Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Error Code - Exception Processing Message C0000029


  • This topic is locked This topic is locked
8 replies to this topic

#1 michellegann

michellegann

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:09:01 PM

Posted 26 February 2013 - 05:09 PM

Hi,


 


I want to say that this website has always been a help to me.


 


I run a Windows 7 x64 bit sony vaio.


 


I've been noticing lately that my computer will freeze up a little
but I ran spy bot and took out some malware and never did anything
further.


 


Today, while on Firefox my computer started freezing and then Firefox
shut down and then I got a dozen pop ups some of which said "Exception
Processing Message error C0000029"


 


So I looked up the issue and started following the instructions in this thread: http://www.bleepingcomputer.com/forums/t/484977/exception-processing-message-c0000029/


 


Except, when I restart the computer it will no longer start at all -
what I mean is when I restart it will show me the black screen with
options but when I select the options and press enter it "loads" files
or pretends to do something and then I just get a black screen with a
weird looking white arrow (obviously not Windows font).


 


I would appreciate any help on this matter!


 


Thank you so much,


 


Michelle



BC AdBot (Login to Remove)

 


#2 michellegann

michellegann
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:09:01 PM

Posted 26 February 2013 - 05:16 PM

I have since been able to restart the computer successfully. Here is the txt file from frst

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2013 01
Ran by SYSTEM at 26-02-2013 17:13:15
Running from E:\
Windows 7 Home Premium  Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4  [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO  [1158248 2012-02-20] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [11406608 2011-12-19] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-03-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-09] (Intel Corporation)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124256 2010-01-18] (CANON INC.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKU\Michelle\...\Run: [EEB33F6758E633B78701D2276AEA62A2FE6A03DC._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [1274320 2013-02-20] (Google Inc.)
HKU\Michelle\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [28467264 2013-02-03] (ooVoo LLC)
HKU\Michelle\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\Michelle\...\Run: [ltCNsxmSemgqBwD.exe] C:\ProgramData\ltCNsxmSemgqBwD.exe [297984 2013-02-26] ()
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 ActiveDelayDeviceService; "C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe" [78472 2011-09-20] (Sony Corporation)
2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23] (Amazon.com)
3 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r [202296 2011-12-22] (Kaspersky Lab ZAO)
2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [473960 2012-02-21] (Sony Corporation)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "&_" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\%C3 &_ Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [260768 2011-11-30] (Sony Corporation)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
2 TeamViewer8; "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe" [3467768 2012-12-14] (TeamViewer GmbH)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) =====================

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [615728 2012-09-19] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-26 17:12 - 2013-02-26 17:12 - 00000000 ____D C:\FRST
2013-02-26 12:15 - 2013-02-26 12:15 - 00001518 ____A C:\Users\Michelle\Desktop\System Repair.lnk
2013-02-26 12:00 - 2013-02-26 12:16 - 00000152 ____A C:\ProgramData\-ltCNsxmSemgqBwDr
2013-02-26 12:00 - 2013-02-26 12:16 - 00000152 ____A C:\ProgramData\-ltCNsxmSemgqBwD
2013-02-26 12:00 - 2013-02-26 12:15 - 00000088 ____A C:\ProgramData\ltCNsxmSemgqBwD
2013-02-26 12:00 - 2013-02-26 11:58 - 00297984 ____A C:\ProgramData\ltCNsxmSemgqBwD.exe
2013-02-25 11:23 - 2013-02-25 11:24 - 00002702 ____A C:\Users\Michelle\Desktop\RoxannaLitow.shtml
2013-02-25 11:18 - 2013-02-25 11:21 - 00002702 ____A C:\Users\Michelle\Desktop\RoxannaLitow.html
2013-02-25 11:08 - 2013-02-25 11:10 - 00010027 ____A C:\Users\Michelle\Desktop\index.shtml
2013-02-25 11:07 - 2013-02-25 11:07 - 00001050 ____A C:\Users\Michelle\Desktop\Footer.html
2013-02-25 07:34 - 2013-02-25 11:16 - 00002702 ____A C:\Users\Michelle\Desktop\RebeccaStephens.shtml
2013-02-25 07:31 - 2013-02-25 10:43 - 00002848 ____A C:\Users\Michelle\Desktop\LauraHahn.shtml
2013-02-25 07:29 - 2013-02-25 07:30 - 00002858 ____A C:\Users\Michelle\Desktop\MarieLoscavio.shtml
2013-02-25 07:20 - 2013-02-25 07:46 - 00004697 ____A C:\Users\Michelle\Desktop\Contact_Us.shtml
2013-02-25 07:17 - 2013-02-25 11:25 - 00004512 ____A C:\Users\Michelle\Desktop\About_Us.shtml
2013-02-07 08:53 - 2013-02-07 08:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-07 08:34 - 2012-08-30 08:18 - 00252416 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
2013-02-07 08:34 - 2012-08-30 08:18 - 00152064 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
2013-02-07 08:34 - 2012-08-30 08:15 - 00366080 ____A (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL

