Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus caused the inability to launch applications


  • This topic is locked This topic is locked
18 replies to this topic

#1 Laki Larian

Laki Larian

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 05 April 2012 - 09:20 PM

After turning over every rock I could find, I still can't seem to solve my issue. Here is the story of the little Windows 7 laptop that can't open applications anymore.

The issue hit suddenly. While the laptop wasn't starting up as quickly in recent weeks as it used to, I blamed that on my husband's tendency to leave many applications open, or allowing them all to launch at start. One night, the computer was on, with the screen tilted downward while we were unable to pay attention to it. Enough time passed and it appeared to put itself into hibernation. We left it alone until the following morning, when upon waking it up we realized it had actually shut down completely, and the present start-up process was taking longer than usual. Several attempts to open Firefox resulted in... nothing. Not even a blink of the application name in Task Manager. This turned out to be true for every program except for IE (64-bit) and small default programs the computer came with (calculator, Paint, notepad, etc..) and interestingly enough, McAfee. The problem is persistent whether launching from desktop, start-menu, or file directory.

(A side note here is that the computer's memory is only 25% used, at most, and I recently defragged it, in case that's helpful info.)

A little research pointed me to a Trojan as the villain (and also indicated that IE64 would work with this particular bug, which seems to hold true to my case as well), one which McAfee could apparently not detect, nor could a full system check run from the boot menu. Interestingly, when I restarted the system after having it scan itself, it did run into an issue. It reported:

Corrupt Boot Critical File (C:\windows\system32\kdcom.dll)
File Repair: Fail
System Recovery: Success

It then proceeded to start, and maintain the same application issue, but otherwise behave normally. I have not seen that message since. There were a few more restarts after this as I attempted to forced the computer to launch various anti-viral programs; Avast, AdAware, MalwareBytes, SuperAntiSpyware, and HitmanPro36. *sigh* none would launch. I transported them from this computer I'm typing onto a USB stick, and then to the infected computer without much luck.

To my surprise, after a couple restarts and sitting dormant for a moment while I planted my head on the desk a few times, McAfee decided to open out of nowhere and announce to me that it detected a threat in the form of a trojan. By all detectable standards it did appear to be the legitimate McAfee program we have installed. I even tested it by closing it and opening it once to make sure. I had it run a full scan again (must have been the fourth time), and this time it came back saying it had quarantined the offending trojan, which had been hiding in the Temp folder (my on-paper record keeping habit slipped here, as I believed in the slim hope my problem might be solved. If the exact trojan file name is important, I will look at McAfee's scan history). Unfortunately, the application launch issue remains the same, and I know I would certainly like to run one of those wonderful anti-virus programs to make Extra Sure everything is okay before getting cozy in any case. I'm guessing the trojan my McAfee detected was only the most obvious tail end of the issue, and that it won't be capable of detecting anything but the copies or 'minions' the original virus makes of itself. But enough of my imagination :).

Aforementioned USB stick is now loaded with my husband's files as I had him prepare for the potential of a system wipe after asking you professionals for help. My primary problem is that everyone else who has reported this issue has fixed it by miraculously coming across one anti-virus program or another that is able to somehow circumvent the application launch-block, and eliminate the issue. None of these reported successes (most frequently said to be Malwarebytes) will launch for me.

So, how bad of shape might our little square friend be in? I'm ready to do some serious file diving if necessary, and will do my best to report anything you guys need to know bit-for-bit. It is unfortunate that the state of the machine prevents me from using your custom reporting program. If knowing my skill-level helps, I can follow any direction to get to places within the computer, but I just won't know what anything in there does, most likely. I took a gander in the Temp folder myself, but I probably couldn't tell the difference between benign folders and harmful ones until they bit me in the face. Thank you GREATLY for your help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:12 AM

Posted 05 April 2012 - 11:38 PM

Download and copy this tool to USB drive.

