Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was stuck in Safe mode, Backdoor trojan


  • This topic is locked This topic is locked
30 replies to this topic

#1 Ernie694

Ernie694

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 06 January 2013 - 12:41 PM

Original topic: http://www.bleepingcomputer.com/forums/topic480397.html

Summary of problem:

The computer was running very slow, and locked up. When tried to reboot it locked up and would not reboot, after many attempts at rebooting and running startup repair, was finally able to get the system to reboot into safe mode. Attempts at system restore did not seem to work, the computer would always lock up upon restart needing to be rebooted into safe mode. All restore points have disappeared the last time that was attempted. Over 3 days the system did reboot into normal mode a few times after long periods of being locked up but each time it would lock up again and then could only be booted into safe mode. Have run all the step as requested in the original post and the computer now will boot into normal mode after approx 20 minutes. I have not tried to take the computer online since it has rebooted into normal mode, once it does boot up it seems to be running fine in the limited capacity i have worked with it. I had no problem in running DDS. I am using an alternative computer and a jump drive to download and save files

DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by home at 11:16:56 on 2013-01-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1488 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Free Ride Games\GPlayer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe
C:\Windows\system32\taskeng.exe
C:\Users\home\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - <orphaned>
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [Facebook Update] "C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\home\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: Interfaces\{2602CB35-B42B-4919-AD6E-F0A152311678} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2602CB35-B42B-4919-AD6E-F0A152311678}\358325D4132313 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2602CB35-B42B-4919-AD6E-F0A152311678}\3756166616E63353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2602CB35-B42B-4919-AD6E-F0A152311678}\E49636B6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4663DF1F-EC87-456B-9C78-82A9EBA5469B} : DHCPNameServer = 68.111.16.30 68.111.16.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-8-5 69376]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-8 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-8 13592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-7-21 1737728]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2012-9-4 56136]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-8-5 17152]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-7-8 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-8 436840]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-7-8 1145960]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-1-3 36680]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-5 1255736]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-8 1817088]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-06 13:57:48 -------- d-----w- C:\Users\home\AppData\Local\{05A83DBA-B428-45F1-8AD2-8BF4CB0C8B58}
2013-01-06 02:21:59 -------- d-----w- C:\Users\home\AppData\Local\Microsoft Games
