Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer wont start Up. Reboot Loop.


  • This topic is locked This topic is locked
6 replies to this topic

#1 sttacos

sttacos

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 18 June 2012 - 12:15 AM

Topic^^^.
gets past the splash screen then shows the mouse cursor at a blank dark screen, until it proceeds to reboot. anyhelp would be appreciated. Here's an FRST scan.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-06-2012 01
Ran by SYSTEM at 17-06-2012 22:11:21
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe" [1200880 2012-05-23] (BitDefender S.R.L.)
HKLM\...\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe" [71152 2009-10-19] (BitDefender S.R.L.)
HKLM\...\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2011-12-24] (Malwarebytes Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2011-12-24] (Malwarebytes Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2011-12-13] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKU\higinio\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\higinio\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED [740216 2012-02-26] (BitTorrent, Inc.)
HKU\higinio\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905920 2012-04-30] (SUPERAntiSpyware.com)
HKU\higinio\...\Run: [svhost] C:\Users\higinio\AppData\Roaming\svhost.exe [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Jose\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
3 Arrakis3; "C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe" [183880 2009-10-19] (BitDefender S.R.L. http://www.bitdefender.com)
2 CrossLoopService; "C:\Users\higinio\AppData\Local\CrossLoop\CrossLoopService.exe" --service [560848 2010-08-17] (CrossLoop Inc)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation)
2 LIVESRV; "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service [310856 2011-03-07] (BitDefender S.R.L.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [652872 2011-12-24] (Malwarebytes Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [315392 2010-03-12] (S.C. BitDefender S.R.L)
3 tvnserver; "C:\Users\higinio\AppData\Local\CrossLoop\tvnserver.exe" -service [814080 2010-07-21] (GlavSoft LLC.)
2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
2 VSSERV; "C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe" /service [1615688 2010-04-26] (BitDefender S.R.L.)

========================== Drivers (Whitelisted) =============

3 BDFM; C:\Windows\System32\DRIVERS\bdfm.sys [153448 2010-02-03] (BitDefender S.R.L. Bucharest, ROMANIA)
1 BdfNdisf; C:\Windows\System32\DRIVERS\BdfNdisf6.sys [72784 2010-12-11] (BitDefender LLC)
0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [291352 2010-02-22] (BitDefender)
1 bdfwfpf; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [79952 2010-12-11] (BitDefender LLC)
2 BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [85128 2010-01-19] (BitDefender)
3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [391296 2009-05-28] (Hauppauge Computer Works, Inc)
3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-13] (Intel Corp./ICP vortex GmbH)
3 LVRS; C:\Windows\System32\DRIVERS\lvrs.sys [315808 2011-08-19] (Logitech Inc.)
3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [4334624 2011-08-19] (Logitech Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation)
3 Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [14720 2010-12-11] (BitDefender S.R.L.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [39808 2010-12-11] (BitDefender S.R.L.)
3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-09 10:09 - 2012-06-09 10:09 - 00048684 ____A C:\Windows\ntbtlog.txt
2012-05-29 15:06 - 2012-05-29 15:06 - 00013070 ____A C:\Users\higinio\Documents\grad behave jose.docx
2012-05-24 19:47 - 2012-05-24 19:47 - 00013337 ____A C:\Users\Jose\Documents\jose vocb.docx
2012-05-24 18:42 - 2012-05-24 18:42 - 00036352 ____A C:\Users\Jose\Documents\jose aka jozzy reading log.doc
2012-05-21 16:47 - 2012-05-21 16:47 - 00013259 ____A C:\Users\Jose\Documents\jose martinez sent.docx
2012-05-20 21:02 - 2012-05-20 21:02 - 00000000 ____D C:\Users\higinio\AppData\Local\{863D599C-1A2A-4D37-B4BA-17E5081DF1AE}
2012-05-20 09:01 - 2012-05-20 09:02 - 00000000 ____D C:\Users\higinio\AppData\Local\{8C1786C9-79F7-4A16-A67E-4D36A1B982DA}
2012-05-19 19:45 - 2012-05-19 19:46 - 00000000 ____D C:\Users\higinio\AppData\Local\{7C5FF34F-CDED-4812-98A4-9A9A043A0818}
2012-05-19 07:45 - 2012-05-20 21:02 - 00000000 ____D C:\Users\higinio\AppData\Local\{EBAB6BB9-B154-4EC1-A8F5-2BC08B07BFB1}
2012-05-19 07:45 - 2012-05-19 07:45 - 00000000 ____D C:\Users\higinio\AppData\Local\{EABB6C55-3A84-43CD-807C-46327A7564FD}
2012-05-18 15:50 - 2012-05-18 15:50 - 00000000 ____D C:\Users\higinio\AppData\Local\{7DA0CCAA-ADF8-4351-AFC5-428982466BAB}
2012-05-18 15:50 - 2012-05-18 15:50 - 00000000 ____D C:\Users\higinio\AppData\Local\{58968509-AA26-40F2-BEF8-AA08519402AB}


