-02-06 22:30 - 2012-02-06 22:30 - 2557665 ____A C:\Users\Danielle Compton\My Documents\VDay 2012.docx
2012-02-06 22:30 - 2012-02-06 22:30 - 2557665 ____A C:\Users\Danielle Compton\Documents\VDay 2012.docx
2012-02-02 18:19 - 2009-07-13 23:10 - 1492916 ____A C:\Windows\WindowsUpdate.log
2012-02-02 01:41 - 2009-07-13 22:51 - 0056918 ____A C:\Windows\setupact.log
2012-02-01 11:39 - 2012-02-01 11:39 - 0000000 ____D C:\Users\Admin\Local Settings\Application Data\Apple
2012-02-01 11:39 - 2012-02-01 11:39 - 0000000 ____D C:\Users\Admin\Local Settings\Apple
2012-02-01 11:39 - 2012-02-01 11:39 - 0000000 ____D C:\Users\Admin\AppData\Local\Apple
2012-01-31 15:01 - 2012-01-31 15:00 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Application Data\{4ABEA0A0-4128-408A-B011-4C3904058ADA}
2012-01-31 15:01 - 2012-01-31 15:00 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\{4ABEA0A0-4128-408A-B011-4C3904058ADA}
2012-01-31 15:01 - 2012-01-31 15:00 - 0000000 ____D C:\Users\Danielle Compton\AppData\Local\{4ABEA0A0-4128-408A-B011-4C3904058ADA}
2012-01-31 14:59 - 2012-01-31 14:59 - 0689417 ____A C:\Users\Danielle Compton\Downloads\0131121317.jpg
2012-01-29 13:52 - 2011-07-23 23:44 - 0021899 ____A C:\Users\Danielle Compton\My Documents\Devins_Resume_1.docx
2012-01-29 13:52 - 2011-07-23 23:44 - 0021899 ____A C:\Users\Danielle Compton\Documents\Devins_Resume_1.docx
2012-01-27 12:14 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-27 12:14 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-26 15:56 - 2010-10-13 11:24 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Microsoft Help
2012-01-26 15:56 - 2010-10-13 11:24 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Application Data\Microsoft Help
2012-01-26 15:56 - 2010-10-13 11:24 - 0000000 ____D C:\Users\Danielle Compton\AppData\Local\Microsoft Help
2012-01-23 22:11 - 2011-09-08 21:46 - 0005749 ____A C:\Windows\IE9_main.log
2012-01-23 22:10 - 2012-01-23 22:10 - 0543024 ____A (Microsoft Corporation) C:\Users\Danielle Compton\Downloads\IE9-Windows7-x64-enu(1).exe
2012-01-23 15:39 - 2010-05-17 19:45 - 2960556032 __ASH C:\hiberfil.sys
2012-01-23 15:39 - 2009-07-13 23:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-21 15:18 - 2012-01-21 15:18 - 0014083 ____A C:\Users\Danielle Compton\My Documents\Discussions for Music Appreciation.docx
2012-01-21 15:18 - 2012-01-21 15:18 - 0014083 ____A C:\Users\Danielle Compton\Documents\Discussions for Music Appreciation.docx
2012-01-14 15:31 - 2011-11-18 03:42 - 0017187 ____A C:\Users\Danielle Compton\My Documents\2011 Christmas List.docx
2012-01-14 15:31 - 2011-11-18 03:42 - 0017187 ____A C:\Users\Danielle Compton\Documents\2011 Christmas List.docx
2012-01-14 14:11 - 2009-07-13 23:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-14 14:10 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-12 03:03 - 2010-05-17 18:05 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-12 03:03 - 2010-05-17 18:05 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-01-12 03:03 - 2010-05-17 18:05 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-04 20:50 - 2010-07-31 22:30 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-01-03 11:27 - 2010-10-27 11:39 - 0000000 ____D C:\Users\Danielle Compton\Application Data\Apple Computer
2012-01-03 11:27 - 2010-10-27 11:39 - 0000000 ____D C:\Users\Danielle Compton\AppData\Roaming\Apple Computer
2012-01-03 11:26 - 2012-01-03 11:26 - 0001745 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-01-03 11:26 - 2012-01-03 11:26 - 0001745 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-01-03 11:26 - 2012-01-03 11:25 - 0000000 ____D C:\Program Files\iTunes