2013-01-06 02:17:00 -------- d-----w- C:\Users\home\AppData\Local\{E0E8033A-E15D-43A1-8794-C9F5427748C4}
2013-01-05 16:35:56 -------- d-----w- C:\Program Files (x86)\ESET
2013-01-04 23:09:33 -------- d-----w- C:\Users\home\AppData\Local\ElevatedDiagnostics
2013-01-04 18:32:33 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-04 18:32:33 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-04 18:32:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-04 18:32:31 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-04 18:27:42 -------- d-----w- C:\Users\home\AppData\Local\{0624FE89-F5E0-412B-907C-DC90B4812F23}
2013-01-03 15:35:26 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-01-03 15:35:18 -------- d-----w- C:\Users\home\AppData\Roaming\SUPERAntiSpyware.com
2013-01-03 15:34:43 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-01-03 15:34:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-01-03 15:29:58 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-03 14:32:27 -------- d-----w- C:\Users\home\AppData\Local\{4652398E-EB06-4003-849A-78DCF3F47057}
2013-01-02 23:42:24 -------- d-----w- C:\Users\home\AppData\Local\{22F1448B-683E-465E-A3D2-8D8CDC9D6355}
2013-01-02 17:05:24 -------- d-----w- C:\Users\home\AppData\Roaming\Malwarebytes
2013-01-02 17:05:16 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-02 17:05:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-02 17:04:58 -------- d-----w- C:\Users\home\AppData\Local\Programs
2013-01-01 19:30:50 -------- d-----w- C:\Users\home\AppData\Local\{11D319F0-EC6D-4D92-90CB-1DE783C21F00}
2012-12-29 17:32:03 -------- d-----w- C:\Users\home\AppData\Local\{3AE10759-C6D5-488F-9E41-20242720AA40}
2012-12-28 12:49:22 -------- d-----w- C:\Users\home\AppData\Local\{BBBCD07C-B347-4F75-ACBD-E5CEBA8FCA94}
2012-12-26 18:03:14 -------- d-----w- C:\Users\home\AppData\Local\{31A5304F-4CA4-42F4-8FAD-757C6D74843D}
2012-12-26 13:18:07 -------- d-----w- C:\Users\home\AppData\Local\{566EAECB-9846-44A7-9676-5065E73BAD8E}
2012-12-24 16:35:52 -------- d-----w- C:\Users\home\AppData\Local\{BC3DB773-7640-41D7-AF18-0BC1C7ED19EA}
2012-12-23 09:20:38 -------- d-----w- C:\Users\home\AppData\Local\{89FE95E2-F3CA-4949-A7A5-E7B1C851A9B4}
2012-12-19 01:30:20 -------- d-----w- C:\Users\home\AppData\Local\{ADADCA20-BE7A-4835-8EAA-5B777DD2ED27}
2012-12-17 23:52:45 -------- d-----w- C:\Users\home\AppData\Roaming\OfficeSuiteX
2012-12-17 23:40:02 -------- d-----w- C:\Program Files (x86)\Office Suite X 3
2012-12-15 01:04:13 -------- d-----w- C:\Users\home\AppData\Local\{B2B40B67-175B-43AD-A9F7-9AC586941C01}
2012-12-14 09:45:25 -------- d-----w- C:\Users\home\AppData\Local\{8ACF60A7-A907-4ABF-8D2D-B6E4B8A569B0}
2012-12-13 09:35:04 -------- d-----w- C:\Users\home\AppData\Local\{9E525628-FA90-4DE7-A0FC-0DCF4BD1033D}
2012-12-12 14:05:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-10 18:19:00 -------- d-----w- C:\Users\home\AppData\Local\{5BA5E409-4B78-4417-A1A5-BED84B8407BB}
.
==================== Find3M ====================
.
2012-12-12 05:31:45 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 05:31:45 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-15 11:08:24 0 ----a-w- C:\Windows\SysWow64\sho189B.tmp
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-20 13:14:37 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-10-20 13:14:37 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
.
============= FINISH: 11:18:00.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:15 PM