FIXTDSS

BOot the PC into safemode with networking

Launch it ,It may ask for restart,reboot the PC

On reboot,click on Repair

Restart the PC and let me know if you are able to launch other applications

good luck

#3 Laki Larian

Laki Larian
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 12 April 2012 - 11:53 AM

I have the computer in Safe Mode with Networking and tried launching the FixTDSS from the USB stick with no luck. I copied it to the desktop, and still no reaction. It sends the mouse into "thinking mode" for a second, then goes away, just like every other program. It really seems incapable of launching anything. Is there a way to put something on the USB stick that is already in an active state? Hmmm, that would probably be asking for a miracle, or a sacrificial USB stick. In any case, what should I try next?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:12 AM

Posted 12 April 2012 - 12:30 PM

Try creating a new user account and see if you can launch FIXTDSS

good luck

#5 Laki Larian

Laki Larian
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 17 April 2012 - 11:46 AM

Guest account could not connect to the "Sens account". I tried it because the control panel seemed incapable of launching sub-windows. I restarted it and tried again with the computer in normal mode, and I can open sub-menus for the screen saver and other such things (thought the computer's making it look rather laborious) but nothing happens when I try to open any options to affect user accounts. Oh boy.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:12 AM

Posted 17 April 2012 - 01:47 PM

Click on startmenu and type

cmd

Right click on it and select run as administrator,now run these commands


Net user test /add

Net localgroup administrators test /add


Restart the PC and boot into TEST user account and see if you can launch your EXE applications.

good luck

#7 Laki Larian

Laki Larian
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 18 April 2012 - 03:48 PM

Alright, I got the commands to go through successfully, but upon restarting, it flashed a blue screen with a ton of white text saying something about "Page unable to load" or similar, then shot to the black "Windows Error Recovery" screen, and it says a recent hardware/software change may be the cause. Should I launch Startup Repair or Start Windows Normally at this point?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:12 AM

Posted 18 April 2012 - 06:24 PM

Click on startup repair

#9 Laki Larian

Laki Larian
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 19 April 2012 - 12:16 PM

Looks like the work we did in cmd upset whatever little homeostasis the computer had left. Startup repair failed, at which point the only option it gave me was System Restore. That failed as well after an hour or so, but it finally gave me access to the error report. Here's the Root Cause Found:

Unknown Bugcheck: Bugcheck 50. Parameters = 0xfffff8a0007c8000, 0x0,
0xfffff800034c983a, 0x0.

Repair Action: System Restore
Result: Failed. Error Code = 0x1f
Time Taken = 166157 ms

Repair Action: System files integrity check and repair
Result: Failed. Error Code = 0x490
Time Taken = 965568 ms


And that's it. I have the result window open still, which gives me the ability to look at advanced repair options, and this error report. Was this virus seriously programmed to keep you from creating new user accounts so thoroughly? Geeze

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:12 AM

Posted 19 April 2012 - 03:03 PM

Let me ask someone to help you

good luck

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:12 PM

Posted 19 April 2012 - 04:05 PM

Hi Laki Larian,

Welcome to Bleeping Computer.

I'm moving this topic to the appropriate forum and help you from there. Please don't do anything on your own from now on until we are done.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#12 Laki Larian

Laki Larian
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 19 April 2012 - 05:59 PM

Haha! Now I feel like we're getting somewhere :D. Thanks so much for the help you guys. *ahem* Now, just for the record, I had to set the BIOS to run from a disk to get the repair screen up, so I'll have to remember to change that back to Hard Drive after we're done, in case the hubby leaves a game disk or something in the computer when he turns it off one day. Here's the FRST report, tell me what your professional eyes see...:

Scan result of Farbar Recovery Scan Tool Version: 19-04-2012
Ran by SYSTEM at 19-04-2012 17:50:59
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2010-04-07] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391192 2010-04-07] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [413720 2010-04-07] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3217056 2010-04-01] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" [3453440 2010-07-27] (Alcatel-Lucent)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-22] (Sensible Vision )
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
HKU\David\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-09] (Microsoft Corporation)
HKU\David\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-29] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Lsa: [Notification Packages] scecli
FAPassSync