============ 3 Months Modified Files and Folders ===============

2012-06-17 22:11 - 2012-06-17 22:11 - 00000000 ____D C:\FRST
2012-06-09 10:09 - 2012-06-09 10:09 - 00048684 ____A C:\Windows\ntbtlog.txt
2012-06-01 15:36 - 2011-06-08 18:22 - 00381440 ____A (Microsoft Corporation) C:\Windows\System32\wer.dll
2012-06-01 15:30 - 2010-12-12 14:49 - 00000000 ____D C:\users\Jose
2012-06-01 15:30 - 2010-10-30 13:59 - 00000000 ____D C:\users\higinio
2012-06-01 15:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2012-06-01 15:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-06-01 15:30 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2012-06-01 15:29 - 2011-06-15 17:05 - 00000000 ____D C:\Users\All Users\Real
2012-06-01 15:29 - 2011-06-06 17:13 - 00000000 ____D C:\Users\Jose\AppData\Roaming\SoftGrid Client
2012-06-01 14:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\config\TxR
2012-05-31 19:16 - 2010-12-24 23:14 - 00000376 ____A C:\Users\Jose\AppData\Roamingprivacy.xml
2012-05-31 19:16 - 2010-12-11 13:39 - 00037218 ____A C:\bdlog.txt
2012-05-31 07:59 - 2010-10-30 13:43 - 01334421 ____A C:\Windows\WindowsUpdate.log
2012-05-31 07:36 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-31 07:36 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-31 07:28 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-31 07:28 - 2009-07-13 20:39 - 00076181 ____A C:\Windows\setupact.log
2012-05-30 21:12 - 2011-06-15 17:04 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-30 21:05 - 2011-06-15 17:04 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-30 21:02 - 2010-12-11 13:08 - 00000000 ____D C:\Users\higinio\AppData\Roaming\uTorrent
2012-05-29 20:24 - 2011-12-13 14:18 - 00000444 ___AH C:\Windows\Tasks\Norton Security Scan for higinio.job
2012-05-29 19:04 - 2011-12-13 19:08 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-05-29 15:06 - 2012-05-29 15:06 - 00013070 ____A C:\Users\higinio\Documents\grad behave jose.docx
2012-05-24 19:47 - 2012-05-24 19:47 - 00013337 ____A C:\Users\Jose\Documents\jose vocb.docx
2012-05-24 18:42 - 2012-05-24 18:42 - 00036352 ____A C:\Users\Jose\Documents\jose aka jozzy reading log.doc
2012-05-23 14:39 - 2010-12-11 13:39 - 00000052 ____A C:\Windows\System32\ashttpstats.csv
2012-05-21 16:47 - 2012-05-21 16:47 - 00013259 ____A C:\Users\Jose\Documents\jose martinez sent.docx
2012-05-20 21:02 - 2012-05-20 21:02 - 00000000 ____D C:\Users\higinio\AppData\Local\{863D599C-1A2A-4D37-B4BA-17E5081DF1AE}
2012-05-20 21:02 - 2012-05-19 07:45 - 00000000 ____D C:\Users\higinio\AppData\Local\{EBAB6BB9-B154-4EC1-A8F5-2BC08B07BFB1}
2012-05-20 21:02 - 2010-11-11 15:02 - 00000000 ____D C:\Users\higinio\AppData\Local\Windows Live
2012-05-20 09:02 - 2012-05-20 09:01 - 00000000 ____D C:\Users\higinio\AppData\Local\{8C1786C9-79F7-4A16-A67E-4D36A1B982DA}
2012-05-19 19:46 - 2012-05-19 19:45 - 00000000 ____D C:\Users\higinio\AppData\Local\{7C5FF34F-CDED-4812-98A4-9A9A043A0818}
2012-05-19 14:10 - 2010-12-11 13:36 - 00000376 ____A C:\Users\higinio\AppData\Roamingprivacy.xml
2012-05-19 07:45 - 2012-05-19 07:45 - 00000000 ____D C:\Users\higinio\AppData\Local\{EABB6C55-3A84-43CD-807C-46327A7564FD}
