Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Farbar Recovery Scan Tool Personalized Fixlist.txt


  • This topic is locked This topic is locked
63 replies to this topic

#1 Morse138

Morse138

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 30 July 2012 - 12:47 AM

Could someone please tell me the Farbar Recovery Scan fixlist.txt file I would use for my situation?

The following are my FIRST.txt and Search.txt files:


Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 01:17:41
Running from I:\
Windows Vista ™ Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [138264 2008-03-31] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [203288 2008-03-31] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [167448 2008-03-31] (Intel Corporation)
HKLM-x32\...\Run: [LchDrvKey] LchDrvKey.exe [x]
HKLM-x32\...\Run: [LedKey] CNYHKey.exe [x]
HKLM-x32\...\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [8192 2008-07-16] (Acer Inc.)
HKLM-x32\...\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A [53248 2008-05-21] (IOI)
HKLM-x32\...\Run: [eRecoveryService] [x]
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot [185872 2009-01-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-11-17] (Apple Inc.)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Morse\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-12-19] (Google Inc.)
HKU\Morse\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Morse\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Morse\...\Run: [Google Update] "C:\Users\Morse\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-27] (Google Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [339968 2009-04-10] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [200704 2008-07-16] (Acer Inc.)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [25088 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [x ] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Morse\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Morse\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)
2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [290832 2011-12-12] (Verizon)
3 iPod Service; "C:\Program Files (x86)\iPod\bin\iPodService.exe" [932640 2010-11-17] (Apple Inc.)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 RalinkRegistryWriter; C:\Program Files (x86)\ZyXEL\N220\Common\RalinkRegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-08] (Trusteer Ltd.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 WerSvc; C:\Windows\System32\WerSvc.dll [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [58496 2008-01-20] (Microsoft Corporation)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
3 CAXHWBS2; C:\Windows\System32\Drivers\CAXHWBS2.sys [403968 2006-11-08] (Conexant Systems, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-30] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120725.001\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)
2 int15; C:\Windows\SysWow64\Drivers\int15.sys [15392 2008-06-11] (Acer, Inc.)
3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120725.033\ENG64.SYS [120440 2012-05-22] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120725.033\EX64.SYS [2068600 2012-05-22] (Symantec Corporation)
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1003520 2009-11-16] (Ralink Technology Corp.)
1 RapportCerberus_34302; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [397520 2011-12-15] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-07-08] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101464 2012-07-08] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297048 2012-07-08] (Trusteer Ltd.)
1 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-23] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMTDIV.SYS [432760 2011-04-20] (Symantec Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SYMFW; C:\Windows\System32\Drivers\N360x64\0308030.006\SYMFW.SYS [x]
3 SYMNDISV; C:\Windows\System32\Drivers\N360x64\0308030.006\SYMNDISV.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-29 23:24 - 2012-07-29 23:41 - 71020544 ____A C:\Windows\System32\config\software.old
2012-07-26 18:31 - 2012-07-26 18:31 - 00000000 __SHD C:\found.001
2012-07-26 13:15 - 2012-07-26 14:17 - 00000000 ____D C:\Windows\SysWOW64\vi-VN
2012-07-26 13:15 - 2012-07-26 14:17 - 00000000 ____D C:\Windows\SysWOW64\eu-ES
2012-07-26 13:15 - 2012-07-26 14:17 - 00000000 ____D C:\Windows\SysWOW64\ca-ES
2012-07-26 13:15 - 2012-07-26 14:16 - 00000000 ____D C:\Windows\System32\vi-VN
2012-07-26 13:15 - 2012-07-26 14:16 - 00000000 ____D C:\Windows\System32\eu-ES
2012-07-26 13:15 - 2012-07-26 14:16 - 00000000 ____D C:\Windows\System32\ca-ES
2012-07-26 10:59 - 2012-07-26 10:59 - 00000000 ____D C:\Windows\System32\EventProviders