Posted 07 January 2013 - 03:06 PM

Hello Ernie694,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


1.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Adaware or AVG.


2.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 07 January 2013 - 04:12 PM

Hi Fireman,

I uninstalled Adware (no problems this time :) )

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 07-01-2013 15:06:54
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-10-20] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7466600 2012-03-16] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\home\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\home\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [1015808 2010-10-27] (Ares Development Group)
HKU\home\...\Run: [Facebook Update] "C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\home\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [4866520 2012-08-23] (Exent Technologies Ltd.)
HKU\home\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)
HKU\home\...\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun [1179648 2011-10-11] (W3i, LLC)
Startup: C:\Users\home\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) =====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [36680 2013-01-03] ()
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
3 mbamswissarmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-07 15:06 - 2013-01-07 15:06 - 00000000 ____D C:\FRST
2013-01-06 14:28 - 2013-01-06 14:28 - 00000000 ____D C:\Users\home\AppData\Roaming\WildTangent
2013-01-06 09:19 - 2013-01-06 09:19 - 00005456 ____A C:\Users\home\Desktop\attach.txt
2013-01-06 09:19 - 2013-01-06 09:18 - 00022124 ____A C:\Users\home\Desktop\dds.txt
2013-01-06 05:57 - 2013-01-06 05:57 - 00000000 ____D C:\Users\home\AppData\Local\{05A83DBA-B428-45F1-8AD2-8BF4CB0C8B58}
2013-01-05 18:21 - 2013-01-06 07:14 - 00000000 ____D C:\Users\home\AppData\Local\Microsoft Games
2013-01-05 18:17 - 2013-01-05 18:17 - 00000000 ____D C:\Users\home\AppData\Local\{E0E8033A-E15D-43A1-8794-C9F5427748C4}
2013-01-05 17:43 - 2013-01-05 17:43 - 00004961 ____A C:\AdwCleaner[S1].txt
2013-01-05 10:54 - 2013-01-05 10:54 - 00000927 ____A C:\Users\home\Desktop\esetscan.txt
2013-01-05 10:52 - 2013-01-05 10:52 - 00004960 ____A C:\Users\home\Desktop\AdwCleaner[R1].txt
2013-01-05 10:51 - 2013-01-05 10:51 - 00004960 ____A C:\AdwCleaner[R1].txt
2013-01-05 10:47 - 2013-01-05 10:47 - 00551997 ____A C:\Users\home\Desktop\AdwCleaner.exe
2013-01-05 10:27 - 2013-01-05 10:27 - 00002120 ____A C:\scu.dat
2013-01-05 08:35 - 2013-01-05 08:35 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-04 17:26 - 2013-01-04 17:26 - 00027056 ____A C:\Users\home\Desktop\minitoolbox Result.txt
2013-01-04 17:24 - 2013-01-04 17:24 - 00752213 ____A (Farbar) C:\Users\home\Desktop\MiniToolBox.exe
2013-01-04 17:21 - 2013-01-04 17:21 - 00697911 ____A (Farbar) C:\Users\home\Desktop\FSS.exe
2013-01-04 17:19 - 2013-01-04 17:19 - 00001311 ____A C:\Users\home\Desktop\checkup.txt
2013-01-04 17:18 - 2013-01-04 17:18 - 00856731 ____A C:\Users\home\Desktop\SecurityCheck.exe
2013-01-04 14:06 - 2013-01-04 14:06 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\home\Desktop\tdsskiller.exe
2013-01-04 10:32 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-01-04 10:32 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-01-04 10:32 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-01-04 10:32 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-01-04 10:27 - 2013-01-04 10:27 - 00000000 ____D C:\Users\home\AppData\Local\{0624FE89-F5E0-412B-907C-DC90B4812F23}
2013-01-03 07:35 - 2013-01-03 07:35 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-01-03 07:35 - 2013-01-03 07:35 - 00000000 ____D C:\Users\home\Desktop\mbar-1.01.0.1011
2013-01-03 07:35 - 2013-01-03 07:35 - 00000000 ____D C:\Users\home\AppData\Roaming\SUPERAntiSpyware.com
2013-01-03 07:34 - 2013-01-03 07:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-01-03 07:34 - 2013-01-03 07:34 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-01-03 07:34 - 2013-01-03 07:34 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2013-01-03 07:30 - 2013-01-03 07:30 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-03 07:29 - 2012-12-14 14:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-03 07:28 - 2013-01-03 07:28 - 10156424 ____A (Malwarebytes Corporation ) C:\Users\home\Desktop\mbam-setup.exe
2013-01-03 07:27 - 2013-01-03 07:28 - 13485902 ____A C:\Users\home\Desktop\mbar-1.01.0.1011.zip
2013-01-03 07:26 - 2013-01-03 07:28 - 22996024 ____A (SUPERAntiSpyware.com) C:\Users\home\Desktop\SUPERAntiSpyware.exe
2013-01-03 06:32 - 2013-01-03 06:32 - 00000000 ____D C:\Users\home\AppData\Local\{4652398E-EB06-4003-849A-78DCF3F47057}
2013-01-02 15:42 - 2013-01-02 15:42 - 00000000 ____D C:\Users\home\AppData\Local\{22F1448B-683E-465E-A3D2-8D8CDC9D6355}
2013-01-02 09:05 - 2013-01-03 07:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-02 09:05 - 2013-01-02 09:05 - 00000000 ____D C:\Users\home\AppData\Roaming\Malwarebytes
2013-01-02 09:05 - 2013-01-02 09:05 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-01 18:31 - 2013-01-01 18:31 - 00009800 ____N C:\bootsqm.dat