2012-05-19 07:44 - 2010-11-11 15:29 - 00000000 ____D C:\Users\higinio\Tracing
2012-05-18 15:50 - 2012-05-18 15:50 - 00000000 ____D C:\Users\higinio\AppData\Local\{7DA0CCAA-ADF8-4351-AFC5-428982466BAB}
2012-05-18 15:50 - 2012-05-18 15:50 - 00000000 ____D C:\Users\higinio\AppData\Local\{58968509-AA26-40F2-BEF8-AA08519402AB}
2012-05-17 15:54 - 2012-05-17 15:54 - 00020092 ____A C:\Users\Jose\Documents\14 jose martinez spelling 40pt.docx
2012-05-16 15:21 - 2012-05-16 15:21 - 00013280 ____A C:\Users\higinio\Documents\jose vocb.docx
2012-05-16 14:25 - 2012-05-16 14:25 - 00000000 ____D C:\Users\higinio\AppData\Local\{6B547DB4-8013-408F-AFFC-11F8E7F8C2E4}
2012-05-16 14:25 - 2012-05-16 14:25 - 00000000 ____D C:\Users\higinio\AppData\Local\{486DDEA0-7B37-45F3-8B46-321F07868E45}
2012-05-15 17:56 - 2012-05-15 17:56 - 00000000 ____D C:\Users\higinio\AppData\Local\{F478E871-F49E-4044-BAC5-A88754706D06}
2012-05-15 17:56 - 2012-05-15 17:56 - 00000000 ____D C:\Users\higinio\AppData\Local\{073144E0-76A8-46DC-9019-19BB1525472E}
2012-05-15 17:12 - 2012-05-15 17:12 - 00493520 ____A (Facebook Inc.) C:\Users\Jose\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
2012-05-14 14:13 - 2012-05-14 14:13 - 00000000 ____D C:\Users\higinio\AppData\Local\{F8E9CD30-A903-4B15-83EB-62F9AA15852B}
2012-05-14 14:13 - 2012-05-14 14:13 - 00000000 ____D C:\Users\higinio\AppData\Local\{E1F71315-9605-4E09-940F-668329C97824}
2012-05-12 08:45 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-05-12 08:30 - 2009-07-13 20:33 - 00408768 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 08:28 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-11 22:18 - 2012-02-14 21:27 - 00000000 __SHD C:\Config.Msi
2012-05-11 22:18 - 2011-08-19 16:32 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 22:15 - 2010-11-27 12:40 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 22:13 - 2010-10-30 14:01 - 00740844 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-11 22:04 - 2010-11-11 15:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 21:02 - 2012-05-11 21:02 - 00000000 ____D C:\Users\higinio\AppData\Local\{991C5ED6-6FE0-48A9-BFD8-1306B73FB21C}
2012-05-11 21:02 - 2012-05-11 09:01 - 00000000 ____D C:\Users\higinio\AppData\Local\{7F8F6C67-C279-4537-A235-DA0A7B91352F}
2012-05-11 09:02 - 2012-05-11 09:01 - 00000000 ____D C:\Users\higinio\AppData\Local\{E5BCE907-0FD3-4ABC-B5C2-B7078B440F8F}
2012-05-10 16:24 - 2012-05-10 16:24 - 00013268 ____A C:\Users\Jose\Documents\jose14vocbsent.docx
2012-05-10 16:00 - 2012-05-10 15:59 - 00020146 ____A C:\Users\Jose\Documents\14josespwlling.docx
2012-05-05 14:43 - 2012-05-05 14:43 - 00516136 ____A (Bandoo Media Inc) C:\Users\higinio\Downloads\iLividSetupV1.exe
2012-05-05 14:43 - 2012-05-05 14:43 - 00516136 ____A (Bandoo Media Inc) C:\Users\higinio\Downloads\iLividSetupV1 (1).exe
2012-05-05 14:12 - 2012-05-05 14:12 - 00000000 ____D C:\Users\higinio\AppData\Local\{4751FAE5-6486-48E1-BF18-A36455570FBC}
2012-05-05 14:12 - 2012-05-05 14:12 - 00000000 ____D C:\Users\higinio\AppData\Local\{05D140FB-F9FE-4166-8563-E326FC646435}