============ 3 Months Modified Files ========================

2012-07-29 23:48 - 2006-11-02 04:33 - 36175872 ____A C:\Windows\System32\config\system.old
2012-07-29 23:48 - 2006-11-02 04:33 - 00057344 ____A C:\Windows\System32\config\sam.old
2012-07-29 23:48 - 2006-11-02 04:33 - 00024576 ____A C:\Windows\System32\config\SECURITY.old
2012-07-29 23:41 - 2012-07-29 23:24 - 71020544 ____A C:\Windows\System32\config\software.old
2012-07-29 23:19 - 2006-11-02 04:33 - 36093952 ____A C:\Windows\System32\config\system.oldest
2012-07-29 23:19 - 2006-11-02 04:33 - 00057344 ____A C:\Windows\System32\config\sam.oldest
2012-07-29 23:19 - 2006-11-02 04:33 - 00024576 ____A C:\Windows\System32\config\security.oldest
2012-07-29 19:40 - 2006-11-02 04:33 - 00237568 ____A C:\Windows\System32\config\default.old
2012-07-29 18:26 - 2006-11-02 04:33 - 36175872 ____A C:\Windows\System32\config\system.older
2012-07-29 18:26 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security.older
2012-07-29 18:26 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam.older
2012-07-29 14:51 - 2009-06-20 13:26 - 365408118 ____A C:\Windows\MEMORY.DMP
2012-07-29 14:20 - 2006-11-02 04:33 - 71041024 ____A C:\Windows\System32\config\software.older
2012-07-29 14:20 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\default.older
2012-07-27 16:25 - 2006-11-02 04:33 - 00237568 ____A C:\Windows\System32\config\default.oldest
2012-07-26 13:16 - 2006-11-02 07:42 - 00032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-26 13:16 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 13:16 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 13:16 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 13:14 - 2006-11-02 07:27 - 00075108 ____A C:\Windows\setupact.log
2012-07-26 13:11 - 2008-09-01 11:23 - 02088505 ____A C:\Windows\WindowsUpdate.log
2012-07-26 12:58 - 2010-02-10 14:46 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-26 12:57 - 2012-06-21 19:46 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3634762447-448836394-2980750380-1000UA.job
2012-07-26 11:02 - 2006-11-02 04:46 - 00716862 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 10:56 - 2010-02-10 14:46 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-26 10:56 - 2008-09-01 11:30 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2012-07-25 15:54 - 2008-12-21 12:12 - 00023438 ____A C:\Users\Morse\AppData\Roaming\wklnhst.dat
2012-07-25 08:57 - 2012-06-21 19:46 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3634762447-448836394-2980750380-1000Core.job
2012-07-15 06:29 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-13 19:59 - 2008-01-20 19:26 - 00201420 ____A C:\Windows\PFRO.log
2012-07-08 03:19 - 2011-04-02 11:04 - 00101464 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2012-06-25 10:55 - 2012-06-25 10:55 - 04803696 ____A C:\Users\Morse\Documents\LJP1100_P1560_P1600-HB-win64-en.exe
2012-06-25 10:41 - 2012-06-25 10:41 - 00001953 ____A C:\Users\Public\Desktop\Adobe Reader 8.lnk
2012-06-20 08:00 - 2012-06-12 14:32 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-06-18 09:26 - 2008-12-20 17:23 - 00038400 ____A C:\Users\Morse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-13 22:17 - 2012-06-13 22:18 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-13 22:17 - 2012-06-13 22:18 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-13 22:17 - 2012-06-13 22:18 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-13 22:17 - 2012-06-13 22:18 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-13 22:17 - 2010-07-24 09:55 - 00687600 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-06-13 22:16 - 2012-06-13 22:16 - 00893936 ____A (Oracle Corporation) C:\Users\Morse\Desktop\jxpiinstall.exe
2012-06-13 18:58 - 2012-06-13 18:58 - 50994826 ____A (eRightSoft ) C:\Users\Morse\Downloads\SUPERsetup_v2012.51.exe
2012-06-13 18:24 - 2012-06-13 18:24 - 27901317 ____A (Leawo Software Co.,Ltd. ) C:\Users\Morse\Downloads\videoconverter_setup.exe
2012-06-13 18:10 - 2012-06-13 18:10 - 00872029 ____A C:\Users\Morse\Downloads\HxDSetupEN.zip
2012-06-13 17:56 - 2012-06-13 17:56 - 00000937 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-13 17:54 - 2012-06-13 17:54 - 22259528 ____A C:\Users\Morse\Downloads\vlc-2.0.1-win32.exe
2012-06-13 17:02 - 2012-06-13 17:02 - 00001792 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-13 17:00 - 2009-01-16 06:39 - 39483256 ____A (Apple Inc.) C:\Users\Morse\Downloads\QuickTimeInstaller.exe
2012-06-13 15:46 - 2012-06-13 15:46 - 00292184 ____A (Microsoft Corporation) C:\Users\Morse\Downloads\dxwebsetup.exe
2012-06-13 05:52 - 2009-03-26 03:45 - 00002231 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-06-12 14:32 - 2012-03-14 12:43 - 00414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-12 14:18 - 2012-06-12 14:18 - 00893936 ____A (Oracle Corporation) C:\Users\Morse\Downloads\jxpiinstall.exe
2012-05-28 15:17 - 2009-01-07 14:07 - 00002509 ____A C:\Users\Morse\Desktop\Microsoft Works Word Processor.lnk
2012-05-13 08:25 - 2006-11-02 07:21 - 00501152 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 12:39 - 2008-12-19 14:18 - 00165432 ____A C:\Users\Morse\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-12 10:01 - 2012-05-12 08:46 - 00001015 ____A C:\Windows\NWC.INI