==================== Services (Whitelisted) ======

2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [193816 2012-02-20] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [240408 2012-02-20] (Microsoft Corporation.)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-04-30] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-04-30] (Alcatel-Lucent)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [501768 2011-06-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)
2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [5716848 2010-11-15] (Wacom Technology, Corp.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]
2 FAService; "c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-07-14] (Citrix Systems, Inc.)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-05-11] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
3 wacmoumonitor; C:\Windows\System32\Drivers\wacmoumonitor.sys [13312 2010-11-02] (Wacom Technology)
3 wacommousefilter; C:\Windows\System32\Drivers\wacommousefilter.sys [12848 2010-10-25] (Wacom Technology)
3 wacomvhid; C:\Windows\System32\Drivers\wacomvhid.sys [16168 2010-10-25] (Wacom Technology)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-19 17:50 - 2010-10-06 06:53 - 0000000 ____D C:\FRST
2012-04-19 14:21 - 2010-11-15 08:08 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-19 14:21 - 2010-11-15 08:08 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-19 14:21 - 2009-07-13 17:47 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-19 14:21 - 2009-07-13 17:38 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-19 14:21 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-19 14:21 - 2009-07-13 17:14 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-19 14:21 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-19 14:05 - 2012-02-16 12:26 - 0000000 ____D C:\Windows\Minidump
2012-04-19 14:05 - 2009-07-13 21:32 - 164083136 ____A C:\Windows\MEMORY.DMP
2012-04-19 14:05 - - 0312768 ____A C:\Windows\Minidump\041912-29234-01.dmp
2012-04-12 11:02 - 2012-04-12 11:03 - 0000020 __ASH C:\Users\Guest\ntuser.ini
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\Templates
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\Start Menu
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\NetHood
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2012-04-12 11:02 - 2011-10-19 00:08 - 0000000 ____D C:\Users\Guest\AppData\Local\SoftThinks
2012-04-12 11:02 - 2010-10-27 18:59 - 0000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2012-04-12 11:02 - 2009-07-13 20:54 - 0000000 ____D C:\users\Guest
2012-04-12 11:02 - 2009-07-13 19:20 - 0000000 ____D C:\Users\Guest\AppData\Local\Microsoft Help
2012-04-12 11:02 - 2009-07-13 18:34 - 0000000 __SHD C:\Users\Guest\PrintHood
2012-04-12 11:02 - 2009-07-13 18:34 - 0000000 __SHD C:\Users\Guest\My Documents
2012-04-12 11:02 - 2009-07-13 18:34 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2012-04-12 11:02 - - 0002000 ____A C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2012-04-12 11:02 - - 0002000 ____A C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2012-04-12 11:02 - - 0000000 __SHD C:\Users\Guest\Documents\My Music
2012-04-12 11:02 - - 0000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2012-04-09 10:22 - 2011-03-12 10:53 - 1932256 ____A (Symantec Corporation) C:\Users\David\Desktop\FixTDSS.exe
2012-03-22 00:00 - 2012-03-22 00:00 - 0065536 __ASH C:\Windows\System32\config\components{38ef2a6d-713c-11e1-952b-f04da248f69c}.TxR.blf
2012-03-21 17:55 - 2012-04-19 14:21 - 0000129 ____A C:\Windows\System32\MRT.INI