2012-05-03 15:44 - 2012-05-03 15:44 - 00017857 ____A C:\Users\Jose\Documents\14jose spelling40pt.docx
2012-05-02 17:23 - 2012-05-02 17:23 - 00013146 ____A C:\Users\Jose\Downloads\jose14vocb=] (1).docx
2012-05-02 17:22 - 2012-05-02 17:22 - 00013146 ____A C:\Users\Jose\Downloads\jose14vocb=].docx
2012-05-02 17:20 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-05-01 14:07 - 2012-05-01 14:07 - 00000000 ____D C:\Users\higinio\AppData\Local\{3CC8F2A9-924A-4E5C-AFEC-BF34D067F6D3}
2012-05-01 14:07 - 2012-05-01 14:06 - 00000000 ____D C:\Users\higinio\AppData\Local\{9493CC18-BD00-40E5-9F6E-3CAA9582F77D}
2012-04-30 21:25 - 2011-06-06 18:40 - 00000000 ____D C:\Users\higinio\AppData\Roaming\SoftGrid Client
2012-04-30 19:45 - 2012-04-30 19:45 - 00000000 ____D C:\Users\higinio\AppData\Local\{79608589-1BBE-48FE-8BC2-3E4B258C96DD}
2012-04-30 19:45 - 2012-04-30 07:44 - 00000000 ____D C:\Users\higinio\AppData\Local\{6A2205C6-EEF3-4E93-9359-F593CCB14531}
2012-04-30 08:01 - 2011-08-21 10:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-30 07:44 - 2012-04-30 07:44 - 00000000 ____D C:\Users\higinio\AppData\Local\{B26472DF-8B56-46E2-9781-76B31AC53F61}
2012-04-27 21:49 - 2012-04-27 21:49 - 00000000 ____D C:\Users\higinio\AppData\Local\{72CABABF-BEBD-44A4-9B11-8738A0392885}
2012-04-27 21:49 - 2012-04-27 21:49 - 00000000 ____D C:\Users\higinio\AppData\Local\{47DDBFC9-6B1D-4564-9CA1-7FCCE8C63EBF}
2012-04-27 09:48 - 2012-04-27 09:48 - 00000000 ____D C:\Users\higinio\AppData\Local\{DDE04D5D-F9F2-42DE-A669-F34856D94E54}
2012-04-27 09:48 - 2012-04-27 09:48 - 00000000 ____D C:\Users\higinio\AppData\Local\{C24942AB-B8E4-4207-95AB-040739537E49}
2012-04-26 08:21 - 2012-04-26 08:21 - 00000000 ____D C:\Users\higinio\AppData\Local\{6FBE0A72-23AA-4FC1-951B-BEE8D996C078}
2012-04-26 08:21 - 2012-04-26 08:20 - 00000000 ____D C:\Users\higinio\AppData\Local\{9C5FE226-A3A2-4266-B58C-46787FDB9357}
2012-04-25 15:15 - 2012-04-25 15:15 - 00000000 ____D C:\Users\higinio\AppData\Local\{754AD6A9-F7A5-420E-8FCE-A15AE8AFE8C3}
2012-04-25 15:15 - 2012-04-24 15:15 - 00000000 ____D C:\Users\higinio\AppData\Local\{41B0C145-64B8-498D-AB9B-55171126CF1E}
2012-04-24 15:47 - 2012-04-24 15:47 - 03278921 ____A C:\Users\higinio\Downloads\LMFAO - "Sorry For Party Rocking".mp3
2012-04-24 15:45 - 2012-04-24 15:44 - 02914879 ____A C:\Users\higinio\Downloads\Drake - The Motto ft. Lil Wayne.mp3
2012-04-24 15:31 - 2012-04-24 15:30 - 04628929 ____A C:\Users\higinio\Downloads\Bob Marley-Don't worry be happy.mp3
2012-04-24 15:26 - 2012-04-24 15:25 - 04078863 ____A C:\Users\higinio\Downloads\Lil Wayne 6 Foot 7 Foot Lyrics.mp3
2012-04-24 15:25 - 2012-04-24 15:24 - 03327269 ____A C:\Users\higinio\Downloads\Young, Wild & Free - Wiz Khalifa Feat. Snoop Dogg & Bruno Mars __ Lyrics [HD].mp3
2012-04-24 15:24 - 2012-04-24 15:24 - 00247941 ____A C:\Users\higinio\Downloads\Drake- Over [Lyrics] Dirty (1).mp3
2012-04-24 15:23 - 2012-04-24 15:23 - 03770023 ____A C:\Users\higinio\Downloads\Drake- Over [Lyrics] Dirty.mp3
2012-04-24 15:22 - 2012-04-24 15:21 - 03828538 ____A C:\Users\higinio\Downloads\Lil B - Wonton Soup [Music Video].mp3
