Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD - Boot loop - frst.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 joshmus

joshmus

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 06 December 2012 - 07:52 AM

I have a Windows 7 PC that sat idle, unplugged for about two weeks. Upon booting it up, I was presented with a BSOD that constantly rebooted the PC. I first attempt chkdsk with no real results. I then attempted to boot into repair the installation and got the message: Startup repair offline, bad driver. I followed the thread found here, http://www.bleepingcomputer.com/forums/topic470140.html, and now I need someone to look at my FRST log. Anyone? Thanks!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 05-12-2012 19:00:14
Running from H:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKU\Administrator\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [16070136 2012-11-08] (Google)
HKU\Administrator\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17416880 2012-07-13] (Skype Technologies S.A.)
HKU\Administrator\...\Run: [AdobeBridge] [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation)
Tcpip\..\Interfaces\{765B2012-64C5-44B0-B0CE-D933D62A573A}: [NameServer]10.10.4.15,10.10.4.2
IMEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z
Startup: C:\Users\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [558592 2011-01-17] (Hauppauge Computer Works)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 [251760 2012-11-20] (BUFFALO INC.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
2 NPVR Recording Service; "C:\Program Files (x86)\NPVR\NRecord.exe" [48640 2012-10-01] (Menten Holdings Ltd)
2 PRTGProbeService; "C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe" [x]