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 6132.38 MB
Available physical RAM: 5593.91 MB
Total Pagefile: 5934.28 MB
Available Pagefile: 5687.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:428.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
7 Drive i: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
8 Drive x: (PQSERVICE) (Fixed) (Total:9.77 GB) (Free:2.17 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 596 GB 955 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 961 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 32 KB
Partition 2 Primary 586 GB 10 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 X PQSERVICE NTFS Partition 10 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C OS NTFS Partition 586 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 961 MB 16 KB

==================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 I FAT Removable 961 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-27 16:25

======================= End Of Log ==========================




Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 01:25:50
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-10-20 15:25] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-10-20 15:25] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2009-10-20 15:25] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-24 10:15] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-09-24 10:15] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

====== End Of Search ======


Thanks in advance!

Edited by hamluis, 30 July 2012 - 07:57 AM.
Moved from Vista to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 04 August 2012 - 12:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463042 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:02 AM

Posted 04 August 2012 - 08:13 AM

Morse138,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

FRST
Boot back into System Recovery Options and run FRST.
Type the following in the edit box after "Search:".

explorer.exe

Click Search button and post the log (Search.txt) it makes to your reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 Morse138

Morse138
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 05 August 2012 - 11:12 PM

First off, thanks for the help Jason! I'm not very computer savvy, so when something goes wrong I tend to worry.

Here is my Search log:

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-06 00:04:42
Running from I:\

================== Search: "explorer.exe" ===================

C:\Windows\explorer.exe
[2009-10-20 15:26] - [2009-04-10 23:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009-10-20 15:25] - [2009-04-10 22:27] - 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2008-12-19 14:20] - [2008-10-29 19:59] - 2927616 ____A (Microsoft Corporation) 50BA5850147410CDE89C523AD3BC606E

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008-12-19 14:20] - [2008-10-28 22:29] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008-12-19 14:20] - [2008-10-27 18:15] - 2923520 ____A (Microsoft Corporation) E7156B0B74762D9DE0E66BDCDE06E5FB

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008-12-19 14:20] - [2008-10-28 22:20] - 2923520 ____A (Microsoft Corporation) 37440D09DEAE0B672A04DCCF7ABF06BE

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009-10-20 15:26] - [2009-04-10 23:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008-12-19 14:20] - [2008-10-29 21:30] - 3081216 ____A (Microsoft Corporation) E404A65EF890140410E9F3D405841C95