============ 3 Months Modified Files and Folders =============

2012-04-19 17:50 - 2012-04-19 17:50 - 0000000 ____D C:\FRST
2012-04-19 14:39 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-19 14:38 - 2010-10-14 19:22 - 0027324 ____A C:\aaw7boot.log
2012-04-19 14:38 - 2010-10-06 06:00 - 1500909568 __ASH C:\hiberfil.sys
2012-04-19 14:38 - 2009-07-13 20:51 - 0042973 ____A C:\Windows\setupact.log
2012-04-19 14:37 - 2009-07-13 21:10 - 1539429 ____A C:\Windows\WindowsUpdate.log
2012-04-19 14:37 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-19 14:37 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-19 14:28 - 2012-03-21 17:55 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-19 14:23 - 2009-07-13 21:13 - 0779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-19 14:21 - 2010-10-14 15:34 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-19 14:06 - 2010-10-14 14:48 - 0000000 ____D C:\users\David
2012-04-19 14:05 - 2012-04-19 14:05 - 164083136 ____A C:\Windows\MEMORY.DMP
2012-04-19 14:05 - 2012-04-19 14:05 - 0312768 ____A C:\Windows\Minidump\041912-29234-01.dmp
2012-04-19 14:05 - 2012-04-19 14:05 - 0000000 ____D C:\Windows\Minidump
2012-04-19 14:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-18 21:58 - 2012-04-12 11:02 - 0000000 ____D C:\users\Guest
2012-04-18 21:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-12 11:02 - 2012-04-12 11:02 - 0000020 __ASH C:\Users\Guest\ntuser.ini
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\Templates
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\Start Menu
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\PrintHood
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\NetHood
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\My Documents
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\Documents\My Videos
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\Documents\My Pictures
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\Documents\My Music
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 __SHD C:\Users\Guest\AppData\Local\History
2012-04-12 11:02 - 2012-04-12 11:02 - 0000000 ____D C:\Users\Guest\AppData\LocalLow
2012-04-12 08:46 - 2012-03-18 13:41 - 0791650 ____A C:\Windows\ntbtlog.txt
2012-04-09 10:22 - 2012-04-09 10:22 - 1932256 ____A (Symantec Corporation) C:\Users\David\Desktop\FixTDSS.exe
2012-03-22 00:00 - 2012-03-22 00:00 - 0065536 __ASH C:\Windows\System32\config\components{38ef2a6d-713c-11e1-952b-f04da248f69c}.TxR.blf
2012-03-21 18:13 - 2009-07-13 20:45 - 0342768 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-18 17:20 - 2012-03-18 17:20 - 0000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2012-03-18 13:55 - 2012-03-18 13:56 - 7150680 ____A (SurfRight B.V.) C:\Users\David\Desktop\HitmanPro36.exe
2012-03-18 13:29 - 2012-03-18 13:28 - 12903112 ____A (SUPERAntiSpyware.com) C:\Users\David\Desktop\SUPERAntiSpyware.exe
2012-03-18 12:47 - 2012-01-19 17:32 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-18 12:47 - 2011-05-21 18:16 - 0000000 ____D C:\Users\David\AppData\Local\LogMeIn Hamachi
2012-03-18 12:47 - 2010-11-20 13:10 - 0000000 ____D C:\Program Files (x86)\Steam
2012-03-18 12:47 - 2010-10-06 04:42 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-03-18 12:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-18 12:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-03-15 00:28 - 2012-03-15 00:28 - 0000000 ____D C:\Users\David\AppData\Local\{F6CE32DE-5604-4158-86B6-FB624C3DEFE1}
2012-03-15 00:28 - 2012-03-15 00:28 - 0000000 ____D C:\Users\David\AppData\Local\{440F974B-E9E1-48BB-ADD9-679F20082AE0}
2012-03-15 00:27 - 2010-10-25 12:32 - 0000000 ____D C:\Users\David\Tracing
2012-03-15 00:26 - 2010-10-14 14:48 - 0000000 ____D C:\Users\David\AppData\Local\SoftThinks
2012-03-12 08:46 - 2011-05-11 07:56 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-03-12 08:46 - 2011-05-11 07:56 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-03-09 19:44 - 2012-03-09 19:44 - 0000000 ____D C:\Users\David\AppData\Local\{443061FF-89BE-4F65-80EB-90C26D342A63}
2012-03-09 19:44 - 2012-03-09 19:43 - 0000000 ____D C:\Users\David\AppData\Local\{DF2CFBC4-F56B-4C8A-A02F-A4896FA4A79C}