==================== Drivers (Whitelisted) =====================

3 hcw18bda; C:\Windows\System32\Drivers\hcw18bda.sys [912896 2010-09-20] (Hauppauge Computer Works, Inc)
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
1 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-29 11:29 - 2012-11-29 11:29 - 00000612 ____A C:\Users\Administrator\Desktop\subinacl
2012-11-29 11:11 - 2012-11-29 11:12 - 00000000 ____D C:\tools
2012-11-29 11:11 - 2012-11-29 11:11 - 00379392 ____A C:\Users\Administrator\Downloads\subinacl.msi
2012-11-29 10:56 - 2012-11-29 11:04 - 02080855 ____A C:\2600.log
2012-11-29 10:56 - 2012-11-29 10:56 - 03870752 ____A C:\Users\Administrator\Downloads\CLJ2600-HB-pnp-win32-en.exe
2012-11-29 10:28 - 2012-11-29 10:28 - 35310352 ____A C:\Users\Administrator\Desktop\X-GPD_5.273.23.2_PCL_x64.exe
2012-11-29 10:28 - 2012-11-29 10:28 - 33366928 ____A C:\Users\Administrator\Desktop\X-GPD_5.273.23.2_PCL_32.exe
2012-11-29 10:15 - 2012-11-29 10:15 - 13296097 ____A C:\Users\Administrator\Downloads\ColorQube_PCL664_5.145.12.0_English.zip
2012-11-29 10:15 - 2012-11-29 10:15 - 11083071 ____A C:\Users\Administrator\Downloads\ColorQube_PCL6_5.145.12.0_English.zip
2012-11-29 09:58 - 2012-11-29 09:58 - 33366752 ____A C:\Users\Administrator\Downloads\X-GPD_5.273.23.2_PCL6_32.exe
2012-11-28 12:41 - 2012-11-29 05:42 - 00000000 ___RD C:\Users\Administrator\Dropbox
2012-11-28 12:41 - 2012-11-28 12:41 - 00001017 ____A C:\Users\Administrator\Desktop\Dropbox.lnk
2012-11-28 12:40 - 2012-11-29 05:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dropbox
2012-11-28 12:40 - 2012-11-28 12:40 - 19462368 ____A (Dropbox, Inc.) C:\Users\Administrator\Downloads\Dropbox 1.6.2 (2).exe
2012-11-28 12:39 - 2012-11-28 12:40 - 19462368 ____A (Dropbox, Inc.) C:\Users\Administrator\Downloads\Dropbox 1.6.2 (1).exe
2012-11-28 12:39 - 2012-11-28 12:39 - 19462368 ____A (Dropbox, Inc.) C:\Users\Administrator\Downloads\Dropbox 1.6.2.exe
2012-11-28 12:00 - 2012-11-28 12:00 - 02400448 ____A C:\Users\Administrator\Downloads\voice-message (1).wav
2012-11-28 10:54 - 2012-11-28 11:01 - 00000000 ____D C:\Users\Administrator\Downloads\ADModify_2.1
2012-11-28 10:53 - 2012-11-28 10:53 - 00888134 ____A C:\Users\Administrator\Downloads\ADModify_2.1.zip
2012-11-28 09:31 - 2012-11-28 09:31 - 00184688 ____A C:\Users\Administrator\Downloads\voice-message.wav
2012-11-28 08:54 - 2012-11-28 08:54 - 00103936 ____A C:\Users\Administrator\Downloads\JM Travel Expense Voucher - Template.xls
2012-11-28 07:56 - 2012-11-28 07:56 - 00661734 ____A C:\Users\Administrator\Downloads\iPadImplementationPackage.pptx
2012-11-27 13:21 - 2012-11-27 13:21 - 00000000 ____A C:\Windows\HPMProp.INI
2012-11-27 07:15 - 2012-11-27 07:15 - 00000000 ____D C:\Users\Administrator\Downloads\Profwiz3
2012-11-27 07:14 - 2012-11-27 07:14 - 00309357 ____A C:\Users\Administrator\Downloads\Profwiz3.zip
2012-11-26 08:17 - 2012-11-26 08:17 - 00000000 ____D C:\Windows\pss
2012-11-21 11:43 - 2012-11-21 11:43 - 00394728 ____A C:\Users\Administrator\Downloads\BGInfo.zip
2012-11-21 10:21 - 2012-11-21 10:21 - 00059392 ____A C:\Users\Administrator\Downloads\Request for Overnight Travel form.xls
2012-11-21 07:39 - 2012-11-21 07:39 - 00000000 ____A C:\users.txt
2012-11-21 06:44 - 2012-11-29 10:55 - 00024380 ____A C:\Users\Administrator\AppData\Roaming\Notepad2.ini
2012-11-21 06:44 - 2012-11-21 06:44 - 00000000 ____D C:\Program Files\Notepad2
2012-11-21 06:43 - 2012-11-21 06:43 - 00552384 ____A C:\Users\Administrator\Downloads\notepad2v1108.7z
2012-11-21 06:18 - 2012-11-21 06:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft_Corporation
2012-11-21 06:16 - 2012-11-21 06:16 - 00002199 ____A C:\Users\Administrator\Downloads\create_ad_users.zip
2012-11-20 12:08 - 2012-11-20 12:08 - 00000000 ____D C:\Users\Administrator\Documents\NasNavi
2012-11-20 12:08 - 2012-11-20 12:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\NASNaviator2
2012-11-20 12:08 - 2012-11-20 12:08 - 00000000 ____D C:\Program Files (x86)\BUFFALO
2012-11-20 12:06 - 2012-11-20 12:06 - 67221744 ____A C:\Users\Administrator\Downloads\nasnavi-255w.zip
2012-11-20 12:06 - 2012-11-20 12:06 - 00000000 ____D C:\Users\Administrator\Downloads\nasnavi-255w
2012-11-20 09:01 - 2012-11-20 09:01 - 00043162 ____A C:\Users\Administrator\Downloads\Cisco consortium SmartNet.router 2012.11.13.xlsx
2012-11-20 05:58 - 2012-11-20 05:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Corporation
2012-11-20 05:57 - 2012-11-20 05:57 - 00000000 ____D C:\Program Files (x86)\Remote Desktop Connection Manager
2012-11-20 05:56 - 2012-11-20 05:56 - 00807424 ____A C:\Users\Administrator\Downloads\RDCMan (1).msi
2012-11-19 13:22 - 2012-11-20 05:20 - 00000318 ____A C:\Users\Administrator\AppData\Local\RAExpertHistory.xml
2012-11-19 12:46 - 2012-11-29 05:42 - 00000000 ___SD C:\Users\Administrator\Desktop\Google Drive
2012-11-19 12:44 - 2012-11-28 10:50 - 00017510 _RASH C:\Users\All Users\ntuser.pol
2012-11-19 12:44 - 2012-11-20 05:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\VirtualStore
2012-11-19 12:44 - 2012-11-19 12:44 - 00000000 ____D C:\Users\All Users\GroupPolicy
2012-11-19 12:38 - 2012-11-28 11:32 - 00347928 ____A (ForensiT Limited) C:\Windows\UserProfileMigrationService.exe