2012-01-03 11:26 - 2012-01-03 11:25 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-01-03 11:25 - 2012-01-03 11:25 - 0000000 ____D C:\Program Files\iPod
2012-01-03 11:19 - 2012-01-03 11:19 - 0001807 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-01-03 11:19 - 2012-01-03 11:19 - 0001807 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-01-03 11:19 - 2012-01-03 11:18 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-12-30 04:05 - 2011-12-30 04:05 - 0002293 ____A C:\Users\Danielle Compton\Desktop\Womens Murder Club Collection.lnk
2011-12-30 04:04 - 2011-12-30 04:04 - 0001992 ____A C:\Users\Danielle Compton\Desktop\Play Cooking Dash 3 - Thrills and Spills.lnk
2011-12-30 04:04 - 2011-12-30 04:04 - 0001898 ____A C:\Users\Danielle Compton\Desktop\Play Diner Dash - Hometown Hero.lnk
2011-12-30 04:03 - 2011-12-30 04:03 - 0001820 ____A C:\Users\Danielle Compton\Desktop\Play Diner Dash 5 - Boom.lnk
2011-12-30 04:03 - 2010-08-20 22:56 - 0000000 ____D C:\BigFishGamesCache
2011-12-30 03:59 - 2010-05-17 19:45 - 0572282 ____A C:\Windows\PFRO.log
2011-12-30 03:51 - 2010-05-17 18:02 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2011-12-30 03:43 - 2011-12-30 03:43 - 0000000 ____D C:\Users\Admin\Application Data\Adobe
2011-12-30 03:43 - 2011-12-30 03:43 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2011-12-30 03:42 - 2011-12-30 03:42 - 0000000 ____D C:\Users\Admin\Local Settings\DataSafeOnline
2011-12-30 03:42 - 2011-12-30 03:42 - 0000000 ____D C:\Users\Admin\Local Settings\Application Data\DataSafeOnline
2011-12-30 03:42 - 2011-12-30 03:42 - 0000000 ____D C:\Users\Admin\AppData\Local\DataSafeOnline
2011-12-30 03:41 - 2011-12-30 03:30 - 0000000 ____D C:\Users\Admin\Local Settings\SoftThinks
2011-12-30 03:41 - 2011-12-30 03:30 - 0000000 ____D C:\Users\Admin\Local Settings\Application Data\SoftThinks
2011-12-30 03:41 - 2011-12-30 03:30 - 0000000 ____D C:\Users\Admin\AppData\Local\SoftThinks
2011-12-30 03:39 - 2010-05-28 15:26 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\SoftThinks
2011-12-30 03:39 - 2010-05-28 15:26 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Application Data\SoftThinks
2011-12-30 03:39 - 2010-05-28 15:26 - 0000000 ____D C:\Users\Danielle Compton\AppData\Local\SoftThinks
2011-12-30 03:38 - 2011-12-30 03:38 - 0001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2011-12-30 03:38 - 2011-12-30 03:38 - 0001075 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2011-12-30 03:32 - 2011-12-30 03:32 - 0132328 ____A C:\Users\Admin\Local Settings\GDIPFONTCACHEV1.DAT
2011-12-30 03:32 - 2011-12-30 03:32 - 0132328 ____A C:\Users\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-12-30 03:32 - 2011-12-30 03:32 - 0132328 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-30 03:32 - 2011-12-30 03:32 - 0001984 ____A C:\Users\Admin\Start Menu\Programs\Startup\Dell Dock.lnk
2011-12-30 03:32 - 2011-12-30 03:32 - 0001984 ____A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\Local Settings\Stardock_Corporation
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\Local Settings\Application Data\Stardock_Corporation
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\Application Data\Roxio
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\Application Data\Malwarebytes
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\Application Data\Dell
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\Application Data\Apple Computer
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Roxio
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Dell