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2008-12-19 14:20] - [2008-10-28 22:49] - 3080704 ____A (Microsoft Corporation) BBD8E74F23D7605CB0CDB57A1B25D826

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008-01-20 18:48] - [2008-01-20 18:48] - 3080704 ____A (Microsoft Corporation) F6D765FB6B457542D954682F50C26E4F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008-12-19 14:20] - [2008-10-27 18:30] - 3086848 ____A (Microsoft Corporation) 72B9990E45C25AA3C75C4FB50A9D6CE0

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008-12-19 14:20] - [2008-10-28 22:15] - 3087360 ____A (Microsoft Corporation) 50514057C28A74BAC2BD04B7B990D615

C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009-09-24 10:15] - [2009-04-10 22:27] - 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009-09-24 10:15] - [2009-04-10 23:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

====== End Of Search ======

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:02 AM

Posted 06 August 2012 - 09:58 AM

Morse138,

I'd like to see a new FRST log. Please delete the FRST.exe file on your USB flashdrive, along with Search.txt and FRST.txt


Please download a NEW Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

- OR -

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 Morse138

Morse138
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 06 August 2012 - 01:49 PM

Here's the log:

Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 06-08-2012 14:39:42
Running from I:\
Windows Vista ™ Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [138264 2008-03-31] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [203288 2008-03-31] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [167448 2008-03-31] (Intel Corporation)
HKLM-x32\...\Run: [LchDrvKey] LchDrvKey.exe [x]
HKLM-x32\...\Run: [LedKey] CNYHKey.exe [x]
HKLM-x32\...\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [8192 2008-07-16] (Acer Inc.)
HKLM-x32\...\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A [53248 2008-05-21] (IOI)
HKLM-x32\...\Run: [eRecoveryService] [x]
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot [185872 2009-01-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-11-17] (Apple Inc.)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Morse\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-12-19] (Google Inc.)
HKU\Morse\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Morse\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Morse\...\Run: [Google Update] "C:\Users\Morse\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-27] (Google Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [339968 2009-04-10] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [200704 2008-07-16] (Acer Inc.)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [25088 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [x ] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Morse\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Morse\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [290832 2011-12-12] (Verizon)
3 iPod Service; "C:\Program Files (x86)\iPod\bin\iPodService.exe" [932640 2010-11-17] (Apple Inc.)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 RalinkRegistryWriter; C:\Program Files (x86)\ZyXEL\N220\Common\RalinkRegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-08] (Trusteer Ltd.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 WerSvc; C:\Windows\System32\WerSvc.dll [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [58496 2008-01-20] (Microsoft Corporation)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
3 CAXHWBS2; C:\Windows\System32\Drivers\CAXHWBS2.sys [403968 2006-11-08] (Conexant Systems, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-30] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120725.001\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)
2 int15; C:\Windows\SysWow64\Drivers\int15.sys [15392 2008-06-11] (Acer, Inc.)
3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120725.033\ENG64.SYS [120440 2012-05-22] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120725.033\EX64.SYS [2068600 2012-05-22] (Symantec Corporation)
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1003520 2009-11-16] (Ralink Technology Corp.)
1 RapportCerberus_34302; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [397520 2011-12-15] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-07-08] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101464 2012-07-08] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297048 2012-07-08] (Trusteer Ltd.)
1 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-23] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMTDIV.SYS [432760 2011-04-20] (Symantec Corporation)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SYMFW; C:\Windows\System32\Drivers\N360x64\0308030.006\SYMFW.SYS [x]
3 SYMNDISV; C:\Windows\System32\Drivers\N360x64\0308030.006\SYMNDISV.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-29 23:24 - 2012-07-29 23:41 - 71020544 ____A C:\Windows\System32\config\software.old
2012-07-26 18:31 - 2012-07-26 18:31 - 00000000 __SHD C:\found.001
2012-07-26 13:15 - 2012-07-26 14:17 - 00000000 ____D C:\Windows\SysWOW64\vi-VN
2012-07-26 13:15 - 2012-07-26 14:17 - 00000000 ____D C:\Windows\SysWOW64\eu-ES
2012-07-26 13:15 - 2012-07-26 14:17 - 00000000 ____D C:\Windows\SysWOW64\ca-ES
2012-07-26 13:15 - 2012-07-26 14:16 - 00000000 ____D C:\Windows\System32\vi-VN
2012-07-26 13:15 - 2012-07-26 14:16 - 00000000 ____D C:\Windows\System32\eu-ES
2012-07-26 13:15 - 2012-07-26 14:16 - 00000000 ____D C:\Windows\System32\ca-ES
2012-07-26 10:59 - 2012-07-26 10:59 - 00000000 ____D C:\Windows\System32\EventProviders


