Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 frozen black screen with white blinking cursor


  • This topic is locked This topic is locked
36 replies to this topic

#1 glascow

glascow

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 03 March 2013 - 06:51 PM

Hi all, I am back with yet another problem on my laptop computer. Same computer as my last problem, a HP Pavilion dm4-1160 with Windows 7 OS. This time, the problem that I am experiencing is very similar to this one:

 

http://www.bleepingcomputer.com/forums/t/479942/

 

Unfortunately, the post that I have linked is no longer applicable (to me), because the person in that post decided to reinstall his/her OS.

 

Whenever my computer starts up, it is automatically directed to a blank, black screen save for a blinking white cursor on the top-middle of the screen. The Windows logo animation screen does not even appear, it just skips to the aforementioned black screen. I have so far waited about 12 hours for something to happen, and of course nothing happens. I am not redirected to Startup Repair or anywhere else after any reboot.

 

I recall that prior to this, while I was trying to organise some of my files, my computer suddenly decided to close all programs and shut down on its own for no conspicuous reason.

Once again, system restore points do not work, and I am unable to use Safe Mode or any of its variations, because the computer won't let me do so. Malwarebytes and Spybot are my antivirus programs installed, and the solution of reinstalling the OS itself is off-limits to me because I am unwilling to see the extinction of all of my personal stuff.


Edited by glascow, 03 March 2013 - 06:53 PM.


BC AdBot (Login to Remove)

 


#2 glascow

glascow
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 04 March 2013 - 11:45 PM

I apologise, I just realised that I forgot to note that I am unable to provide a FRST.txt log for the computer this time because I am unable to get into Advanced Boot Options. No matter how quickly and repetitively I tap the F8 key, the black screen always manages to come first. I should also note that the white blinking cursor starts off from the top-left corner, then dashes to the top-middle after about a second passes. So consequently, I am unable to get into System Recovery Options and run any program through Command Prompt.

 

I still await any possible instructions. Again, I apologise if I sound impatient.



#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:35 AM

Posted 06 March 2013 - 06:58 PM

Hello glascow, and welcome back to BC! :thumbsup:

 

Please verify that your computer is unbootable in any mode!

 

If so, let's get some checks to rule out some minor problems that can cause this condition, and we'll go from there:

  • Do you have a flashdrive/thumbdrive, or external hard drive connected to the machine while trying to boot?
  • Is your computer (in the BIOS menu) set to boot from the hard drive with your operating system? Extra Link

Also, do you have your original Windows Installation CD available?

 

bloopie



#4 glascow

glascow
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 13 March 2013 - 05:28 AM

I verify that my computer is not bootable in any mode. Mainly because I am unable to reach any mode.

I do have a flashdrive, but it is not connected to the computer.

I am unable to reach the BIOS setup utility, but I assume so, as it tries to go directly to the Windows startup screen, before being cut off by the black screen.

I do not have my Windows Installation CD avaliable. I do not recall having one, actually.



#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:12:35 AM

Posted 13 March 2013 - 12:42 PM

Okay, thanks. I will report your topic to helpers who specialize in unbootable machines.

Please be patient, and good luck! :)

bloopie

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 13 March 2013 - 06:02 PM

If you have access to anther computer running Windows 7 64bit, create a recovery CD:

 

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.
 

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-

WTSRD1.gif
 

  • Put a blank rewritable  CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-

WTSRD2.gif
 

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

 

 

Boot the ailing computer with that CD and let me know if able to reach the Command Prompt.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 glascow

glascow
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 17 April 2013 - 11:01 PM

I apologise for the extremely long inconvenience. I am now able to reach the Command Prompt.