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2011-12-30 03:32 - 2011-12-30 03:32 - 0000000 ____D C:\Users\Admin\AppData\Local\Stardock_Corporation
2011-12-30 03:32 - 2011-12-30 03:30 - 0000000 ____D C:\Users\Admin\AppData\LocalLow
2011-12-30 03:31 - 2011-12-30 03:31 - 0000402 __ASH C:\Users\Admin\My Documents\desktop.ini
2011-12-30 03:31 - 2011-12-30 03:31 - 0000174 ___SH C:\Users\Admin\Start Menu\Programs\Startup\desktop.ini
2011-12-30 03:31 - 2011-12-30 03:31 - 0000174 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-30 03:31 - 2011-12-30 03:31 - 0000000 ____D C:\Users\Admin\Local Settings\VirtualStore
2011-12-30 03:31 - 2011-12-30 03:31 - 0000000 ____D C:\Users\Admin\Local Settings\Application Data\VirtualStore
2011-12-30 03:31 - 2011-12-30 03:31 - 0000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2011-12-30 03:31 - 2010-05-28 15:31 - 0000073 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2011-12-30 03:31 - 2009-07-13 21:18 - 0000000 __SHD C:\$Recycle.Bin
2011-12-30 03:30 - 2011-12-30 03:30 - 0000020 ___SH C:\Users\Admin\ntuser.ini
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\Templates
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\Start Menu
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\PrintHood
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\NetHood
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\My Documents\My Videos
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\My Documents\My Pictures
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\My Documents\My Music
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\My Documents
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\Local Settings\Temporary Internet Files
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\Local Settings\History
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\Local Settings\Application Data\Temporary Internet Files
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\Local Settings\Application Data\History
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\Documents\My Videos
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\Documents\My Pictures
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\Documents\My Music
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\AppData\Local\Temporary Internet Files
2011-12-30 03:30 - 2011-12-30 03:30 - 0000000 __SHD C:\Users\Admin\AppData\Local\History
2011-12-30 03:04 - 2011-12-30 03:02 - 0012534 __ASH C:\Users\Danielle Compton\Local Settings\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2
2011-12-30 03:04 - 2011-12-30 03:02 - 0012534 __ASH C:\Users\Danielle Compton\Local Settings\Application Data\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2
2011-12-30 03:04 - 2011-12-30 03:02 - 0012534 __ASH C:\Users\Danielle Compton\AppData\Local\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2
2011-12-30 03:04 - 2011-12-30 03:02 - 0012534 __ASH C:\Users\All Users\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2
2011-12-30 03:04 - 2011-12-30 03:02 - 0012534 __ASH C:\Users\All Users\Application Data\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2
2011-12-30 03:04 - 2011-12-30 03:02 - 0012534 __ASH C:\ProgramData\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2
2011-12-27 23:16 - 2011-09-08 21:57 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-27 23:15 - 2011-12-27 23:15 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-25 13:04 - 2011-12-25 13:04 - 0000000 ____D C:\Users\Guest\Local Settings\Application Data\Apple
2011-12-25 13:04 - 2011-12-25 13:04 - 0000000 ____D C:\Users\Guest\Local Settings\Apple
2011-12-25 13:04 - 2011-12-25 13:04 - 0000000 ____D C:\Users\Guest\AppData\Local\Apple