2013-01-01 11:30 - 2013-01-01 11:30 - 00000000 ____D C:\Users\home\AppData\Local\{11D319F0-EC6D-4D92-90CB-1DE783C21F00}
2013-01-01 07:26 - 2013-01-01 07:26 - 00000092 ___AH C:\Users\home\Documents\.~lock.crystals classified listings.ods#
2012-12-29 09:32 - 2012-12-29 09:32 - 00000000 ____D C:\Users\home\AppData\Local\{3AE10759-C6D5-488F-9E41-20242720AA40}
2012-12-28 04:49 - 2012-12-28 04:49 - 00000000 ____D C:\Users\home\AppData\Local\{BBBCD07C-B347-4F75-ACBD-E5CEBA8FCA94}
2012-12-26 10:03 - 2012-12-26 10:03 - 00000000 ____D C:\Users\home\AppData\Local\{31A5304F-4CA4-42F4-8FAD-757C6D74843D}
2012-12-26 05:18 - 2012-12-26 05:18 - 00000000 ____D C:\Users\home\AppData\Local\{566EAECB-9846-44A7-9676-5065E73BAD8E}
2012-12-24 08:35 - 2012-12-24 08:37 - 00000000 ____D C:\Users\home\AppData\Local\{BC3DB773-7640-41D7-AF18-0BC1C7ED19EA}
2012-12-23 01:20 - 2012-12-23 01:20 - 00000000 ____D C:\Users\home\AppData\Local\{89FE95E2-F3CA-4949-A7A5-E7B1C851A9B4}
2012-12-18 17:30 - 2012-12-18 17:30 - 00000000 ____D C:\Users\home\AppData\Local\{ADADCA20-BE7A-4835-8EAA-5B777DD2ED27}
2012-12-17 15:52 - 2013-01-02 18:38 - 00000000 ____D C:\Users\home\AppData\Roaming\OfficeSuiteX
2012-12-17 15:40 - 2013-01-02 18:36 - 00000000 ____D C:\Program Files (x86)\Office Suite X 3
2012-12-17 15:40 - 2012-12-17 15:40 - 00001120 ____A C:\Users\Public\Desktop\Office Suite X 3.3.lnk
2012-12-17 15:37 - 2012-12-17 15:52 - 00000000 ____D C:\Users\home\Desktop\OfSX
2012-12-14 17:04 - 2012-12-14 17:04 - 00000000 ____D C:\Users\home\AppData\Local\{B2B40B67-175B-43AD-A9F7-9AC586941C01}
2012-12-14 01:45 - 2012-12-14 01:47 - 00000000 ____D C:\Users\home\AppData\Local\{8ACF60A7-A907-4ABF-8D2D-B6E4B8A569B0}
2012-12-14 01:25 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-14 01:25 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-14 01:25 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-14 01:25 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-14 01:25 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-14 01:25 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-14 01:25 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-14 01:25 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-14 01:25 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-14 01:25 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-14 01:25 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-14 01:25 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-14 01:25 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-14 01:25 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-14 01:25 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-14 01:25 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-14 01:25 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-14 01:25 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-14 01:25 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-14 01:25 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-14 01:25 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-14 01:25 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-14 01:25 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-14 01:25 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-14 01:25 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-14 01:25 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-14 01:25 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-14 01:25 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-14 01:25 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-14 01:25 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-14 01:25 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-14 01:25 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-13 01:35 - 2012-12-13 01:35 - 00000000 ____D C:\Users\home\AppData\Local\{9E525628-FA90-4DE7-A0FC-0DCF4BD1033D}
2012-12-12 06:06 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-12 06:06 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-12 06:06 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-12 06:06 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-12 06:06 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-12 06:06 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-12 06:06 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-12 06:06 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-12 06:06 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-12 06:06 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-12 06:06 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-12 06:06 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-12 06:06 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-12 06:06 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-12 06:06 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-12 06:06 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-12 06:06 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-12 06:05 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-12 06:05 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-12 06:05 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 06:05 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-10 10:19 - 2012-12-10 10:19 - 00000000 ____D C:\Users\home\AppData\Local\{5BA5E409-4B78-4417-A1A5-BED84B8407BB}