============ 3 Months Modified Files ========================

2012-07-29 23:48 - 2006-11-02 04:33 - 36175872 ____A C:\Windows\System32\config\system.old
2012-07-29 23:48 - 2006-11-02 04:33 - 00057344 ____A C:\Windows\System32\config\sam.old
2012-07-29 23:48 - 2006-11-02 04:33 - 00024576 ____A C:\Windows\System32\config\SECURITY.old
2012-07-29 23:41 - 2012-07-29 23:24 - 71020544 ____A C:\Windows\System32\config\software.old
2012-07-29 23:19 - 2006-11-02 04:33 - 36093952 ____A C:\Windows\System32\config\system.oldest
2012-07-29 23:19 - 2006-11-02 04:33 - 00057344 ____A C:\Windows\System32\config\sam.oldest
2012-07-29 23:19 - 2006-11-02 04:33 - 00024576 ____A C:\Windows\System32\config\security.oldest
2012-07-29 19:40 - 2006-11-02 04:33 - 00237568 ____A C:\Windows\System32\config\default.old
2012-07-29 18:26 - 2006-11-02 04:33 - 36175872 ____A C:\Windows\System32\config\system.older
2012-07-29 18:26 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security.older
2012-07-29 18:26 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam.older
2012-07-29 14:51 - 2009-06-20 13:26 - 365408118 ____A C:\Windows\MEMORY.DMP
2012-07-29 14:20 - 2006-11-02 04:33 - 71041024 ____A C:\Windows\System32\config\software.older
2012-07-29 14:20 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\default.older
2012-07-27 16:25 - 2006-11-02 04:33 - 00237568 ____A C:\Windows\System32\config\default.oldest
2012-07-26 13:16 - 2006-11-02 07:42 - 00032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-26 13:16 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 13:16 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 13:16 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 13:14 - 2006-11-02 07:27 - 00075108 ____A C:\Windows\setupact.log
2012-07-26 13:11 - 2008-09-01 11:23 - 02088505 ____A C:\Windows\WindowsUpdate.log
2012-07-26 12:58 - 2010-02-10 14:46 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-26 12:57 - 2012-06-21 19:46 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3634762447-448836394-2980750380-1000UA.job
2012-07-26 11:02 - 2006-11-02 04:46 - 00716862 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 10:56 - 2010-02-10 14:46 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-26 10:56 - 2008-09-01 11:30 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2012-07-25 15:54 - 2008-12-21 12:12 - 00023438 ____A C:\Users\Morse\AppData\Roaming\wklnhst.dat
2012-07-25 08:57 - 2012-06-21 19:46 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3634762447-448836394-2980750380-1000Core.job
2012-07-15 06:29 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-13 19:59 - 2008-01-20 19:26 - 00201420 ____A C:\Windows\PFRO.log
2012-07-08 03:19 - 2011-04-02 11:04 - 00101464 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2012-06-25 10:55 - 2012-06-25 10:55 - 04803696 ____A C:\Users\Morse\Documents\LJP1100_P1560_P1600-HB-win64-en.exe
2012-06-25 10:41 - 2012-06-25 10:41 - 00001953 ____A C:\Users\Public\Desktop\Adobe Reader 8.lnk
2012-06-20 08:00 - 2012-06-12 14:32 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-06-18 09:26 - 2008-12-20 17:23 - 00038400 ____A C:\Users\Morse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-13 22:17 - 2012-06-13 22:18 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-13 22:17 - 2012-06-13 22:18 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-13 22:17 - 2012-06-13 22:18 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-13 22:17 - 2012-06-13 22:18 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-13 22:17 - 2010-07-24 09:55 - 00687600 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-06-13 22:16 - 2012-06-13 22:16 - 00893936 ____A (Oracle Corporation) C:\Users\Morse\Desktop\jxpiinstall.exe
2012-06-13 18:58 - 2012-06-13 18:58 - 50994826 ____A (eRightSoft ) C:\Users\Morse\Downloads\SUPERsetup_v2012.51.exe
2012-06-13 18:24 - 2012-06-13 18:24 - 27901317 ____A (Leawo Software Co.,Ltd. ) C:\Users\Morse\Downloads\videoconverter_setup.exe
2012-06-13 18:10 - 2012-06-13 18:10 - 00872029 ____A C:\Users\Morse\Downloads\HxDSetupEN.zip
2012-06-13 17:56 - 2012-06-13 17:56 - 00000937 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-13 17:54 - 2012-06-13 17:54 - 22259528 ____A C:\Users\Morse\Downloads\vlc-2.0.1-win32.exe
2012-06-13 17:02 - 2012-06-13 17:02 - 00001792 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-13 17:00 - 2009-01-16 06:39 - 39483256 ____A (Apple Inc.) C:\Users\Morse\Downloads\QuickTimeInstaller.exe
2012-06-13 15:46 - 2012-06-13 15:46 - 00292184 ____A (Microsoft Corporation) C:\Users\Morse\Downloads\dxwebsetup.exe
2012-06-13 05:52 - 2009-03-26 03:45 - 00002231 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-06-12 14:32 - 2012-03-14 12:43 - 00414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-12 14:18 - 2012-06-12 14:18 - 00893936 ____A (Oracle Corporation) C:\Users\Morse\Downloads\jxpiinstall.exe
2012-05-28 15:17 - 2009-01-07 14:07 - 00002509 ____A C:\Users\Morse\Desktop\Microsoft Works Word Processor.lnk
2012-05-13 08:25 - 2006-11-02 07:21 - 00501152 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 12:39 - 2008-12-19 14:18 - 00165432 ____A C:\Users\Morse\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-12 10:01 - 2012-05-12 08:46 - 00001015 ____A C:\Windows\NWC.INI