2012-11-19 12:37 - 2012-12-05 09:40 - 00000128 ____A C:\Windows\System32\config\netlogon.ftl
2012-11-19 12:06 - 2012-11-19 12:06 - 01626624 ____A (Haivision Network Video) C:\Users\Administrator\.instream1353355575554
2012-11-19 11:52 - 2012-11-19 11:52 - 01626624 ____A (Haivision Network Video) C:\Users\Administrator\.instream1353354760423
2012-11-19 11:52 - 2012-11-19 11:52 - 01626624 ____A (Haivision Network Video) C:\Users\Administrator\.instream1353354729802
2012-11-15 00:10 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-15 00:10 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-15 00:10 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-15 00:10 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-15 00:04 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-15 00:04 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-15 00:04 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-15 00:04 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-15 00:04 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-15 00:04 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-15 00:04 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-15 00:04 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-15 00:04 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-15 00:04 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-15 00:04 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-15 00:04 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-15 00:04 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-15 00:04 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-15 00:04 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-15 00:04 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-15 00:04 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-15 00:04 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-15 00:04 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-15 00:04 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-15 00:04 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-15 00:04 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-15 00:04 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-15 00:04 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-15 00:04 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-15 00:04 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-15 00:04 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-15 00:04 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-15 00:04 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-15 00:04 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-15 00:04 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-15 00:04 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-15 00:03 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 00:03 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 00:03 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 00:03 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 00:03 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 00:03 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 00:03 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 00:03 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 21:44 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 21:44 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 21:44 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 21:44 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 21:44 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 21:44 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 21:44 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 21:44 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 21:44 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 21:44 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 21:44 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 21:44 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 21:44 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 21:44 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 21:44 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 21:44 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 21:44 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-14 21:43 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 21:43 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 05:08 - 2012-11-14 05:17 - 00000000 ____D C:\Program Files (x86)\FastResolver
2012-11-14 05:08 - 2012-11-14 05:08 - 00039424 ____A (NirSoft) C:\Windows\zipinst.exe
2012-11-14 04:55 - 2012-11-14 04:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\EMCO
2012-11-13 10:17 - 2012-11-13 10:17 - 00000000 ____D C:\Users\All Users\APP
2012-11-13 10:17 - 2012-11-13 10:17 - 00000000 ____D C:\Lexmark
2012-11-13 09:33 - 2012-11-13 09:34 - 00000000 ____D C:\HP Universal Print Driver
2012-11-12 06:50 - 2012-11-12 06:50 - 00004310 ____A C:\Windows\default.xpb
2012-11-12 06:49 - 2012-11-12 06:49 - 00000000 ____D C:\Users\All Users\Xerox
2012-11-12 06:47 - 2012-11-29 09:58 - 00000000 ____D C:\Xerox
2012-11-07 08:10 - 2012-11-07 08:10 - 00000000 ____D C:\Users\All Users\WebEx
2012-11-07 08:10 - 2012-11-07 08:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\webex