2012-04-24 15:15 - 2012-04-24 15:15 - 00000000 ____D C:\Users\higinio\AppData\Local\{FC549F14-573B-4AB8-9D8F-F82020B9D663}
2012-04-24 14:40 - 2012-04-24 14:39 - 03885380 ____A C:\Users\Jose\Downloads\Drake - Over.mp3
2012-04-23 09:00 - 2012-04-23 09:00 - 00000000 ____D C:\Users\higinio\AppData\Local\{F8ED43B9-8E16-4E43-8C85-8F7E128E96F3}
2012-04-23 08:59 - 2012-04-23 08:59 - 00000000 ____D C:\Users\higinio\AppData\Local\{63C4DB99-2739-4971-B041-5B6958A75454}
2012-04-21 11:53 - 2010-11-11 15:09 - 00000000 ____D C:\Program Files\Windows Live
2012-04-21 11:47 - 2012-04-21 11:47 - 00000000 ____D C:\Users\higinio\AppData\Local\{CD0E2759-077C-4250-8740-2912F1AF7844}
2012-04-21 11:47 - 2012-04-21 11:46 - 00000000 ____D C:\Users\higinio\AppData\Local\{95F910DF-908B-4A4D-9E13-AF8832F2A8DE}
2012-04-21 11:47 - 2010-10-30 14:00 - 00109216 ____A C:\Users\higinio\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-20 17:51 - 2010-12-18 18:15 - 00109216 ____A C:\Users\Jose\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-20 14:53 - 2010-12-12 14:49 - 00000000 ____D C:\Users\Jose\AppData\Local\VirtualStore
2012-04-20 14:46 - 2012-04-20 14:46 - 00002103 ____A C:\Users\Public\Desktop\Age of Empires Expansion.lnk
2012-04-20 14:46 - 2012-04-20 14:46 - 00002096 ____A C:\Users\Public\Desktop\Age of Empires.lnk
2012-04-20 14:44 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Microsoft Games
2012-04-19 17:39 - 2010-11-11 16:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-04-19 16:02 - 2012-04-19 16:02 - 00000000 ____D C:\Users\higinio\AppData\Local\{DA7AEF02-DB10-4779-BB34-05A8DEA1E487}
2012-04-19 16:02 - 2012-04-19 16:02 - 00000000 ____D C:\Users\higinio\AppData\Local\{C801D4B5-D006-45B7-8D3D-52BFC4FD0579}
2012-04-19 15:05 - 2012-02-09 18:20 - 00034304 ____A C:\Users\Jose\Downloads\jose is read.doc
2012-04-19 15:02 - 2012-04-19 15:02 - 00040448 ____A C:\Users\Jose\Downloads\jose14reading logdoc.doc
2012-04-15 18:55 - 2012-04-15 18:55 - 00000000 ____D C:\Users\higinio\AppData\Local\{EBA680BF-F06C-4640-A940-A869C58F65E8}
2012-04-15 18:55 - 2012-04-15 18:54 - 00000000 ____D C:\Users\higinio\AppData\Local\{B5864A3C-6FC0-4B4A-8A59-705F97B220AE}
2012-04-12 17:57 - 2012-04-12 17:57 - 00591456 ____A (Unity Technologies ApS) C:\Users\Jose\Downloads\UnityWebPlayer.exe
2012-04-12 14:55 - 2010-12-18 18:15 - 00000000 ____D C:\Users\Jose\AppData\Local\Microsoft Games
2012-04-12 14:35 - 2012-04-12 14:35 - 00002059 ____A C:\Users\Jose\Desktop\Yu-Gi-Oh! ONLINE 3.lnk
2012-04-12 14:35 - 2012-04-12 14:35 - 00000347 ____A C:\Users\Jose\Desktop\Games - Shortcut.lnk
2012-04-10 20:58 - 2009-07-13 18:04 - 00000499 ____A C:\Windows\win.ini
2012-04-10 09:25 - 2012-04-10 09:25 - 00000000 ____D C:\Users\higinio\AppData\Local\{FA637DA2-2126-4483-8BB7-22F18A6E754C}
2012-04-10 09:25 - 2012-04-10 09:25 - 00000000 ____D C:\Users\higinio\AppData\Local\{D023F7A7-F2D8-43DC-BEE6-C58642E39E40}
2012-04-09 20:15 - 2012-04-09 20:13 - 17966963 ____A C:\Users\higinio\Downloads\RoyalWeddingPartyPack (1).zip
2012-04-09 20:09 - 2012-04-09 20:08 - 17966963 ____A C:\Users\higinio\Downloads\RoyalWeddingPartyPack.zip