2011-12-25 13:03 - 2010-11-01 10:33 - 0000000 ____D C:\Users\Guest\Application Data\Apple Computer
2011-12-25 13:03 - 2010-11-01 10:33 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2011-12-25 13:01 - 2011-12-25 13:01 - 0000000 ____D C:\Users\Guest\Application Data\Malwarebytes
2011-12-25 13:01 - 2011-12-25 13:01 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes
2011-12-25 13:01 - 2010-10-27 11:36 - 0000000 ____D C:\Users\All Users\Application Data\Apple
2011-12-25 13:01 - 2010-10-27 11:36 - 0000000 ____D C:\Users\All Users\Apple
2011-12-25 13:01 - 2010-10-27 11:36 - 0000000 ____D C:\ProgramData\Apple
2011-12-23 20:52 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\rescache
2011-12-23 16:26 - 2011-12-23 16:26 - 0000000 ____D C:\Users\Danielle Compton\Application Data\casualArts
2011-12-23 16:26 - 2011-12-23 16:26 - 0000000 ____D C:\Users\Danielle Compton\AppData\Roaming\casualArts
2011-12-23 16:26 - 2011-12-23 16:26 - 0000000 ____D C:\Users\All Users\casualArts
2011-12-23 16:26 - 2011-12-23 16:26 - 0000000 ____D C:\Users\All Users\Application Data\casualArts
2011-12-23 16:26 - 2011-12-23 16:26 - 0000000 ____D C:\ProgramData\casualArts
2011-12-23 16:10 - 2011-07-10 11:56 - 0000000 ____D C:\Program Files (x86)\bfgclient
2011-12-23 16:10 - 2011-02-10 16:17 - 0000000 ____D C:\Users\All Users\Big Fish Games
2011-12-23 16:10 - 2011-02-10 16:17 - 0000000 ____D C:\Users\All Users\Application Data\Big Fish Games
2011-12-23 16:10 - 2011-02-10 16:17 - 0000000 ____D C:\ProgramData\Big Fish Games
2011-12-15 13:27 - 2009-07-13 22:45 - 0469504 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-10 15:24 - 2010-08-11 23:18 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-03 01:18 - 2010-05-17 17:58 - 0000000 ____D C:\Users\All Users\WildTangent
2011-12-03 01:18 - 2010-05-17 17:58 - 0000000 ____D C:\Users\All Users\Application Data\WildTangent
2011-12-03 01:18 - 2010-05-17 17:58 - 0000000 ____D C:\ProgramData\WildTangent
2011-12-02 19:17 - 2011-12-02 19:17 - 0284064 ____A C:\Users\Danielle Compton\My Documents\Test 2 Overview.docx
2011-12-02 19:17 - 2011-12-02 19:17 - 0284064 ____A C:\Users\Danielle Compton\Documents\Test 2 Overview.docx
2011-12-02 18:04 - 2010-10-05 19:57 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Google
2011-12-02 18:04 - 2010-10-05 19:57 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Application Data\Google
2011-12-02 18:04 - 2010-10-05 19:57 - 0000000 ____D C:\Users\Danielle Compton\AppData\Local\Google
2011-12-02 18:01 - 2010-10-27 11:39 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Application Data\Apple Computer
2011-12-02 18:01 - 2010-10-27 11:39 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Apple Computer
2011-12-02 18:01 - 2010-10-27 11:39 - 0000000 ____D C:\Users\Danielle Compton\AppData\Local\Apple Computer
2011-12-02 18:00 - 2011-12-02 18:00 - 0000000 ____D C:\Program Files\Bonjour
2011-12-02 18:00 - 2011-12-02 18:00 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-12-02 17:59 - 2011-12-02 17:59 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-12-02 17:13 - 2011-12-02 17:13 - 0000763 ____A C:\Windows\ie8_main.log
2011-12-02 16:48 - 2011-12-02 16:48 - 2386985 ____A C:\Users\Danielle Compton\Downloads\tg74pluginsetup(1).exe
2011-12-02 16:02 - 2011-12-02 15:55 - 14761224 ____A (Mozilla) C:\Users\Danielle Compton\Downloads\Firefox Setup 8.0.1.exe
2011-12-02 14:26 - 2011-12-02 14:26 - 2621741 ____A C:\Users\Danielle Compton\Downloads\Angry Chili 010.jpg
2011-12-02 14:25 - 2011-12-02 14:25 - 2849147 ____A C:\Users\Danielle Compton\Downloads\Angry Chili 008.jpg