==================== One Month Modified Files and Folders =======

2012-12-05 18:54 - 2012-12-05 18:54 - 00000000 ____D C:\FRST
2012-12-05 15:56 - 2012-10-22 04:11 - 263174722 ____A C:\Windows\MEMORY.DMP
2012-12-05 15:56 - 2012-09-26 23:07 - 00123234 ____A C:\Windows\PFRO.log
2012-12-05 09:49 - 2012-09-27 03:47 - 00000000 ____D C:\Users\Public\NPVR
2012-12-05 09:49 - 2012-09-26 21:41 - 00000000 ____D C:\users\Administrator
2012-12-05 09:49 - 2012-09-26 20:15 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-12-05 09:49 - 2009-07-13 23:12 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-12-05 09:40 - 2012-11-19 12:37 - 00000128 ____A C:\Windows\System32\config\netlogon.ftl
2012-12-05 09:34 - 2009-07-13 20:45 - 00015680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-05 09:34 - 2009-07-13 20:45 - 00015680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-05 09:27 - 2012-09-25 23:47 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-29 11:29 - 2012-11-29 11:29 - 00000612 ____A C:\Users\Administrator\Desktop\subinacl
2012-11-29 11:12 - 2012-11-29 11:11 - 00000000 ____D C:\tools
2012-11-29 11:11 - 2012-11-29 11:11 - 00379392 ____A C:\Users\Administrator\Downloads\subinacl.msi
2012-11-29 11:04 - 2012-11-29 10:56 - 02080855 ____A C:\2600.log
2012-11-29 10:56 - 2012-11-29 10:56 - 03870752 ____A C:\Users\Administrator\Downloads\CLJ2600-HB-pnp-win32-en.exe
2012-11-29 10:55 - 2012-11-21 06:44 - 00024380 ____A C:\Users\Administrator\AppData\Roaming\Notepad2.ini
2012-11-29 10:45 - 2012-09-26 22:34 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-29 10:42 - 2012-09-26 21:59 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3565606276-1700535321-2259041569-500UA.job
2012-11-29 10:28 - 2012-11-29 10:28 - 35310352 ____A C:\Users\Administrator\Desktop\X-GPD_5.273.23.2_PCL_x64.exe
2012-11-29 10:28 - 2012-11-29 10:28 - 33366928 ____A C:\Users\Administrator\Desktop\X-GPD_5.273.23.2_PCL_32.exe
2012-11-29 10:15 - 2012-11-29 10:15 - 13296097 ____A C:\Users\Administrator\Downloads\ColorQube_PCL664_5.145.12.0_English.zip
2012-11-29 10:15 - 2012-11-29 10:15 - 11083071 ____A C:\Users\Administrator\Downloads\ColorQube_PCL6_5.145.12.0_English.zip
2012-11-29 09:58 - 2012-11-29 09:58 - 33366752 ____A C:\Users\Administrator\Downloads\X-GPD_5.273.23.2_PCL6_32.exe
2012-11-29 09:58 - 2012-11-12 06:47 - 00000000 ____D C:\Xerox
2012-11-29 09:00 - 2012-09-25 20:43 - 01875497 ____A C:\Windows\WindowsUpdate.log
2012-11-29 08:06 - 2012-10-15 06:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\VMware
2012-11-29 05:42 - 2012-11-28 12:41 - 00000000 ___RD C:\Users\Administrator\Dropbox
2012-11-29 05:42 - 2012-11-28 12:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dropbox
2012-11-29 05:42 - 2012-11-19 12:46 - 00000000 ___SD C:\Users\Administrator\Desktop\Google Drive
2012-11-29 05:42 - 2012-10-16 06:37 - 00000488 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2012-11-29 05:42 - 2012-09-26 22:33 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-28 20:42 - 2012-09-26 21:59 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3565606276-1700535321-2259041569-500Core.job
2012-11-28 12:41 - 2012-11-28 12:41 - 00001017 ____A C:\Users\Administrator\Desktop\Dropbox.lnk
2012-11-28 12:40 - 2012-11-28 12:40 - 19462368 ____A (Dropbox, Inc.) C:\Users\Administrator\Downloads\Dropbox 1.6.2 (2).exe
2012-11-28 12:40 - 2012-11-28 12:39 - 19462368 ____A (Dropbox, Inc.) C:\Users\Administrator\Downloads\Dropbox 1.6.2 (1).exe
2012-11-28 12:39 - 2012-11-28 12:39 - 19462368 ____A (Dropbox, Inc.) C:\Users\Administrator\Downloads\Dropbox 1.6.2.exe
2012-11-28 12:00 - 2012-11-28 12:00 - 02400448 ____A C:\Users\Administrator\Downloads\voice-message (1).wav