2012-04-09 18:33 - 2012-04-09 18:33 - 00000000 ____D C:\Users\higinio\AppData\Local\{C2F55FE3-FBE3-4A7D-8AFE-1F531E2A3736}
2012-04-09 18:33 - 2012-04-09 18:33 - 00000000 ____D C:\Users\higinio\AppData\Local\{BCE0E39C-C147-425B-8635-83A3FA153C84}
2012-04-09 14:41 - 2012-04-09 14:41 - 00000000 ____D C:\Users\higinio\AppData\Local\{6F17CD36-46D3-491E-A21F-188FAF6A41CD}
2012-04-09 14:41 - 2012-04-09 14:41 - 00000000 ____D C:\Users\higinio\AppData\Local\{208EF08E-C68D-4F6B-9AD7-87AB8185E39C}
2012-04-07 09:56 - 2012-04-07 09:56 - 00000000 ____D C:\Users\higinio\AppData\Local\{11057DEA-8A48-4B25-ADC0-2F828ADC984F}
2012-04-07 09:56 - 2012-04-07 09:55 - 00000000 ____D C:\Users\higinio\AppData\Local\{C452B517-14ED-4D9E-8E34-F1BCF4EE569E}
2012-04-06 11:00 - 2012-04-06 10:59 - 00000000 ____D C:\Users\higinio\AppData\Local\{A97F5DF2-1140-452F-B4CA-1FF22A77F467}
2012-04-04 16:24 - 2011-11-17 22:06 - 00035328 ____A C:\Users\Jose\Documents\jose reading.doc
2012-04-03 06:47 - 2012-04-03 06:47 - 00000000 ____D C:\Users\higinio\AppData\Local\{7D671A3B-C854-406A-8F39-83746137797B}
2012-04-03 06:47 - 2012-04-03 06:46 - 00000000 ____D C:\Users\higinio\AppData\Local\{0C891EFE-1C64-4EE5-B1F5-B045BEB4C39F}
2012-04-02 22:32 - 2012-04-02 22:32 - 00017372 ____A C:\Users\higinio\Documents\My dad.docx
2012-04-02 18:14 - 2012-04-02 18:14 - 00000000 ____D C:\Users\higinio\AppData\Local\{A92EEBA2-6F4F-4DDA-BD93-5271B9517219}
2012-04-02 18:14 - 2012-04-02 18:13 - 00000000 ____D C:\Users\higinio\AppData\Local\{94A689BB-069C-40B3-A750-457F0326BCBF}
2012-04-02 10:39 - 2012-04-02 10:39 - 00000000 ____D C:\Users\higinio\AppData\Local\{F0586052-8CBE-486B-AFC4-12EDB9C1A642}
2012-04-02 10:39 - 2012-04-02 10:39 - 00000000 ____D C:\Users\higinio\AppData\Local\{86D80255-0B55-470E-BD32-27EF7CA5AE5E}
2012-04-01 20:39 - 2012-04-01 20:39 - 00000000 ____D C:\Users\higinio\AppData\Local\{BB4DDF43-E93F-4E28-B0C2-38F4E0AD00BE}
2012-04-01 20:39 - 2012-03-31 08:39 - 00000000 ____D C:\Users\higinio\AppData\Local\{AF9B5B7D-BB7A-46BD-A11C-9CC756832024}
2012-04-01 08:39 - 2012-04-01 08:39 - 00000000 ____D C:\Users\higinio\AppData\Local\{60D55B19-A31E-40AE-BAAE-797D5A185FD0}
2012-03-31 20:39 - 2012-03-31 20:39 - 00000000 ____D C:\Users\higinio\AppData\Local\{061445DF-84CD-40F4-AD50-EA671A689941}
2012-03-31 08:40 - 2012-03-31 08:40 - 00000000 ____D C:\Users\higinio\AppData\Local\{ED4CD0DF-3A95-42E7-8416-19F297FC0B0E}
2012-03-30 20:39 - 2012-05-11 14:16 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 14:16 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-05-11 14:16 - 02343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 02:23 - 2012-05-11 14:16 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 16:13 - 2012-03-26 14:26 - 00023253 ____A C:\Users\higinio\Documents\JOSESPELLING.docx
2012-03-28 17:16 - 2012-03-28 17:16 - 00013255 ____A C:\Users\higinio\Documents\jose vocab.docx
2012-03-28 08:00 - 2012-03-28 07:59 - 00000000 ____D C:\Users\higinio\AppData\Local\{C2FB34ED-0C63-44E9-A2C1-A6E714AB11E9}
2012-03-28 07:59 - 2012-03-28 07:59 - 00000000 ____D C:\Users\higinio\AppData\Local\{BCE4DD9B-691C-46CD-A410-02AACE2525BD}