==================== One Month Modified Files and Folders =======

2013-01-07 15:06 - 2013-01-07 15:06 - 00000000 ____D C:\FRST
2013-01-07 12:58 - 2012-03-21 11:49 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-07 12:54 - 2012-04-11 19:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-07 12:53 - 2011-07-08 15:58 - 01734953 ____A C:\Windows\WindowsUpdate.log
2013-01-07 11:52 - 2012-03-30 15:57 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3779559410-3828941652-17409569-1000UA.job
2013-01-06 15:58 - 2012-03-21 11:49 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-06 14:28 - 2013-01-06 14:28 - 00000000 ____D C:\Users\home\AppData\Roaming\WildTangent
2013-01-06 14:26 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-06 14:25 - 2012-03-30 15:57 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3779559410-3828941652-17409569-1000Core.job
2013-01-06 09:19 - 2013-01-06 09:19 - 00005456 ____A C:\Users\home\Desktop\attach.txt
2013-01-06 09:18 - 2013-01-06 09:19 - 00022124 ____A C:\Users\home\Desktop\dds.txt
2013-01-06 07:14 - 2013-01-05 18:21 - 00000000 ____D C:\Users\home\AppData\Local\Microsoft Games
2013-01-06 06:04 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-06 06:04 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-06 05:57 - 2013-01-06 05:57 - 00000000 ____D C:\Users\home\AppData\Local\{05A83DBA-B428-45F1-8AD2-8BF4CB0C8B58}
2013-01-06 05:57 - 2011-08-05 14:48 - 00000000 ____D C:\Users\home\Tracing
2013-01-06 05:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-06 05:36 - 2009-07-13 20:51 - 00066925 ____A C:\Windows\setupact.log
2013-01-06 05:30 - 2011-08-05 14:14 - 00000000 ____D C:\Users\All Users\MFAData
2013-01-05 18:17 - 2013-01-05 18:17 - 00000000 ____D C:\Users\home\AppData\Local\{E0E8033A-E15D-43A1-8794-C9F5427748C4}
2013-01-05 18:17 - 2011-08-11 02:47 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2013-01-05 18:17 - 2011-08-11 02:47 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2013-01-05 17:51 - 2010-11-20 19:47 - 00407570 ____A C:\Windows\PFRO.log
2013-01-05 17:43 - 2013-01-05 17:43 - 00004961 ____A C:\AdwCleaner[S1].txt
2013-01-05 10:54 - 2013-01-05 10:54 - 00000927 ____A C:\Users\home\Desktop\esetscan.txt
2013-01-05 10:52 - 2013-01-05 10:52 - 00004960 ____A C:\Users\home\Desktop\AdwCleaner[R1].txt
2013-01-05 10:51 - 2013-01-05 10:51 - 00004960 ____A C:\AdwCleaner[R1].txt
2013-01-05 10:47 - 2013-01-05 10:47 - 00551997 ____A C:\Users\home\Desktop\AdwCleaner.exe
2013-01-05 10:27 - 2013-01-05 10:27 - 00002120 ____A C:\scu.dat
2013-01-05 08:35 - 2013-01-05 08:35 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-04 17:26 - 2013-01-04 17:26 - 00027056 ____A C:\Users\home\Desktop\minitoolbox Result.txt
2013-01-04 17:24 - 2013-01-04 17:24 - 00752213 ____A (Farbar) C:\Users\home\Desktop\MiniToolBox.exe
2013-01-04 17:21 - 2013-01-04 17:21 - 00697911 ____A (Farbar) C:\Users\home\Desktop\FSS.exe
2013-01-04 17:19 - 2013-01-04 17:19 - 00001311 ____A C:\Users\home\Desktop\checkup.txt
2013-01-04 17:18 - 2013-01-04 17:18 - 00856731 ____A C:\Users\home\Desktop\SecurityCheck.exe
2013-01-04 14:06 - 2013-01-04 14:06 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\home\Desktop\tdsskiller.exe
