Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Boot.SST.b Infection


  • This topic is locked This topic is locked
39 replies to this topic

#1 jmill1025

jmill1025

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 17 July 2012 - 05:02 PM

My computer recently was infected with the HDD Smart virus. I was able to successfully remove it and unhide my files using the uninstall guide here:

http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd


I followed the instructions on how to remove the Google Redirects and bootkit infections. I downloaded the TDSSKiller and ran a scan and said it was infected with:

Rootkit.Boot.SST.b
Physical drive: \Device\harddisk0\DR0

When I try to Cure it a message pops up saying "Can't cure MBR. Write Standard Boot Code?" I selected no because I wasn't sure what this meant. I am still able to boot up my computer in safe and normal mode but I am unable to get rid of this infection. I attached my scan results using the the TDSSKiller program.


UPDATE:

Computer shut down all of the sudden and now wont boot up. It gives me the option to Repair when I turn it on and it says Windows loading files but then nothing changes.

Attached Files


Edited by jmill1025, 17 July 2012 - 10:34 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 18 July 2012 - 01:16 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jmill1025

jmill1025
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 18 July 2012 - 02:13 AM

When I boot up with advanced options and select Repair Computer it takes me to a screen that says "Windows is loading files" and nothing happens after that it stays on that screen. I also cannot boot up in safe mode anymore.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 18 July 2012 - 02:27 AM

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jmill1025

jmill1025
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 18 July 2012 - 02:35 AM

I can't download anything to my infected computer. I am not able to boot it up at all. I am using a different computer to access the forums on here.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 18 July 2012 - 02:46 AM

what operating system do you have?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jmill1025

jmill1025
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 18 July 2012 - 02:48 AM

Windows 7

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 18 July 2012 - 02:49 AM

32bit or 64 bit


and the computer you are using to replay with is what?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jmill1025

jmill1025
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 18 July 2012 - 02:54 AM

64 bit and the computer I am using is the same. Both are acer aspire laptops using windows 7 64 bit operating system

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 18 July 2012 - 03:23 AM

greetings

that is good news


useing the good computer we can make a boot disk to enter the recovery environment on the infected computer and then you will be able to run frst as posted on post 2


to see how to make one go here - http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jmill1025

jmill1025
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 18 July 2012 - 02:23 PM

I was able to create a boot disk and enter the recovery environment. I followed the instructions from Post 2 and pasted my log results below:




Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 18-07-2012 12:15:57
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2010-02-12] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390680 2010-02-12] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [410136 2010-02-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9643552 2009-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\Janell Miller\...\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\Janell Miller\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-06-20] (SUPERAntiSpyware.com)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-12-11] (SUPERAntiSpyware.com)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [325200 2010-02-25] (Dritek System Inc.)
2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.)
2 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [31408 2011-08-15] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)