2012-03-27 19:36 - 2012-03-27 19:36 - 03655900 ____A C:\Users\higinio\Downloads\horse_eventing2_girlsgogames_com (2).dcr
2012-03-27 10:26 - 2012-03-27 10:26 - 00000000 ____D C:\Users\higinio\AppData\Local\{DAC6B008-315B-4136-9354-B81C46356117}
2012-03-27 10:26 - 2012-03-27 10:26 - 00000000 ____D C:\Users\higinio\AppData\Local\{1DFFEB7F-14D0-4418-9DF1-631C9E61FE65}
2012-03-26 09:48 - 2012-03-26 09:48 - 00000000 ____D C:\Users\higinio\AppData\Local\{AF473D01-D5DF-4821-9818-C92ABC3F1134}
2012-03-26 09:48 - 2012-03-26 09:48 - 00000000 ____D C:\Users\higinio\AppData\Local\{6D913400-920B-4A26-A218-BD37D4F91066}
2012-03-24 15:04 - 2012-03-24 15:04 - 00000000 ____D C:\Users\higinio\AppData\Local\{F77FCEA4-D13B-44C4-9D42-FA2BE5C94914}
2012-03-24 15:04 - 2012-03-24 15:04 - 00000000 ____D C:\Users\higinio\AppData\Local\{9AFF23FD-74E4-43A7-914E-DF5C8129C47F}
2012-03-23 21:31 - 2012-03-23 21:31 - 00000000 ____D C:\Users\higinio\AppData\Local\{CD3DCCDD-828F-489A-9EAA-42876172A2B6}
2012-03-23 21:31 - 2012-03-23 09:30 - 00000000 ____D C:\Users\higinio\AppData\Local\{5844372F-0484-428D-8E1B-DC361EC024FF}
2012-03-23 09:30 - 2012-03-23 09:30 - 00000000 ____D C:\Users\higinio\AppData\Local\{E2ABDE8A-CFD4-4459-B787-4DF382D119DA}
2012-03-22 17:42 - 2012-03-22 17:42 - 00035840 ____A C:\Users\higinio\Documents\jose20minhw .doc
2012-03-22 17:37 - 2012-03-22 17:39 - 00034761 ____A C:\Users\higinio\Documents\jose14spell.docx
2012-03-22 11:25 - 2012-03-22 11:25 - 00000000 ____D C:\Users\higinio\AppData\Local\{77EB813C-02F4-410E-AE82-C6C1F1D6B753}
2012-03-21 09:01 - 2010-11-11 15:29 - 00000000 ____D C:\Users\higinio\AppData\Roaming\Windows Live Writer
2012-03-21 08:39 - 2012-03-21 08:39 - 00000000 ____D C:\Users\higinio\AppData\Local\{2860857E-2E39-4149-A506-36DC7D8803C9}
2012-03-21 08:39 - 2012-03-21 08:38 - 00000000 ____D C:\Users\higinio\AppData\Local\{801CA0BD-B25A-4C6F-8C3A-949DECB11A26}
2012-03-20 08:39 - 2012-03-20 08:39 - 00000000 ____D C:\Users\higinio\AppData\Local\{EE31DB02-58EA-41B1-A78E-F411944096BD}
2012-03-20 08:39 - 2012-03-20 08:39 - 00000000 ____D C:\Users\higinio\AppData\Local\{A1CE5EC1-5324-4443-8B07-F7568FA282CF}
2012-03-20 08:39 - 2011-08-17 14:55 - 00414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 2038.46 MB
Available physical RAM: 1646.76 MB
Total Pagefile: 2038.46 MB
Available Pagefile: 1646.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:364.82 GB) (Free:220.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:7.79 GB) (Free:0.84 GB) NTFS
4 Drive f: (PATRIOT) (Removable) (Total:29.93 GB) (Free:2.43 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 372 GB 1024 KB
Disk 1 Online 29 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 364 GB 31 KB
Partition 2 Primary 7977 MB 364 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C HP NTFS Partition 364 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Recovery NTFS Partition 7977 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F PATRIOT FAT32 Removable 29 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-29 08:48