==================== One Month Modified Files and Folders =======

2013-02-26 17:12 - 2013-02-26 17:12 - 00000000 ____D C:\FRST
2013-02-26 12:22 - 2009-07-13 21:13 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-26 12:20 - 2012-09-25 07:51 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Dropbox
2013-02-26 12:16 - 2013-02-26 12:00 - 00000152 ____A C:\ProgramData\-ltCNsxmSemgqBwDr
2013-02-26 12:16 - 2013-02-26 12:00 - 00000152 ____A C:\ProgramData\-ltCNsxmSemgqBwD
2013-02-26 12:15 - 2013-02-26 12:15 - 00001518 ____A C:\Users\Michelle\Desktop\System Repair.lnk
2013-02-26 12:15 - 2013-02-26 12:00 - 00000088 ____A C:\ProgramData\ltCNsxmSemgqBwD
2013-02-26 12:15 - 2012-09-25 07:52 - 00000000 ___RD C:\Users\Michelle\Dropbox
2013-02-26 12:15 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-02-26 12:14 - 2013-01-24 18:16 - 00002352 ____A C:\Windows\setupact.log
2013-02-26 12:14 - 2012-10-13 16:11 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-26 12:14 - 2010-11-20 19:47 - 00024942 ____A C:\Windows\PFRO.log
2013-02-26 12:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-26 12:13 - 2012-09-19 16:10 - 00965961 ____A C:\Windows\WindowsUpdate.log
2013-02-26 12:11 - 2012-09-19 17:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-26 11:58 - 2013-02-26 12:00 - 00297984 ____A C:\ProgramData\ltCNsxmSemgqBwD.exe
2013-02-26 11:33 - 2012-10-13 16:11 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-25 11:25 - 2013-02-25 07:17 - 00004512 ____A C:\Users\Michelle\Desktop\About_Us.shtml
2013-02-25 11:24 - 2013-02-25 11:23 - 00002702 ____A C:\Users\Michelle\Desktop\RoxannaLitow.shtml
2013-02-25 11:21 - 2013-02-25 11:18 - 00002702 ____A C:\Users\Michelle\Desktop\RoxannaLitow.html
2013-02-25 11:16 - 2013-02-25 07:34 - 00002702 ____A C:\Users\Michelle\Desktop\RebeccaStephens.shtml
2013-02-25 11:12 - 2012-10-03 11:35 - 04499456 __ASH C:\Users\Michelle\Desktop\Thumbs.db
2013-02-25 11:10 - 2013-02-25 11:08 - 00010027 ____A C:\Users\Michelle\Desktop\index.shtml
2013-02-25 11:07 - 2013-02-25 11:07 - 00001050 ____A C:\Users\Michelle\Desktop\Footer.html
2013-02-25 11:05 - 2012-05-03 15:41 - 00000000 ____D C:\Users\Michelle\.unlimitedftp
2013-02-25 10:55 - 2012-10-27 07:40 - 00000000 ____D C:\Users\Michelle\Desktop\work in progress
2013-02-25 10:43 - 2013-02-25 07:31 - 00002848 ____A C:\Users\Michelle\Desktop\LauraHahn.shtml
2013-02-25 10:29 - 2012-09-25 08:02 - 00000000 ____D C:\Users\Michelle\Documents\Outlook Files
2013-02-25 07:46 - 2013-02-25 07:20 - 00004697 ____A C:\Users\Michelle\Desktop\Contact_Us.shtml
2013-02-25 07:30 - 2013-02-25 07:29 - 00002858 ____A C:\Users\Michelle\Desktop\MarieLoscavio.shtml
2013-02-22 18:58 - 2009-07-13 20:45 - 00020992 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-22 18:58 - 2009-07-13 20:45 - 00020992 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-20 17:41 - 2012-11-01 09:44 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Audacity
2013-02-20 16:09 - 2012-09-25 07:49 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Adobe
2013-02-18 11:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-02-07 16:13 - 2012-09-19 17:37 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-07 16:13 - 2012-09-19 17:37 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-07 15:27 - 2012-09-25 07:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-07 08:53 - 2013-02-07 08:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-07 08:49 - 2012-09-26 12:48 - 00000000 ____D C:\Program Files (x86)\Canon
2013-02-04 16:18 - 2012-10-26 12:47 - 00000000 ____D C:\Program Files (x86)\ooVoo
2013-02-04 16:13 - 2013-01-15 05:22 - 00000000 ____D C:\Users\Michelle\Desktop\CAC
2013-02-02 15:37 - 2009-07-13 20:45 - 02303240 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-30 17:02 - 2012-09-25 10:47 - 00000000 ____D C:\Users\Michelle\AppData\Local\Microsoft Games
2013-01-29 10:54 - 2012-09-30 10:37 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\TeamViewer
2013-01-29 10:54 - 2012-09-25 07:37 - 00096944 ____A C:\Users\Michelle\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-28 13:51 - 2012-09-30 10:21 - 00000000 ____D C:\Program Files (x86)\TeamViewer


ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$043d00fac172bdcf3c6c086162268d88

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1433529643-1568144032-2242170072-1001\$043d00fac172bdcf3c6c086162268d88

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$043d00fac172bdcf3c6c086162268d88

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-02-26 06:09:14

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8091.28 MB
Available physical RAM: 7314.46 MB
Total Pagefile: 8089.48 MB
Available Pagefile: 7302.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:576.42 GB) (Free:19.92 GB) NTFS
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          596 GB      0 B        *
  Disk 1    Online         1901 MB      0 B         

Partitions of Disk 0:
===============

Disk ID: {4B672E3D-75C4-4D4F-BC6C-86BF6CDB5270}

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                260 MB  1024 KB
  Partition 2    Recovery            19 GB   261 MB
  Partition 3    System (partition with boot components)             260 MB    19 GB
  Partition 4    Reserved           128 MB    19 GB
  Partition 5    Primary            576 GB    19 GB

==================================================================================

Disk: 0
Partition 1
Type    : f4019732-066e-4e12-8273-346c5641494f
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5         SONYSYS      FAT32  Partition    260 MB  Healthy    Hidden  

=========================================================

Disk: 0
Partition 2
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         Recovery     NTFS   Partition     19 GB  Healthy    Hidden  

=========================================================

Disk: 0
Partition 3
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3                      FAT32  Partition    260 MB  Healthy    Hidden  

=========================================================

Disk: 0
Partition 4
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 5
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C                NTFS   Partition    576 GB  Healthy            

=========================================================

Partitions of Disk 1:
===============

Disk ID: 8EAB08C3

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1900 MB   494 KB

==================================================================================

Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     E                FAT    Removable   1900 MB  Healthy            

=========================================================

Last Boot: 2013-02-22 21:13

==================== End Of Log =============================



#3 michellegann

michellegann
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:09:01 PM

Posted 26 February 2013 - 05:38 PM

Update: I have done a sucessful system restore - a restore point from earlier this morning (the only restore point available).

 

Now I am running Avira Free AntiVirus.

 

I don't think this will remove what is causing the problem but from this point I do not know the solution.

 

Thank you in advance for your assistance.



#4 michellegann

michellegann
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:09:01 PM

Posted 26 February 2013 - 06:21 PM

Sorry for additional posts - last update:

 

Tried installing Avira Free AntiVirus - it never would download - after going through the whole download process I would get an error.

 

So I have not run any anti virus software.



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:01 AM

Posted 28 February 2013 - 08:18 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 michellegann

michellegann
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:09:01 PM

Posted 02 March 2013 - 01:11 PM

Yes, I still need help. Thank you.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:01 AM

Posted 02 March 2013 - 09:25 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
 
HKU\Michelle\...\Run: [ltCNsxmSemgqBwD.exe] C:\ProgramData\ltCNsxmSemgqBwD.exe [297984 2013-02-26] ()
2013-02-26 12:00 - 2013-02-26 12:16 - 00000152 ____A C:\ProgramData\-ltCNsxmSemgqBwDr
2013-02-26 12:00 - 2013-02-26 12:16 - 00000152 ____A C:\ProgramData\-ltCNsxmSemgqBwD
2013-02-26 12:00 - 2013-02-26 12:15 - 00000088 ____A C:\ProgramData\ltCNsxmSemgqBwD
2013-02-26 12:00 - 2013-02-26 11:58 - 00297984 ____A C:\ProgramData\ltCNsxmSemgqBwD.exe
C:\$Recycle.Bin\S-1-5-18\$043d00fac172bdcf3c6c086162268d88
C:\$Recycle.Bin\S-1-5-21-1433529643-1568144032-2242170072-1001\$043d00fac172bdcf3c6c086162268d88
C:\$Recycle.Bin\S-1-5-18\$043d00fac172bdcf3c6c086162268d88
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.

Edited by m0le, 07 March 2013 - 08:38 PM.

Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:01 AM

Posted 07 March 2013 - 08:38 PM

Are you still there?


Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:01 AM

Posted 12 March 2013 - 08:08 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users