========================== Drivers (Whitelisted) =============

1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
4 vsserv; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 12:15 - 2012-07-18 12:15 - 00000000 ____D C:\FRST
2012-07-17 17:27 - 2012-07-17 17:29 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Janell Miller\Desktop\tdsskiller.exe
2012-07-17 13:18 - 2012-07-17 13:18 - 00221065 ____A C:\Users\All Users\1342559879.bdinstall.bin
2012-07-17 13:18 - 2012-07-17 13:18 - 00000000 ____D C:\Program Files\Bitdefender
2012-07-17 13:15 - 2012-07-17 13:23 - 00309320 ____A (BitDefender S.R.L.) C:\Windows\SysWOW64\Drivers\TrufosAlt.sys
2012-07-17 13:15 - 2012-07-17 13:22 - 00287304 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys
2012-07-17 13:15 - 2012-07-17 13:18 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-07-17 12:30 - 2012-07-17 16:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-17 12:25 - 2012-07-17 12:27 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Janell Miller\Desktop\123.com.exe
2012-07-17 10:14 - 2012-07-17 10:14 - 00000368 ____A C:\Users\All Users\iqLYbKAEpPYLMY
2012-07-17 10:14 - 2012-07-17 10:14 - 00000072 ____A C:\Users\All Users\-iqLYbKAEpPYLMYr
2012-07-17 10:14 - 2012-07-17 10:14 - 00000072 ____A C:\Users\All Users\-iqLYbKAEpPYLMY
2012-07-16 17:37 - 2012-07-16 17:38 - 00024261 ____A C:\ads_err.adt
2012-07-16 17:37 - 2012-07-16 17:38 - 00000077 ____A C:\Users\Janell Miller\AppData\Roaming\Rim.Transcoder.Exception.log
2012-07-16 17:37 - 2012-07-16 17:37 - 00006499 ____A C:\ads_err.dbf
2012-07-16 17:37 - 2012-07-16 17:37 - 00004559 ____A C:\ads_err.adm
2012-07-16 17:37 - 2012-07-16 17:37 - 00003072 ____A C:\ads_err.adi
2012-07-16 17:35 - 2012-07-16 17:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-07-16 17:34 - 2012-07-16 17:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-07-16 17:34 - 2011-07-20 13:58 - 00044032 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
2012-07-16 14:11 - 2012-06-15 12:05 - 00001747 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-16 13:20 - 2012-07-16 13:20 - 00000000 ____D C:\Users\Janell Miller\AppData\Roaming\Windows Live Writer
2012-07-16 13:20 - 2012-07-16 13:20 - 00000000 ____D C:\Users\Janell Miller\AppData\Local\Windows Live Writer
2012-07-16 12:56 - 2012-07-17 10:55 - 00000678 ____A C:\rkill.log
2012-07-16 10:34 - 2012-07-16 10:34 - 00000368 ____A C:\Users\All Users\em40uHiQ5O1RTK
2012-07-16 10:34 - 2012-07-16 10:34 - 00000072 ____A C:\Users\All Users\-em40uHiQ5O1RTKr
2012-07-16 10:34 - 2012-07-16 10:34 - 00000072 ____A C:\Users\All Users\-em40uHiQ5O1RTK
2012-07-11 12:33 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 12:28 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 12:28 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 12:28 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 12:28 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 12:28 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 12:28 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 12:28 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 12:28 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 12:28 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 12:28 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 12:28 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 12:28 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 12:28 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 12:28 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 12:28 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 12:28 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 12:28 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 12:28 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 12:28 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 12:28 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 12:28 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 12:28 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 12:28 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 12:28 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 12:28 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 12:28 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 12:28 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 12:28 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 10:49 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 10:49 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 10:49 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 10:49 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 10:49 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 10:49 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 10:49 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 10:49 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 10:48 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 10:48 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 10:42 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 10:42 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 10:42 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 10:42 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 10:42 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 10:42 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 10:42 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 10:42 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 10:42 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-05 19:47 - 2012-07-17 13:19 - 00007098 ____A C:\Windows\PFRO.log
2012-06-30 11:46 - 2012-06-30 11:46 - 00000000 ____D C:\Users\Janell Miller\Documents\Amazon MP3
2012-06-28 17:40 - 2012-07-17 17:12 - 00008662 ____A C:\Windows\setupact.log
2012-06-28 17:40 - 2012-06-28 17:40 - 00000000 ____A C:\Windows\setuperr.log
2012-06-26 20:41 - 2012-07-05 14:58 - 00000000 ____D C:\Program Files (x86)\Direct Audio Converter & CD Ripper
2012-06-22 09:39 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 09:39 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 09:39 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 09:39 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 09:39 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 09:39 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 09:39 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 09:38 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 09:38 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-17 17:37 - 2010-09-30 10:57 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2012-07-17 17:37 - 2010-04-30 01:01 - 01491217 ____A C:\Windows\WindowsUpdate.log
2012-07-17 17:30 - 2009-07-13 21:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-17 17:29 - 2012-07-17 17:27 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Janell Miller\Desktop\tdsskiller.exe
2012-07-17 17:19 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-17 17:19 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-17 17:14 - 2012-01-11 16:34 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38049284-268915285-3369264311-1000UA.job
2012-07-17 17:12 - 2012-06-28 17:40 - 00008662 ____A C:\Windows\setupact.log
2012-07-17 17:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-17 15:53 - 2012-04-03 10:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-17 13:23 - 2012-07-17 13:15 - 00309320 ____A (BitDefender S.R.L.) C:\Windows\SysWOW64\Drivers\TrufosAlt.sys
2012-07-17 13:22 - 2012-07-17 13:15 - 00287304 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\TrufosAlt.sys
2012-07-17 13:19 - 2012-07-05 19:47 - 00007098 ____A C:\Windows\PFRO.log
2012-07-17 13:18 - 2012-07-17 13:18 - 00221065 ____A C:\Users\All Users\1342559879.bdinstall.bin