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 17 April 2013 - 11:07 PM

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
      • Startup Repair
      • System Restore
      • Windows Complete PC Restore
      • Windows Memory Diagnostic Tool
      • Command Prompt
      Select Command Prompt

      Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 glascow

glascow
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 18 April 2013 - 02:03 AM

11) FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 17-04-2013 20:52:50
Running from G:\
Windows 7 Home Premium   (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-06-25] (Alcor Micro Corp.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [unevc] "C:\Windows\System32\rundll32.exe" "C:\Users\admin\AppData\Roaming\unevc.dll",AsEncodedObject [316928 2013-02-28] (Mise Technology,Inc)
HKLM\...\Run: [cnsim] "C:\Windows\System32\rundll32.exe" "C:\Users\admin\AppData\Roaming\cnsim.dll",Update [526336 2013-02-28] (Media Technology)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [401192 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201512 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run [380272 2010-06-08] (Egis Technology Inc. )
HKLM-x32\...\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [243544 2010-04-13] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent [1917464 2013-04-08] (Aeria Games & Entertainment)
HKU\admin\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\admin\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\admin\...\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_SCE39.tmp" /EF "HKCU" [224768 2009-09-13] (SEIKO EPSON CORPORATION)
HKU\admin\...\Run: [Akamai NetSession Interface] "C:\Users\admin\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKU\admin\...\Run: [cnsim] "C:\Windows\System32\rundll32.exe" "C:\Users\admin\AppData\Roaming\cnsim.dll",Update [526336 2013-02-28] (Media Technology)
HKU\admin\...\Run: [unevc] "C:\Windows\System32\rundll32.exe" "C:\Users\admin\AppData\Roaming\unevc.dll",AsEncodedObject [316928 2013-02-28] (Mise Technology,Inc)
HKU\admin\...\Run: [ej-technologies] Rundll32.exe C:\Users\admin\AppData\Local\ej-technologies\skblxhoh.dll,WOWDirectedYield16 [761344 2013-04-01] ()
HKU\admin\...\Run: [aMousehid] rundll32.exe "C:\Users\admin\AppData\Roaming\aMousehid\aMousehid.dll",ClipWISvcs Acroobjserv [28672 2013-04-05] ()
HKU\admin\...\Winlogon: [Shell] explorer.exe,C:\Users\admin\AppData\Roaming\skype.dat [137728 2010-10-26] (Elemental Group)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\ir0odmj.bat [x ] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Lsa: [Notification Packages] EgisPwdFilter EgisDSPwdFilter
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\jmdo0ri.dat (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) ===================

2 DvmMDES; "C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-06-25] (DeviceVM, Inc.)
2 EgisTec Service; "C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe" [697712 2010-06-08] (Egis Technology Inc. )
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll" /prefetch:1 [176504 2010-05-26] (Symantec Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 PSI_SVC_2_x64; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [336824 2010-11-30] (arvato digital services llc)
3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [x]