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 19 June 2012 - 01:28 AM

i know double post, but really?? no help?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 PM

Posted 20 June 2012 - 08:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#4 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 21 June 2012 - 12:26 AM

Hi nasdaq, thank you for the reply.
As i stated before the computer will not boot successfully and gets stuck in a reboot loop. so i am unable to access the desktop and run dds.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 PM

Posted 21 June 2012 - 08:01 AM

Try to start the computer using the Last Good Configuration.

How to Here.

http://windows.microsoft.com/en-us/windows-vista/Using-Last-Known-Good-Configuration

#6 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 21 June 2012 - 01:31 PM

Does not work either, Same results as previous boot attempts.
Any other suggestions?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 PM

Posted 22 June 2012 - 08:56 AM

PLEASE NOTE: Most authorities say that a PC with a polymorphic file infector can never again be trusted and should be reformatted. You should seriously consider reformatting and reinstalling Windows.

That said, if you wish we can attempt disinfection but you are cautioned that theoretically you can never be sure cleaning is 100% complete.

Read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:
Download Kaspersky Rescue Disk 10
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?


Summarizing:
  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:
Restart your computer and put the disk in the drive while booting.
Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
Select the required interface language using the arrow-keys on your keyboard.
Press the Enter key on the keyboard.
In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
Click Enter.
Click 'A' to accept the agreement.
Select operating system from dropdown menu (select Windows whatever)
Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:
Click My Update Center and update if any available
Back to other tab and click Start Object Scan.
(It took 3 hours to scan my 47G)
When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
On the upper right hand corner of the Detailed report window, click on the Save button.
After clicking Detailed Report and 'SAVE', a browse window opens.
Double-click on the \
Click 'disks'.
All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
Click on the Save button.
The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Post the content of the file for my review.
Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users