2012-07-17 12:27 - 2012-07-17 12:25 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Janell Miller\Desktop\123.com.exe
2012-07-17 10:55 - 2012-07-16 12:56 - 00000678 ____A C:\rkill.log
2012-07-17 10:14 - 2012-07-17 10:14 - 00000368 ____A C:\Users\All Users\iqLYbKAEpPYLMY
2012-07-17 10:14 - 2012-07-17 10:14 - 00000072 ____A C:\Users\All Users\-iqLYbKAEpPYLMYr
2012-07-17 10:14 - 2012-07-17 10:14 - 00000072 ____A C:\Users\All Users\-iqLYbKAEpPYLMY
2012-07-17 09:14 - 2012-01-11 16:34 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38049284-268915285-3369264311-1000Core.job
2012-07-16 17:38 - 2012-07-16 17:37 - 00024261 ____A C:\ads_err.adt
2012-07-16 17:38 - 2012-07-16 17:37 - 00000077 ____A C:\Users\Janell Miller\AppData\Roaming\Rim.Transcoder.Exception.log
2012-07-16 17:38 - 2012-06-03 20:17 - 00000154 ____A C:\Users\Janell Miller\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-16 17:38 - 2012-03-13 14:54 - 00000231 ____A C:\Users\Janell Miller\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-16 17:37 - 2012-07-16 17:37 - 00006499 ____A C:\ads_err.dbf
2012-07-16 17:37 - 2012-07-16 17:37 - 00004559 ____A C:\ads_err.adm
2012-07-16 17:37 - 2012-07-16 17:37 - 00003072 ____A C:\ads_err.adi
2012-07-16 17:35 - 2012-07-16 17:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-07-16 17:34 - 2012-07-16 17:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-07-16 17:34 - 2011-02-02 11:08 - 00003410 ____A C:\Users\Janell Miller\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-16 16:28 - 2010-09-18 13:14 - 00027648 ____A C:\Users\Janell Miller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-16 10:34 - 2012-07-16 10:34 - 00000368 ____A C:\Users\All Users\em40uHiQ5O1RTK
2012-07-16 10:34 - 2012-07-16 10:34 - 00000072 ____A C:\Users\All Users\-em40uHiQ5O1RTKr
2012-07-16 10:34 - 2012-07-16 10:34 - 00000072 ____A C:\Users\All Users\-em40uHiQ5O1RTK
2012-07-13 12:00 - 2012-04-03 10:37 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-13 12:00 - 2011-05-15 19:58 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 10:21 - 2012-01-11 16:48 - 00002399 ____A C:\Users\Janell Miller\Desktop\Google Chrome.lnk
2012-07-11 12:36 - 2009-07-13 20:45 - 00426248 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 12:29 - 2010-09-20 14:06 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-28 17:40 - 2012-06-28 17:40 - 00000000 ____A C:\Windows\setuperr.log
2012-06-26 20:51 - 2011-06-25 11:24 - 00000073 ____A C:\Windows\cdplayer.ini
2012-06-26 20:00 - 2011-06-25 11:24 - 00001534 ____A C:\Users\All Users\ss.ini
2012-06-17 21:42 - 2009-07-13 21:08 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-15 12:05 - 2012-07-16 14:11 - 00001747 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-11 19:08 - 2012-07-11 12:33 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 10:48 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 10:48 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-11 10:49 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 10:49 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 10:49 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 10:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 10:49 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 10:49 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-22 09:39 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 09:39 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 09:39 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 09:39 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 09:39 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-22 09:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-22 09:39 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 09:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-22 09:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 12:28 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 12:28 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 12:28 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 12:28 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 12:28 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 12:28 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 12:28 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 12:28 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 12:28 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 12:28 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 12:28 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 12:28 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 12:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 12:28 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 12:28 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 12:28 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 12:28 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 12:28 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 12:28 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 12:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 12:28 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 12:28 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 12:28 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 12:28 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 12:28 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 12:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 12:28 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 12:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 10:42 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 10:42 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 10:42 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 10:42 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 10:42 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 10:42 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 10:42 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 10:42 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 10:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:25 - 2010-09-29 09:49 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-04 03:06 - 2012-06-13 16:45 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 16:45 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 16:45 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 16:45 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 08:41 - 2010-09-19 08:42 - 00000416 ____A C:\Windows\Tasks\EasyShare Registration Task.job
2012-04-27 19:55 - 2012-06-13 16:44 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 16:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 16:48 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 16:48 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 16:44 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 16:44 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 16:44 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 16:44 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 16:44 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 16:44 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 2804.51 MB
Available physical RAM: 2128.82 MB
Total Pagefile: 2802.66 MB
Available Pagefile: 2122.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:220.08 GB) (Free:150.06 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:0.58 GB) NTFS
3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.26 GB) (Free:0 GB) UDF
5 Drive h: (TRAVELDRIVE) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 13 MB
Disk 1 Online 949 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 220 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C ACER NTFS Partition 220 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 949 MB 4096 B