==================== Drivers (Whitelisted) =====================

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-08] (DT Soft Ltd)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS [117808 2010-05-28] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS [1773104 2010-05-28] (Symantec Corporation)
1 SRTSP; C:\Windows\system32\drivers\NISx64\1200000.080\SRTSP64.SYS [701800 2010-05-23] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1200000.080\SRTSPX64.SYS [38248 2010-05-23] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-17 20:52 - 2013-04-17 20:52 - 00000000 ____D C:\FRST
2013-04-17 19:28 - 2013-04-17 19:55 - 00000004 ____A C:\Users\admin\AppData\Roaming\skype.ini
2013-04-17 19:19 - 2013-04-17 19:19 - 00137728 ____A (Elemental Group) C:\Users\admin\iexplore.exe
2013-04-17 19:19 - 2013-04-17 19:19 - 00000000 ____A C:\Users\admin\vlcplayer.exe
2013-04-17 19:19 - 2013-04-17 19:19 - 00000000 ____A C:\Users\admin\msconfig.exe
2013-04-17 19:19 - 2013-04-17 19:19 - 00000000 ____A C:\Users\admin\firefox.exe
2013-04-17 19:19 - 2013-04-17 19:19 - 00000000 ____A C:\Users\admin\acrobat.exe
2013-04-17 19:09 - 2013-04-17 19:09 - 00000000 ____A C:\Windows\SysWOW64\sho647C.tmp
2013-04-17 18:52 - 2013-04-17 18:52 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2013-04-17 00:44 - 2013-04-17 00:44 - 00000759 ____A C:\Users\admin\Documents\religions of the world.txt
2013-04-13 16:50 - 2003-09-12 01:07 - 00401462 ____A (Microsoft Corporation) C:\Windows\SysWOW64\~GLH00c2.TMP
2013-04-13 16:33 - 2013-04-13 16:33 - 00000000 ____D C:\Program Files (x86)\Activision
2013-04-11 21:58 - 2013-04-11 22:10 - 00000000 ____D C:\Users\admin\Downloads\Scandinavian Music Group
2013-04-11 07:53 - 2013-04-11 07:53 - 00000000 ____D C:\Users\admin\Downloads\Scandinavian music group-Hölmö rakkaus,ylpeä sydän 2006
2013-04-11 06:59 - 2013-04-11 08:20 - 00000000 ____D C:\Users\admin\Downloads\Scandinavian_Music_Group-Missa_Olet_Laila-FI-2007-SER
2013-04-11 04:09 - 2013-04-11 04:09 - 00020181 ____A C:\Users\admin\Downloads\[isoHunt]_Scandinavian_Music_Group-Missa_Olet_Laila-FI-2007-SER.torrent
2013-04-11 04:09 - 2013-04-11 04:09 - 00019938 ____A C:\Users\admin\Downloads\[isoHunt]_Scandinavian_music_group-Hölmö rakkaus_ylpeä sydän 2006.torrent
2013-04-11 04:07 - 2013-04-11 04:14 - 00000000 ____D C:\Users\admin\Downloads\Skandinavian Music Group - Onnelliset kohtaa
2013-04-11 04:06 - 2013-04-11 04:06 - 00012881 ____A C:\Users\admin\Downloads\[isoHunt]_Skandinavian_Music_Group_-_Onnelliset_kohtaa.torrent
2013-04-06 16:54 - 2013-04-16 05:56 - 00000000 ____D C:\Users\admin\Downloads\[01st Album] ???·??????? - Shall we travel?? (2010.07.07)
2013-04-06 03:03 - 2013-04-07 00:30 - 00000242 ____A C:\Users\admin\Documents\favourites.txt
2013-04-06 02:44 - 2013-04-16 05:06 - 00000000 ____D C:\Users\admin\Downloads\Retropop
2013-04-05 05:09 - 2013-04-05 05:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\aMousehid
2013-04-04 15:03 - 2013-04-04 15:03 - 00000000 ____A C:\Windows\SysWOW64\shoEAC5.tmp
2013-04-02 03:33 - 2013-04-02 03:33 - 00000000 __SHD C:\found.030
2013-04-02 03:13 - 2013-04-02 03:13 - 95023320 ___AT C:\ProgramData\ir0odmj.pad
2013-04-02 03:13 - 2013-04-02 03:13 - 00002659 ____A C:\ProgramData\ir0odmj.js
2013-04-02 03:13 - 2013-04-02 03:13 - 00000153 ____A C:\ProgramData\ir0odmj.reg
2013-04-02 03:13 - 2013-04-02 03:13 - 00000057 ____A C:\ProgramData\ir0odmj.bat
2013-03-30 03:16 - 2013-03-30 03:59 - 00000000 ____D C:\Users\admin\Documents\Duke Nukem Forever
2013-03-30 03:12 - 2013-03-30 03:12 - 00000000 ____D C:\Program Files (x86)\AMD
2013-03-30 03:06 - 2013-03-30 03:06 - 00002274 ____A C:\Users\Public\Desktop\Duke Nukem Forever.lnk
2013-03-30 03:00 - 2013-03-30 03:00 - 00000000 ____D C:\Program Files (x86)\2K Games
2013-03-29 19:48 - 2013-03-30 02:51 - 00000000 ____D C:\Users\admin\Downloads\Duke.Nukem.Forever.Proper-SKIDROW
2013-03-29 14:44 - 2013-03-29 14:44 - 00000000 ____A C:\Windows\SysWOW64\shoE8CC.tmp
2013-03-26 05:23 - 2013-04-02 03:39 - 00000000 ____D C:\Users\admin\AppData\Local\ej-technologies
2013-03-23 05:08 - 2013-03-23 05:08 - 00000000 ____A C:\Windows\EEventManager.INI
2013-03-22 14:50 - 2013-03-22 14:50 - 00000000 ____A C:\Windows\SysWOW64\shoB1CC.tmp