2012-03-09 19:42 - 2012-03-09 19:42 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-03-06 19:16 - 2012-03-06 19:16 - 0000000 ____D C:\Users\David\AppData\Local\Lazy 8 Studios
2012-03-05 20:36 - 2012-03-05 20:36 - 0000000 ____D C:\Users\David\AppData\Local\{B3F417D2-259E-4A09-A689-7B363E6B262D}
2012-03-05 20:36 - 2012-03-05 20:36 - 0000000 ____D C:\Users\David\AppData\Local\{2F61E1CC-1AD1-4579-A21B-B8E9CAD63490}
2012-03-05 19:48 - 2012-03-05 19:47 - 0298874 ____A C:\Users\David\Desktop\random notes 2.docx
2012-03-05 13:40 - 2010-10-25 11:50 - 0000000 ____D C:\Users\David\AppData\Roaming\Skype
2012-02-29 22:54 - 2012-04-19 14:21 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:45 - 2012-04-19 14:21 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:40 - 2012-04-19 14:21 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:35 - 2012-04-19 14:21 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:49 - 2012-04-19 14:21 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:45 - 2012-04-19 14:21 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:40 - 2012-04-19 14:21 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-28 17:48 - 2012-02-21 19:32 - 0000000 ____D C:\Users\David\AppData\Roaming\ICAClient
2012-02-24 22:56 - 2010-10-25 12:29 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-24 21:54 - 2012-02-24 21:53 - 3209594 ____A C:\Users\David\Desktop\mareep.png
2012-02-24 21:53 - 2012-02-24 21:53 - 0052329 ____A C:\Users\David\Desktop\Cooldoof.JPG
2012-02-24 20:58 - 2012-02-24 20:58 - 0000000 ____D C:\Users\David\AppData\Local\{B4E6F90C-A82C-4B7A-B915-EB3D9FEB2590}
2012-02-24 20:52 - 2012-02-24 20:52 - 0000000 ____D C:\Users\David\AppData\Local\{CC3870A0-A081-4AA1-B46A-B453CE927C1C}
2012-02-24 20:44 - 2012-02-24 20:44 - 0366180 ____A C:\Users\David\Desktop\random notes.docx
2012-02-22 20:18 - 2012-02-22 20:18 - 0318904 ____A (Microsoft Corporation) C:\Users\David\Downloads\wmpfirefoxplugin.exe
2012-02-21 19:33 - 2012-02-21 19:33 - 0000000 ____D C:\Users\All Users\Citrix
2012-02-21 19:33 - 2012-02-21 19:33 - 0000000 ____D C:\ProgramData\Citrix
2012-02-21 19:32 - 2012-02-21 19:32 - 0000000 ____D C:\Users\David\AppData\Local\Citrix
2012-02-21 19:32 - 2010-10-06 04:28 - 0000000 ____D C:\Program Files (x86)\Citrix
2012-02-21 19:30 - 2012-02-21 19:30 - 14108096 ____A (Citrix Systems, Inc.) C:\Users\David\Downloads\CitrixOnlinePluginWeb.exe
2012-02-17 01:25 - 2012-02-17 01:25 - 0000000 ____D C:\Users\David\AppData\Local\{AEED680C-60C4-4245-9030-4FF88D771288}
2012-02-17 01:25 - 2012-02-17 01:25 - 0000000 ____D C:\Users\David\AppData\Local\{94D77041-11EF-48AF-9D6D-A4933EF29D40}
2012-02-15 13:31 - 2012-02-15 13:30 - 0000000 ____D C:\Users\David\AppData\Local\{9FD62727-0D5A-488D-A606-91A83D87597B}
2012-02-15 13:30 - 2012-02-15 13:30 - 0000000 ____D C:\Users\David\AppData\Local\{DA880964-B910-4C6F-9EDD-BAB17785B2FA}
2012-02-15 13:28 - 2010-10-14 14:54 - 0000174 ___SH C:\Users\David\Start Menu\Programs\Startup\desktop.ini
2012-02-15 13:28 - 2010-10-14 14:54 - 0000174 ___SH C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 13:27 - 2010-10-06 04:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 10:16 - 2010-10-15 12:04 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-15 10:16 - 2010-10-15 12:04 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-14 22:27 - 2012-03-18 13:01 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-18 13:01 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-18 13:01 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-18 13:01 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-11 16:53 - 2012-02-11 16:53 - 0000000 ____D C:\Users\David\AppData\Local\{F91B2AE7-A957-4B6D-A1CB-1C1DDE5EBD75}
2012-02-11 16:53 - 2012-02-11 16:53 - 0000000 ____D C:\Users\David\AppData\Local\{3FBF660A-A30B-4BDF-99CD-E1A9C624C445}
2012-02-09 22:18 - 2012-03-18 13:02 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-18 13:02 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-18 13:02 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-18 13:02 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-18 13:01 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-18 13:02 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-18 13:02 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-18 13:02 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-18 13:01 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-18 13:01 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-02 20:16 - 2012-03-18 13:02 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 16:06 - 2012-02-02 16:06 - 0000000 ____D C:\Users\David\AppData\Local\{2C9F3DE6-B572-4C64-8D59-0AB634B115F7}