2013-01-04 11:08 - 2009-07-13 20:45 - 00295168 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-04 10:27 - 2013-01-04 10:27 - 00000000 ____D C:\Users\home\AppData\Local\{0624FE89-F5E0-412B-907C-DC90B4812F23}
2013-01-03 10:05 - 2012-03-28 23:29 - 00000000 ____D C:\Users\home\AppData\Local\RivalGaming
2013-01-03 07:35 - 2013-01-03 07:35 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-01-03 07:35 - 2013-01-03 07:35 - 00000000 ____D C:\Users\home\Desktop\mbar-1.01.0.1011
2013-01-03 07:35 - 2013-01-03 07:35 - 00000000 ____D C:\Users\home\AppData\Roaming\SUPERAntiSpyware.com
2013-01-03 07:35 - 2013-01-03 07:34 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-01-03 07:34 - 2013-01-03 07:34 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-01-03 07:34 - 2013-01-03 07:34 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2013-01-03 07:33 - 2011-08-05 14:34 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-01-03 07:30 - 2013-01-03 07:30 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-03 07:30 - 2013-01-02 09:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-03 07:28 - 2013-01-03 07:28 - 10156424 ____A (Malwarebytes Corporation ) C:\Users\home\Desktop\mbam-setup.exe
2013-01-03 07:28 - 2013-01-03 07:27 - 13485902 ____A C:\Users\home\Desktop\mbar-1.01.0.1011.zip
2013-01-03 07:28 - 2013-01-03 07:26 - 22996024 ____A (SUPERAntiSpyware.com) C:\Users\home\Desktop\SUPERAntiSpyware.exe
2013-01-03 07:21 - 2011-08-06 13:37 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-01-03 06:32 - 2013-01-03 06:32 - 00000000 ____D C:\Users\home\AppData\Local\{4652398E-EB06-4003-849A-78DCF3F47057}
2013-01-02 18:42 - 2012-02-23 19:48 - 00000000 ____D C:\Windows\System32\Macromed
2013-01-02 18:42 - 2011-04-09 13:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-01-02 18:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-02 18:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-01-02 18:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-02 18:41 - 2012-09-04 05:18 - 00000000 ____D C:\Program Files (x86)\Free Ride Games
2013-01-02 18:41 - 2011-04-09 13:13 - 00000000 ____D C:\Users\All Users\RoxioNow
2013-01-02 18:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-01-02 18:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-01-02 18:38 - 2012-12-17 15:52 - 00000000 ____D C:\Users\home\AppData\Roaming\OfficeSuiteX
2013-01-02 18:38 - 2011-10-08 10:45 - 00000000 ____D C:\Users\home\AppData\Roaming\SoftGrid Client
2013-01-02 18:36 - 2012-12-17 15:40 - 00000000 ____D C:\Program Files (x86)\Office Suite X 3
2013-01-02 18:36 - 2012-10-09 08:32 - 00000000 ____D C:\Program Files (x86)\TelevisionFanaticEI
2013-01-02 18:36 - 2012-09-30 07:35 - 00000000 ____D C:\Users\All Users\KingsIsle Entertainment
2013-01-02 18:36 - 2012-09-27 05:18 - 00000000 ____D C:\Users\All Users\Virtualized Applications
2013-01-02 18:36 - 2012-07-15 04:49 - 00000000 ____D C:\Users\All Users\W3i
2013-01-02 18:36 - 2012-07-15 04:49 - 00000000 ____D C:\Program Files (x86)\W3i
2013-01-02 18:35 - 2012-10-20 05:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-01-02 18:35 - 2012-07-28 08:40 - 00000000 ____D C:\Program Files (x86)\Magellan
2013-01-02 18:35 - 2011-10-08 10:51 - 00000000 __RHD C:\MSOCache
2013-01-02 18:35 - 2011-07-08 16:01 - 00000000 ____D C:\Intel