2011-12-01 22:12 - 2011-12-01 22:11 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Deployment
2011-12-01 22:12 - 2011-12-01 22:11 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Application Data\Deployment
2011-12-01 22:12 - 2011-12-01 22:11 - 0000000 ____D C:\Users\Danielle Compton\AppData\Local\Deployment
2011-12-01 22:11 - 2011-12-01 22:11 - 0000000 ____D C:\Users\Danielle Compton\AppData\Local\Apps\2.0
2011-12-01 16:58 - 2011-12-01 16:58 - 0000162 ___AH C:\Users\Danielle Compton\My Documents\~$11 Christmas List.docx
2011-12-01 16:58 - 2011-12-01 16:58 - 0000162 ___AH C:\Users\Danielle Compton\Documents\~$11 Christmas List.docx
2011-12-01 00:40 - 2011-12-01 00:40 - 2968920 ____A C:\Users\Danielle Compton\Desktop\alaska_twilight.pdf
2011-11-30 15:09 - 2011-11-18 03:42 - 0015515 ____H C:\Users\Danielle Compton\My Documents\~WRL1007.tmp
2011-11-30 15:09 - 2011-11-18 03:42 - 0015515 ____H C:\Users\Danielle Compton\Documents\~WRL1007.tmp
2011-11-30 03:03 - 2009-07-13 20:34 - 0000540 ____A C:\Windows\win.ini
2011-11-29 13:51 - 2011-01-06 22:19 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Windows Live
2011-11-29 13:51 - 2011-01-06 22:19 - 0000000 ____D C:\Users\Danielle Compton\Local Settings\Application Data\Windows Live
2011-11-29 13:51 - 2011-01-06 22:19 - 0000000 ____D C:\Users\Danielle Compton\AppData\Local\Windows Live
2011-11-23 23:00 - 2011-12-14 18:50 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-19 09:07 - 2012-01-11 08:03 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 08:06 - 2012-01-11 08:03 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-17 23:54 - 2011-11-17 23:53 - 0076604 ____A C:\TDSSKiller.2.6.19.0_17.11.2011_23.53.38_log.txt
2011-11-17 23:53 - 2011-11-17 23:49 - 0088950 ____A C:\Windows\ntbtlog.txt
2011-11-17 01:17 - 2012-01-12 08:20 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-11-17 01:17 - 2012-01-12 08:20 - 0095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-17 01:15 - 2012-01-12 08:20 - 0460296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2011-11-17 01:14 - 2012-01-11 08:03 - 1739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-17 01:12 - 2012-01-12 08:20 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-11-17 01:11 - 2012-01-12 08:20 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2011-11-17 01:11 - 2012-01-12 08:20 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2011-11-17 01:11 - 2012-01-12 08:20 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-17 01:10 - 2012-01-12 08:20 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-17 01:08 - 2012-01-12 08:20 - 1446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-17 01:05 - 2012-01-12 08:20 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-16 23:41 - 2012-01-11 08:03 - 1292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-16 23:39 - 2012-01-12 08:20 - 0314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2011-11-16 23:39 - 2012-01-12 08:20 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-11-16 23:39 - 2012-01-12 08:20 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-11-16 23:35 - 2012-01-12 08:20 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3764.53 MB
Available physical RAM: 3147.11 MB
Total Pagefile: 3762.68 MB
Available Pagefile: 3116.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:385.66 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.02 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3817 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 451 GB 14 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3817 MB 31 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3817 MB Healthy