2012-11-28 11:32 - 2012-11-19 12:38 - 00347928 ____A (ForensiT Limited) C:\Windows\UserProfileMigrationService.exe
2012-11-28 11:01 - 2012-11-28 10:54 - 00000000 ____D C:\Users\Administrator\Downloads\ADModify_2.1
2012-11-28 10:53 - 2012-11-28 10:53 - 00888134 ____A C:\Users\Administrator\Downloads\ADModify_2.1.zip
2012-11-28 10:50 - 2012-11-19 12:44 - 00017510 _RASH C:\Users\All Users\ntuser.pol
2012-11-28 09:31 - 2012-11-28 09:31 - 00184688 ____A C:\Users\Administrator\Downloads\voice-message.wav
2012-11-28 08:54 - 2012-11-28 08:54 - 00103936 ____A C:\Users\Administrator\Downloads\JM Travel Expense Voucher - Template.xls
2012-11-28 07:56 - 2012-11-28 07:56 - 00661734 ____A C:\Users\Administrator\Downloads\iPadImplementationPackage.pptx
2012-11-28 06:13 - 2009-07-13 21:13 - 00786422 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-28 06:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spool
2012-11-28 06:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-28 06:08 - 2009-07-13 20:51 - 00024213 ____A C:\Windows\setupact.log
2012-11-28 05:58 - 2012-10-01 20:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2012-11-27 13:21 - 2012-11-27 13:21 - 00000000 ____A C:\Windows\HPMProp.INI
2012-11-27 07:15 - 2012-11-27 07:15 - 00000000 ____D C:\Users\Administrator\Downloads\Profwiz3
2012-11-27 07:14 - 2012-11-27 07:14 - 00309357 ____A C:\Users\Administrator\Downloads\Profwiz3.zip
2012-11-26 08:42 - 2012-09-26 22:58 - 00002006 ___AH C:\Users\Administrator\Documents\Default.rdp
2012-11-26 08:17 - 2012-11-26 08:17 - 00000000 ____D C:\Windows\pss
2012-11-21 11:43 - 2012-11-21 11:43 - 00394728 ____A C:\Users\Administrator\Downloads\BGInfo.zip
2012-11-21 10:29 - 2012-10-19 09:03 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-11-21 10:27 - 2012-09-26 22:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2012-11-21 10:21 - 2012-11-21 10:21 - 00059392 ____A C:\Users\Administrator\Downloads\Request for Overnight Travel form.xls
2012-11-21 07:39 - 2012-11-21 07:39 - 00000000 ____A C:\users.txt
2012-11-21 06:44 - 2012-11-21 06:44 - 00000000 ____D C:\Program Files\Notepad2
2012-11-21 06:43 - 2012-11-21 06:43 - 00552384 ____A C:\Users\Administrator\Downloads\notepad2v1108.7z
2012-11-21 06:18 - 2012-11-21 06:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft_Corporation
2012-11-21 06:16 - 2012-11-21 06:16 - 00002199 ____A C:\Users\Administrator\Downloads\create_ad_users.zip
2012-11-20 12:08 - 2012-11-20 12:08 - 00000000 ____D C:\Users\Administrator\Documents\NasNavi
2012-11-20 12:08 - 2012-11-20 12:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\NASNaviator2
2012-11-20 12:08 - 2012-11-20 12:08 - 00000000 ____D C:\Program Files (x86)\BUFFALO
2012-11-20 12:07 - 2012-09-28 15:29 - 00015276 ____A C:\Windows\UN060501.INI
2012-11-20 12:07 - 2009-05-15 16:36 - 00173360 ____A (BUFFALO INC.) C:\Windows\UN060501.EXE
2012-11-20 12:06 - 2012-11-20 12:06 - 67221744 ____A C:\Users\Administrator\Downloads\nasnavi-255w.zip
2012-11-20 12:06 - 2012-11-20 12:06 - 00000000 ____D C:\Users\Administrator\Downloads\nasnavi-255w
2012-11-20 09:01 - 2012-11-20 09:01 - 00043162 ____A C:\Users\Administrator\Downloads\Cisco consortium SmartNet.router 2012.11.13.xlsx
2012-11-20 05:58 - 2012-11-20 05:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Corporation
2012-11-20 05:58 - 2012-11-19 12:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\VirtualStore
2012-11-20 05:57 - 2012-11-20 05:57 - 00000000 ____D C:\Program Files (x86)\Remote Desktop Connection Manager
2012-11-20 05:56 - 2012-11-20 05:56 - 00807424 ____A C:\Users\Administrator\Downloads\RDCMan (1).msi
2012-11-20 05:20 - 2012-11-19 13:22 - 00000318 ____A C:\Users\Administrator\AppData\Local\RAExpertHistory.xml