2013-01-02 16:48 - 2011-08-05 13:30 - 00000000 ____D C:\users\home
2013-01-02 15:42 - 2013-01-02 15:42 - 00000000 ____D C:\Users\home\AppData\Local\{22F1448B-683E-465E-A3D2-8D8CDC9D6355}
2013-01-02 09:05 - 2013-01-02 09:05 - 00000000 ____D C:\Users\home\AppData\Roaming\Malwarebytes
2013-01-02 09:05 - 2013-01-02 09:05 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-01 18:31 - 2013-01-01 18:31 - 00009800 ____N C:\bootsqm.dat
2013-01-01 11:30 - 2013-01-01 11:30 - 00000000 ____D C:\Users\home\AppData\Local\{11D319F0-EC6D-4D92-90CB-1DE783C21F00}
2013-01-01 07:26 - 2013-01-01 07:26 - 00000092 ___AH C:\Users\home\Documents\.~lock.crystals classified listings.ods#
2012-12-29 09:32 - 2012-12-29 09:32 - 00000000 ____D C:\Users\home\AppData\Local\{3AE10759-C6D5-488F-9E41-20242720AA40}
2012-12-28 04:49 - 2012-12-28 04:49 - 00000000 ____D C:\Users\home\AppData\Local\{BBBCD07C-B347-4F75-ACBD-E5CEBA8FCA94}
2012-12-26 13:16 - 2011-11-26 19:56 - 00000000 ____D C:\Users\home\AppData\Local\CrashDumps
2012-12-26 10:03 - 2012-12-26 10:03 - 00000000 ____D C:\Users\home\AppData\Local\{31A5304F-4CA4-42F4-8FAD-757C6D74843D}
2012-12-26 05:18 - 2012-12-26 05:18 - 00000000 ____D C:\Users\home\AppData\Local\{566EAECB-9846-44A7-9676-5065E73BAD8E}
2012-12-24 08:37 - 2012-12-24 08:35 - 00000000 ____D C:\Users\home\AppData\Local\{BC3DB773-7640-41D7-AF18-0BC1C7ED19EA}
2012-12-23 01:20 - 2012-12-23 01:20 - 00000000 ____D C:\Users\home\AppData\Local\{89FE95E2-F3CA-4949-A7A5-E7B1C851A9B4}
2012-12-22 15:41 - 2011-10-29 06:20 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-12-18 17:30 - 2012-12-18 17:30 - 00000000 ____D C:\Users\home\AppData\Local\{ADADCA20-BE7A-4835-8EAA-5B777DD2ED27}
2012-12-18 17:30 - 2011-08-05 13:36 - 00064152 ____A C:\Users\home\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-18 17:29 - 2012-01-22 19:26 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForhome.job
2012-12-17 15:52 - 2012-12-17 15:37 - 00000000 ____D C:\Users\home\Desktop\OfSX
2012-12-17 15:40 - 2012-12-17 15:40 - 00001120 ____A C:\Users\Public\Desktop\Office Suite X 3.3.lnk
2012-12-16 09:11 - 2013-01-04 10:32 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2013-01-04 10:32 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2013-01-04 10:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2013-01-04 10:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-14 17:04 - 2012-12-14 17:04 - 00000000 ____D C:\Users\home\AppData\Local\{B2B40B67-175B-43AD-A9F7-9AC586941C01}
2012-12-14 14:49 - 2013-01-03 07:29 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-14 01:47 - 2012-12-14 01:45 - 00000000 ____D C:\Users\home\AppData\Local\{8ACF60A7-A907-4ABF-8D2D-B6E4B8A569B0}
2012-12-13 12:06 - 2012-04-16 13:15 - 00002374 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-12-13 01:35 - 2012-12-13 01:35 - 00000000 ____D C:\Users\home\AppData\Local\{9E525628-FA90-4DE7-A0FC-0DCF4BD1033D}
2012-12-13 01:10 - 2011-08-05 13:47 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-11 21:31 - 2012-04-11 19:49 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-11 21:31 - 2011-08-14 04:09 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-10 10:19 - 2012-12-10 10:19 - 00000000 ____D C:\Users\home\AppData\Local\{5BA5E409-4B78-4417-A1A5-BED84B8407BB}