==========================================================

Last Boot: 2012-01-30 15:27

======================= End Of Log ==========================

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:36 PM

Posted 15 February 2012 - 12:32 AM

Download the enclosed file to the USB drive.

Insert the USB drive into the ailing computer and run FRST as you did before. This time around click on the Fix button instead and wait.

The tool will make a log on the USB drive (Fixlog.txt). Please post its contents in a reply.

If successful, attempt to boot in Normal Mode. If able to do so, run Combofix as follows:


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Edited by JSntgRvr, 15 February 2012 - 12:33 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 pirateicechick

pirateicechick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 15 February 2012 - 01:00 AM

I do have a question before I do this ... Is this wiping my computer or will all my files, pictures, etc be saved?

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:36 PM

Posted 15 February 2012 - 01:16 AM

The fix will restore the registry to the last date the computer was bootable and will remove some bad files. Combofix is a scan that should be ran in Normal Mode to remove infected files, including rootkits. Losing your data is next to 0.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 pirateicechick

pirateicechick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 15 February 2012 - 01:23 AM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 11-02-2012
Ran by SYSTEM at 2012-02-14 02:21:26 R:1
Running from F:\

==============================================

C:\Users\Danielle Compton\Local Settings\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2 moved successfully.
C:\Users\Danielle Compton\Local Settings\Application Data\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2 not found.
C:\Users\Danielle Compton\AppData\Local\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2 not found.
C:\Users\All Users\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2 moved successfully.
C:\Users\All Users\Application Data\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2 not found.
C:\ProgramData\gjd75dg42ko2giehflnq544608q7ttr742p03vuegl2 not found.
C:\Users\Danielle Compton\Downloads\tg74pluginsetup(1).exe moved successfully.
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:36 PM

Posted 15 February 2012 - 11:19 AM

Were you able to boot in Normal Mode?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 pirateicechick

pirateicechick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 15 February 2012 - 12:49 PM

No it just did the same thing

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:36 PM

Posted 15 February 2012 - 12:56 PM

Lets take a look at the Master Boot Record. See if you can follow these instructions:

Download MBRFix from here.

Save and extract its contents to the desktop.

There are three files in the MBRFix folder. From these, only copy the MBRFix64.exe to the root directory of the USB Drive.

Also download the enclosed file.

Save it in the USB drive, overwriting the existing one.

Insert the USB drive into the ailing computer. Run FRST as before, except that this time-around, click on the Fix button.

The tool will make a log in the flashdrive (Fixlog.txt). Please post its contents in a reply.

It will also create a file (MBRDUMP.txt). Please attach this report as it is a hex file.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 pirateicechick

pirateicechick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 15 February 2012 - 04:23 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 11-02-2012
Ran by SYSTEM at 2012-02-14 15:14:40 R:2
Running from F:\

==============================================


========= bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=E:
description Windows Boot Manager
locale en-us
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {6e5aa52f-61f3-11df-951a-8f59980a7ef3}
resumeobject {6e5aa52e-61f3-11df-951a-8f59980a7ef3}
displayorder {6e5aa52f-61f3-11df-951a-8f59980a7ef3}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {6e5aa52f-61f3-11df-951a-8f59980a7ef3}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-us
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {6e5aa530-61f3-11df-951a-8f59980a7ef3}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {6e5aa52e-61f3-11df-951a-8f59980a7ef3}
nx OptIn

Windows Boot Loader
-------------------
identifier {6e5aa530-61f3-11df-951a-8f59980a7ef3}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{6e5aa531-61f3-11df-951a-8f59980a7ef3}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{6e5aa531-61f3-11df-951a-8f59980a7ef3}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {6e5aa52e-61f3-11df-951a-8f59980a7ef3}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=E:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {6e5aa531-61f3-11df-951a-8f59980a7ef3}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

========= End of CMD: =========


========= F:\MBRFix64.exe /drive 0 savembr F:\MBRDUMP.txt =========


========= End of CMD: =========


==== End of Fixlog ====

Attached Files


Edited by pirateicechick, 15 February 2012 - 04:24 PM.


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,303 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:36 PM

Posted 15 February 2012 - 08:36 PM

The MBR is infected.

Download the enclosed file.

Save it in the USB drive, overwriting the existing one.

Insert the USB drive into the ailing computer. Run FRST as before, except that this time-around, click on the Fix button.

The tool will make a log in the flashdrive (Fixlog.txt). Please post its contents in a reply.

If successful, attempt to boot in Normal Mode. If able to do so, run Combofix as previously suggested.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 pirateicechick

pirateicechick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 15 February 2012 - 08:53 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 11-02-2012
Ran by SYSTEM at 2012-02-14 18:51:10 R:3
Running from F:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


=========== Control: ===========

The operation completed successfully.

==== End of Control: ====

==== End of Fixlog ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users