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 6132.38 MB
Available physical RAM: 5574.02 MB
Total Pagefile: 5934.28 MB
Available Pagefile: 5662.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:429.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
7 Drive i: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
8 Drive x: (PQSERVICE) (Fixed) (Total:9.77 GB) (Free:2.17 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 596 GB 955 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 961 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 32 KB
Partition 2 Primary 586 GB 10 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 X PQSERVICE NTFS Partition 10 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C OS NTFS Partition 586 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 961 MB 16 KB

==================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 I FAT Removable 961 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-27 16:25

======================= End Of Log ==========================

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:02 AM

Posted 06 August 2012 - 06:36 PM

Morse138,

Boot to System Recovery Options and run FRST, as we've done previously.

Type the following in the edit box after "Search:".

explorer.exe

Click Search button and post the log (Search.txt) it makes to your reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 Morse138

Morse138
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 06 August 2012 - 08:21 PM

Here's the log:


Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 2012-08-06 21:14:18
Running from I:\

================== Search: "explorer.exe" ===================

C:\Windows\explorer.exe
[2009-10-20 15:26] - [2009-04-10 23:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009-10-20 15:25] - [2009-04-10 22:27] - 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2008-12-19 14:20] - [2008-10-29 19:59] - 2927616 ____A (Microsoft Corporation) 50BA5850147410CDE89C523AD3BC606E

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008-12-19 14:20] - [2008-10-28 22:29] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008-12-19 14:20] - [2008-10-27 18:15] - 2923520 ____A (Microsoft Corporation) E7156B0B74762D9DE0E66BDCDE06E5FB