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-07 12:58:35

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3001.89 MB
Available physical RAM: 2371.8 MB
Total Pagefile: 3000.04 MB
Available Pagefile: 2367.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:284.21 GB) (Free:237.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.58 GB) (Free:1.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:7.45 GB) (Free:3.31 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7638 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 284 GB 200 MB
Partition 3 Primary 13 GB 284 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 284 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7634 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7634 MB Healthy

=========================================================

Last Boot: 2012-12-24 23:54

==================== End Of Log ===========================

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:15 PM

Posted 07 January 2013 - 05:31 PM

It wont boot into Normal mode?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 07 January 2013 - 06:20 PM

It does boot into Normal mode, when loading it goes thru the first screen with the 4 color windows logo, then to the 2nd screen where it says welcome, after about 1 minute i get the black screen and after about 20 minutes it finally boots into normal mode.

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:15 PM

Posted 07 January 2013 - 06:28 PM

Hello,

Boot into normal mode and run the following.

1.
Windows 7 includes a disk checking tool called CHKDSK which is similar to the "scandisk" tool from older versions of Windows. This application scans your hard drives for errors such as lost sectors, bad sectors and corruption.

You can launch CHKDSK using two methods (the former being the easiest):

Graphical Interface:

Open the Computer option from the start menu, which will display all of the drives available to scan on your PC:

Posted Image

Then, right click on the drive you wish to scan for errors and select Properties:
Posted Image

Now click the Tools menu, then Check Now under the error-checking section:
Posted Image

You have several options within the check disk tool. It is always recommended you leave the "automatically fix file system errors" box checked, as this repairs and problems found. If you want to perform a deeper scan, tick "scan for and attempt recovery of bad sectors". This second option takes longer, but is worth doing if you suspect a drive problem. Once you are configured, click Start:

Posted Image

If you try to check a disk that is currently in use, you will receive a message asking if you wish to schedule a scan. Accepting this will perform the scan next time you restart your PC:

Posted Image


2.
You may have corrupt critical system files. Let's see if we can fix that.

1. SelectPosted Image
2. Select All Programs
3. Select Accessories
4. Right click Command Prompt and choose Run as administrator

Posted Image

  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Type in sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
  • If any files require replacing SFC will replace them. You may be asked to insert your Windows 7 DVD for this process to continue. This can be done with a borrowed DVD if you don't have one.
  • Be patient because the scan may take some time.
  • Allow the scan to run and when completed, reboot the system.


Once you have ran these see how it boots up.

Edited by fireman4it, 07 January 2013 - 06:28 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 07 January 2013 - 06:36 PM

quick question, I dont have a windows 7 disc. Should i wait to begin the 2nd step before i find one to borrow or shoul di wait until i have the disc on hand?

I have a repair disc that i had created for a different computer. but did not receive any disc when either was purchased.

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:15 PM

Posted 07 January 2013 - 06:46 PM

Go ahead and run it without the disc. Let me know if it boots faster once you have ran those 2 things.

Edited by fireman4it, 07 January 2013 - 06:46 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 07 January 2013 - 06:54 PM

Fireman,

Thanks, I will run those and let you know how it does

:)

#10 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 07 January 2013 - 10:21 PM

Fireman,

I have run both CHKDSK and sfc scannow. Neither found anything wrong. Rebooting is the same, 1 minute on the windows welcome screen then black screen and 17 minutes later it boots up. :(

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:15 PM

Posted 07 January 2013 - 10:37 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Last Boot: 2012-12-24 23:54

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Booting faster now?

Edited by fireman4it, 07 January 2013 - 10:39 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 07 January 2013 - 10:49 PM

Here is the Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-12-2012
Ran by SYSTEM at 2013-01-07 21:47:09 Run:1
Running from H:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Waiting for the reboot now...... seems to be hung up longer on the welcome screen will post an update once it finishes...

Edited by Ernie694, 08 January 2013 - 12:25 AM.


#13 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 08 January 2013 - 12:27 AM

booting into normal mode still taking 20 plus minutes to complete. :(

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:15 PM

Posted 08 January 2013 - 01:56 PM

Hello,
I don't think this is a malware issue. How does it run once it boots up? We will run a few more tools see if they come up with anything.


1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


3.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



Things to include in your next reply::
TdssKiller log
Combofix.txt
Roguekiller log
How is the machine booting now. How does it run once it boots up.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Ernie694

Ernie694
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 08 January 2013 - 02:00 PM

Hi Fireman,

Do you want me to take this computer online to get a better idea of how it runs once it has booted up?

If not will i be able to download and save the above programs to a jump drive in order to run them off the problem computer?

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users