==================== One Month Modified Files and Folders =======

2013-04-17 22:46 - 2009-09-06 16:40 - 00000000 ____D C:\SwSetup
2013-04-17 20:52 - 2013-04-17 20:52 - 00000000 ____D C:\FRST
2013-04-17 19:55 - 2013-04-17 19:28 - 00000004 ____A C:\Users\admin\AppData\Roaming\skype.ini
2013-04-17 19:54 - 2013-02-28 17:50 - 00006526 ____A C:\Users\admin\AppData\Local\4600e6e9-84af-4d3c-8bf8-3669d0d2ba37.crx
2013-04-17 19:49 - 2009-07-13 20:45 - 00023024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-17 19:49 - 2009-07-13 20:45 - 00023024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-17 19:46 - 2009-07-13 21:13 - 00792126 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-17 19:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-17 19:40 - 2009-07-13 20:51 - 00079778 ____A C:\Windows\setupact.log
2013-04-17 19:19 - 2013-04-17 19:19 - 00137728 ____A (Elemental Group) C:\Users\admin\iexplore.exe
2013-04-17 19:19 - 2013-04-17 19:19 - 00000000 ____A C:\Users\admin\vlcplayer.exe
2013-04-17 19:19 - 2013-04-17 19:19 - 00000000 ____A C:\Users\admin\msconfig.exe
2013-04-17 19:19 - 2013-04-17 19:19 - 00000000 ____A C:\Users\admin\firefox.exe
2013-04-17 19:19 - 2013-04-17 19:19 - 00000000 ____A C:\Users\admin\acrobat.exe
2013-04-17 19:19 - 2012-03-21 11:13 - 00000000 ____D C:\users\admin
2013-04-17 19:09 - 2013-04-17 19:09 - 00000000 ____A C:\Windows\SysWOW64\sho647C.tmp
2013-04-17 19:08 - 2012-04-01 21:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-04-17 18:52 - 2013-04-17 18:52 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2013-04-17 18:52 - 2013-02-02 14:40 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-04-17 18:24 - 2012-04-02 04:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-17 08:27 - 2012-04-02 04:08 - 00000000 ____D C:\Users\admin\Documents\SAI
2013-04-17 06:49 - 2012-03-21 11:19 - 00000183 ____A C:\Users\admin\AppData\Local\mv_Photo.xml
2013-04-17 04:02 - 2012-03-21 11:19 - 00000201 ____A C:\Users\admin\AppData\Local\mv_music.xml
2013-04-17 00:44 - 2013-04-17 00:44 - 00000759 ____A C:\Users\admin\Documents\religions of the world.txt
2013-04-16 05:56 - 2013-04-06 16:54 - 00000000 ____D C:\Users\admin\Downloads\[01st Album] ???·??????? - Shall we travel?? (2010.07.07)
2013-04-16 05:06 - 2013-04-06 02:44 - 00000000 ____D C:\Users\admin\Downloads\Retropop
2013-04-13 23:15 - 2012-03-20 20:00 - 00070760 ____A C:\Windows\PFRO.log
2013-04-13 21:54 - 2012-05-19 12:34 - 00000769 ____A C:\Windows\Edofma.INI
2013-04-13 16:33 - 2013-04-13 16:33 - 00000000 ____D C:\Program Files (x86)\Activision
2013-04-13 11:37 - 2012-03-20 19:52 - 01653446 ____A C:\Windows\WindowsUpdate.log
2013-04-11 22:10 - 2013-04-11 21:58 - 00000000 ____D C:\Users\admin\Downloads\Scandinavian Music Group
2013-04-11 08:20 - 2013-04-11 06:59 - 00000000 ____D C:\Users\admin\Downloads\Scandinavian_Music_Group-Missa_Olet_Laila-FI-2007-SER
2013-04-11 07:53 - 2013-04-11 07:53 - 00000000 ____D C:\Users\admin\Downloads\Scandinavian music group-Hölmö rakkaus,ylpeä sydän 2006
2013-04-11 04:14 - 2013-04-11 04:07 - 00000000 ____D C:\Users\admin\Downloads\Skandinavian Music Group - Onnelliset kohtaa
2013-04-11 04:09 - 2013-04-11 04:09 - 00020181 ____A C:\Users\admin\Downloads\[isoHunt]_Scandinavian_Music_Group-Missa_Olet_Laila-FI-2007-SER.torrent