2012-01-31 14:50 - 2012-01-31 14:49 - 0000000 ____D C:\Users\David\AppData\Local\{48CB8D0F-0C8C-48AB-9892-E7EE194A5BED}
2012-01-31 14:49 - 2012-01-31 14:49 - 0000000 ____D C:\Users\David\AppData\Local\{585A37ED-6D05-491D-9B10-D1E4683A6BD5}
2012-01-29 10:50 - 2010-10-25 11:38 - 0000000 ____D C:\Users\David\AppData\Roaming\.minecraft
2012-01-29 10:49 - 2012-01-29 10:49 - 0000000 ____D C:\Users\David\Desktop\Minecraft accesories
2012-01-28 09:35 - 2012-01-28 09:34 - 0000000 ____D C:\Users\David\AppData\Local\{A7EA08CC-2C36-4FFD-9796-7241EA017966}
2012-01-28 09:34 - 2012-01-28 09:34 - 0000000 ____D C:\Users\David\AppData\Local\{E509B8B9-76CB-4B16-A6B9-5D767D30738A}
2012-01-28 09:32 - 2010-10-06 06:00 - 0583806 ____A C:\Windows\PFRO.log
2012-01-28 00:40 - 2011-12-21 21:43 - 0001830 ____A C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2012-01-27 01:24 - 2012-01-27 01:23 - 0000000 ____D C:\Users\David\AppData\Local\{5A0C693D-511F-4135-87D8-10CF3812EA3B}
2012-01-27 01:23 - 2012-01-27 01:23 - 0000000 ____D C:\Users\David\AppData\Local\{CF2F8A95-6435-46ED-A595-C0A443A3A573}
2012-01-24 22:27 - 2012-03-18 13:01 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-18 13:01 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-18 13:01 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-22 06:56 - 2012-01-22 06:55 - 0000000 ____D C:\Users\David\AppData\Local\{3C932D54-BB00-49CD-A3E0-1DDE814A8540}
2012-01-22 06:55 - 2012-01-22 06:55 - 0000000 ____D C:\Users\David\AppData\Local\{280D83F9-5A50-4F6B-BA76-BD3EE2890933}
2012-01-21 16:45 - 2012-01-21 16:45 - 0000000 ____D C:\Users\David\AppData\Local\{6229C5CD-88A5-4F70-8F5B-0D49219DDC6A}
2012-01-21 16:45 - 2012-01-21 16:44 - 0000000 ____D C:\Users\David\AppData\Local\{B500893E-0629-4163-85BD-8B1E2563154A}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 31%
Total physical RAM: 1907.72 MB
Available physical RAM: 1316.02 MB
Total Pagefile: 1668.3 MB
Available Pagefile: 1295.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:192.79 GB) NTFS
2 Drive e: (VISTA_SP1_HOMEPREMIUM) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:0.95 GB) (Free:0.23 GB) FAT
5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 974 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 15 GB 101 MB
Partition 3 Primary 283 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 15 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 283 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 973 MB 124 KB

======================================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G FAT Removable 973 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-03-21 20:47

======================= End Of Log ==========================

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:12 PM

Posted 20 April 2012 - 01:22 AM

Well done.

After the first step, the infection should be taken care of and you should be able to run programs again.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    cmd: bootrec /FixMbr
    TDL4: custom:26000022
    end
    
    Now please enter System Recovery Options and select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt), please post it to your reply.
  • While booted to normal mode download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#14 Laki Larian

Laki Larian
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 20 April 2012 - 10:21 AM

Here's the FixLog. Surprisingly fast little thing :) . Now to see if I can get MalwareBytes running...



Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 19-04-2012
Ran by SYSTEM at 2012-04-20 10:18:04 R:1
Running from G:\

==============================================


========= bootrec /FixMbr =========

T h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:12 PM

Posted 20 April 2012 - 10:58 AM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users