2012-11-19 14:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-19 12:44 - 2012-11-19 12:44 - 00000000 ____D C:\Users\All Users\GroupPolicy
2012-11-19 12:06 - 2012-11-19 12:06 - 01626624 ____A (Haivision Network Video) C:\Users\Administrator\.instream1353355575554
2012-11-19 11:52 - 2012-11-19 11:52 - 01626624 ____A (Haivision Network Video) C:\Users\Administrator\.instream1353354760423
2012-11-19 11:52 - 2012-11-19 11:52 - 01626624 ____A (Haivision Network Video) C:\Users\Administrator\.instream1353354729802
2012-11-19 09:54 - 2012-10-08 08:58 - 00000000 ____D C:\Users\All Users\Solarwinds
2012-11-19 09:51 - 2012-10-29 12:02 - 00000000 ____D C:\Program Files (x86)\PRTG Network Monitor
2012-11-16 09:04 - 2012-09-26 22:43 - 00000000 ___SD C:\Users\Administrator\Google Drive
2012-11-15 04:38 - 2012-09-26 21:43 - 00110064 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 00:34 - 2009-07-13 20:45 - 05034328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 00:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-15 00:03 - 2012-09-26 23:00 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-15 00:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2012-11-15 00:00 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-11-14 11:03 - 2012-10-17 08:30 - 00001958 ____A C:\Windows\vpd.properties
2012-11-14 11:03 - 2012-10-17 08:30 - 00000000 ____D C:\Users\Administrator\.networkassistant
2012-11-14 11:03 - 2012-10-17 08:30 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2012-11-14 05:17 - 2012-11-14 05:08 - 00000000 ____D C:\Program Files (x86)\FastResolver
2012-11-14 05:08 - 2012-11-14 05:08 - 00039424 ____A (NirSoft) C:\Windows\zipinst.exe
2012-11-14 04:55 - 2012-11-14 04:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\EMCO
2012-11-13 10:17 - 2012-11-13 10:17 - 00000000 ____D C:\Users\All Users\APP
2012-11-13 10:17 - 2012-11-13 10:17 - 00000000 ____D C:\Lexmark
2012-11-13 09:34 - 2012-11-13 09:33 - 00000000 ____D C:\HP Universal Print Driver
2012-11-12 06:50 - 2012-11-12 06:50 - 00004310 ____A C:\Windows\default.xpb
2012-11-12 06:49 - 2012-11-12 06:49 - 00000000 ____D C:\Users\All Users\Xerox
2012-11-07 08:10 - 2012-11-07 08:10 - 00000000 ____D C:\Users\All Users\WebEx
2012-11-07 08:10 - 2012-11-07 08:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\webex
2012-11-06 13:27 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-18 00:40:29
Restore point made on: 2012-11-19 09:53:28
Restore point made on: 2012-11-20 05:57:14
Restore point made on: 2012-11-24 21:23:17
Restore point made on: 2012-11-29 11:11:41
Restore point made on: 2012-12-05 09:26:42

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4003.38 MB
Available physical RAM: 3432.05 MB
Total Pagefile: 4001.52 MB
Available Pagefile: 3415.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (FantomHD) (Fixed) (Total:1397.26 GB) (Free:1331.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
6 Drive h: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 1024 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 1940 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C FantomHD NTFS Partition 1397 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1920 MB 19 MB

==================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1920 MB Healthy

=========================================================

Last Boot: 2012-11-24 23:35

==================== End Of Log =============================

Edited by hamluis, 06 December 2012 - 02:30 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 PM

Posted 09 December 2012 - 02:19 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs for my review and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:00 PM

Posted 15 December 2012 - 09:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users