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008-12-19 14:20] - [2008-10-28 22:20] - 2923520 ____A (Microsoft Corporation) 37440D09DEAE0B672A04DCCF7ABF06BE

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009-10-20 15:26] - [2009-04-10 23:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008-12-19 14:20] - [2008-10-29 21:30] - 3081216 ____A (Microsoft Corporation) E404A65EF890140410E9F3D405841C95

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2008-12-19 14:20] - [2008-10-28 22:49] - 3080704 ____A (Microsoft Corporation) BBD8E74F23D7605CB0CDB57A1B25D826

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008-01-20 18:48] - [2008-01-20 18:48] - 3080704 ____A (Microsoft Corporation) F6D765FB6B457542D954682F50C26E4F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008-12-19 14:20] - [2008-10-27 18:30] - 3086848 ____A (Microsoft Corporation) 72B9990E45C25AA3C75C4FB50A9D6CE0

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008-12-19 14:20] - [2008-10-28 22:15] - 3087360 ____A (Microsoft Corporation) 50514057C28A74BAC2BD04B7B990D615

C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009-09-24 10:15] - [2009-04-10 22:27] - 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009-09-24 10:15] - [2009-04-10 23:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

====== End Of Search ======

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:02 AM

Posted 06 August 2012 - 09:02 PM

Morse138,

Just a clarification - can you boot your computer successfully?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 Morse138

Morse138
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 07 August 2012 - 12:09 PM

When I boot from the hard drive, I get an 0xc0000034 error. When I boot from the recovery disk, my computer does an infinite loop to the Windows Error Recovery screen. So in short, no.

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:02 AM

Posted 07 August 2012 - 01:38 PM

Morse138,

Okay, thank you for the detailed description. :thumbup2:

I think I know why you're not able to boot successfully, and the following fix should hopefully correct that:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Replace: C\WINSXS\WOW64_MICROSOFT-WINDOWS-EXPLORER_31BF3856AD364E35_6.0.6002.18005_NONE_BA1365F4639C6D3C\explorer.exe C:\Windows\SysWOW64\explorer.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Try starting your computer normally, and let me know if you're successful or not.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Morse138

Morse138
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 07 August 2012 - 02:41 PM

My computer failed to boot from both the hard drive and recovery disk, but in each case the computer looped to the Error Recovery screen.

Here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 03
Ran by SYSTEM at 2012-08-07 15:26:45 Run:1
Running from I:\

==============================================

Could not find Replace: C\WINSXS\WOW64_MICROSOFT-WINDOWS-EXPLORER_31BF3856AD364E35_6.0.6002.18005_NONE_BA1365F4639C6D3C\explorer.exe C:\Windows\SysWOW64\explorer.exe.
Could not find Replace: C\WINSXS\WOW64_MICROSOFT-WINDOWS-EXPLORER_31BF3856AD364E35_6.0.6002.18005_NONE_BA1365F4639C6D3C\explorer.exe C:\Windows\SysWOW64\explorer.exe.

==== End of Fixlog ====

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:02 AM

Posted 08 August 2012 - 06:24 PM

Morse138,

My mistake. Do this instead:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

CMD: copy /y C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe C:\Windows\SysWOW64
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [339968 2009-04-10] (Microsoft Corporation)

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Try starting your computer normally, and let me know if you're successful or not.

Edited by jntkwx, 08 August 2012 - 07:29 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 Morse138

Morse138
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 08 August 2012 - 10:52 PM

My computer failed to boot just like the last time.

Here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 03
Ran by SYSTEM at 2012-08-08 23:36:12 Run:2
Running from I:\

==============================================


========= copy /y C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe C:\Windows\SysWOW64 =========

1 file(s) copied.

========= End of CMD: =========

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.

==== End of Fixlog ====

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:02 AM

Posted 08 August 2012 - 10:56 PM

When you say "failed to boot", what exactly do you mean? The Error Recovery screen? Are you given any options to choose from?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users