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H TRAVELDRIVE FAT Removable 949 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-09 10:50

======================= End Of Log ==========================

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 18 July 2012 - 02:39 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

2012-07-17 10:14 - 2012-07-17 10:14 - 00000368 ____A C:\Users\All Users\iqLYbKAEpPYLMY
2012-07-17 10:14 - 2012-07-17 10:14 - 00000072 ____A C:\Users\All Users\-iqLYbKAEpPYLMYr
2012-07-17 10:14 - 2012-07-17 10:14 - 00000072 ____A C:\Users\All Users\-iqLYbKAEpPYLMY
2012-07-16 10:34 - 2012-07-16 10:34 - 00000368 ____A C:\Users\All Users\em40uHiQ5O1RTK
2012-07-16 10:34 - 2012-07-16 10:34 - 00000072 ____A C:\Users\All Users\-em40uHiQ5O1RTKr
2012-07-16 10:34 - 2012-07-16 10:34 - 00000072 ____A C:\Users\All Users\-em40uHiQ5O1RTK
CMD: bootrec /FixMbr

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jmill1025

jmill1025
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 18 July 2012 - 03:18 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-18 13:16:45 Run:1
Running from H:\

==============================================

C:\Users\All Users\iqLYbKAEpPYLMY moved successfully.
C:\Users\All Users\-iqLYbKAEpPYLMYr moved successfully.
C:\Users\All Users\-iqLYbKAEpPYLMY moved successfully.
C:\Users\All Users\em40uHiQ5O1RTK moved successfully.
C:\Users\All Users\-em40uHiQ5O1RTKr moved successfully.
C:\Users\All Users\-em40uHiQ5O1RTK moved successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 18 July 2012 - 03:41 PM

restart the computer and let me know if it is working


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jmill1025

jmill1025
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 18 July 2012 - 03:51 PM

No. When I turn it on and try to start it up in normal mode I get a message of Windows Error Recovery.."Windows failed to start. A recent hardware or software change could be the cause" Then it asks if I want to Launch Startup Repair or Star Windows normally. I have tried both already and when I select Launch Startup repair it just says Windows is loading files and it stays that way and doesn't do anything. Starting normally also doesn't do anything either.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users