2013-04-11 04:09 - 2013-04-11 04:09 - 00019938 ____A C:\Users\admin\Downloads\[isoHunt]_Scandinavian_music_group-Hölmö rakkaus_ylpeä sydän 2006.torrent
2013-04-11 04:06 - 2013-04-11 04:06 - 00012881 ____A C:\Users\admin\Downloads\[isoHunt]_Skandinavian_Music_Group_-_Onnelliset_kohtaa.torrent
2013-04-09 06:08 - 2012-09-01 05:30 - 00000000 ____D C:\Users\admin\AppData\Roaming\Audacity
2013-04-07 00:30 - 2013-04-06 03:03 - 00000242 ____A C:\Users\admin\Documents\favourites.txt
2013-04-06 02:47 - 2012-04-01 21:41 - 00801112 ____A (BitTorrent Inc.) C:\Users\admin\Documents\utorrent.exe
2013-04-05 05:09 - 2013-04-05 05:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\aMousehid
2013-04-04 17:23 - 2012-07-26 17:16 - 00000000 ____D C:\Users\admin\Documents\TechArts3D
2013-04-04 15:05 - 2012-03-21 11:16 - 00067384 ____A C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-04 15:04 - 2009-07-13 20:45 - 00303456 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-04 15:03 - 2013-04-04 15:03 - 00000000 ____A C:\Windows\SysWOW64\shoEAC5.tmp
2013-04-02 03:39 - 2013-03-26 05:23 - 00000000 ____D C:\Users\admin\AppData\Local\ej-technologies
2013-04-02 03:33 - 2013-04-02 03:33 - 00000000 __SHD C:\found.030
2013-04-02 03:13 - 2013-04-02 03:13 - 95023320 ___AT C:\ProgramData\ir0odmj.pad
2013-04-02 03:13 - 2013-04-02 03:13 - 00002659 ____A C:\ProgramData\ir0odmj.js
2013-04-02 03:13 - 2013-04-02 03:13 - 00000153 ____A C:\ProgramData\ir0odmj.reg
2013-04-02 03:13 - 2013-04-02 03:13 - 00000057 ____A C:\ProgramData\ir0odmj.bat
2013-04-02 01:27 - 2012-10-13 14:06 - 00000000 ____D C:\Users\admin\Documents\?????
2013-03-30 03:59 - 2013-03-30 03:16 - 00000000 ____D C:\Users\admin\Documents\Duke Nukem Forever
2013-03-30 03:16 - 2012-07-14 22:29 - 00000000 ____D C:\Users\admin\AppData\Local\SKIDROW
2013-03-30 03:12 - 2013-03-30 03:12 - 00000000 ____D C:\Program Files (x86)\AMD
2013-03-30 03:11 - 2012-10-25 16:28 - 00000000 ____D C:\Users\admin\AppData\Local\Downloaded Installations
2013-03-30 03:11 - 2010-10-26 09:20 - 00128120 ____A C:\Windows\DirectX.log
2013-03-30 03:06 - 2013-03-30 03:06 - 00002274 ____A C:\Users\Public\Desktop\Duke Nukem Forever.lnk
2013-03-30 03:00 - 2013-03-30 03:00 - 00000000 ____D C:\Program Files (x86)\2K Games
2013-03-30 02:51 - 2013-03-29 19:48 - 00000000 ____D C:\Users\admin\Downloads\Duke.Nukem.Forever.Proper-SKIDROW
2013-03-29 14:44 - 2013-03-29 14:44 - 00000000 ____A C:\Windows\SysWOW64\shoE8CC.tmp
2013-03-29 05:47 - 2009-07-13 21:08 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-03-25 01:24 - 2013-03-01 14:30 - 00000000 ____D C:\Program Files (x86)\Duke Nukem - Manhattan Project
2013-03-24 01:59 - 2012-10-03 05:51 - 00015962 ____A C:\Users\admin\Documents\currentwebsitesave.txt
2013-03-23 05:08 - 2013-03-23 05:08 - 00000000 ____A C:\Windows\EEventManager.INI
2013-03-22 14:50 - 2013-03-22 14:50 - 00000000 ____A C:\Windows\SysWOW64\shoB1CC.tmp
2013-03-21 21:36 - 2012-07-26 00:43 - 00000000 ____D C:\Users\admin\Downloads\TechArts 3D Custom Girl
2013-03-20 11:30 - 2012-07-28 01:28 - 00012412 ____A C:\Users\admin\Documents\KITTYS.txt
2013-03-19 05:42 - 2012-06-25 12:45 - 00001596 ____A C:\Users\admin\Documents\ebay.txt


ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2284440560-2780697144-91482775-1000\$57657a62a2337c352a734be01c9627a4

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-04-13 00:59:50

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3183.05 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3173.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:441.76 GB) (Free:102.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:23.7 GB) (Free:3.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (EDMW_1) (CDROM) (Total:0.51 GB) (Free:0 GB) CDFS
4 Drive g: (EPYON) (Removable) (Total:14.9 GB) (Free:14.89 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB   103 MB        
  Disk 1    Online           14 GB      0 B        

Partitions of Disk 0:
===============

Disk ID: 7D7FBDAF

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            199 MB  1024 KB
  Partition 2    Primary            441 GB   200 MB
  Partition 3    Primary             23 GB   441 GB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    199 MB  Healthy           

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    441 GB  Healthy           

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   RECOVERY     NTFS   Partition     23 GB  Healthy           

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             14 GB    16 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   EPYON        FAT32  Removable     14 GB  Healthy           

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 7D7FBDAF

Partition 1:
=========
Hex: 80202100077E25190008000000380600
Active: YES
Type: 07 (NTFS)
Size: 199 MB

Partition 2:
=========
Hex: 007E261907FEFFFF0040060000703837
Active: NO
Type: 07 (NTFS)
Size: 442 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00B03E370070F602
Active: NO
Type: 07 (NTFS)
Size: 24 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 000021000CFEFFFF20000000E017DD01
Active: NO
Type: 0C
Size: 15 GB


Last Boot: 2013-04-14 02:54

==================== End Of Log =============================



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 18 April 2013 - 11:14 AM

Download the enclosed file:

Save it next to FRST64.

Run FRST64 as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

 

Attempt to boot in Normal Mode and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 glascow

glascow
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 18 April 2013 - 01:41 PM

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-04-2013
Ran by SYSTEM at 2013-04-18 07:55:24 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cnsim Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\unevc Value deleted successfully.
HKEY_USERS\admin\Software\Microsoft\Windows\CurrentVersion\Run\\cnsim Value deleted successfully.
HKEY_USERS\admin\Software\Microsoft\Windows\CurrentVersion\Run\\unevc Value deleted successfully.
HKEY_USERS\admin\Software\Microsoft\Windows\CurrentVersion\Run\\ej-technologies Value deleted successfully.
HKEY_USERS\admin\Software\Microsoft\Windows\CurrentVersion\Run\\aMousehid Value deleted successfully.
HKEY_USERS\admin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully .
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk moved successfully.
ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\jmdo0ri.dat (No File) not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\$Recycle.Bin\S-1-5-21-2284440560-2780697144-91482775-1000\$57657a62a2337c352a734be01c9627a4 moved successfully.
C:\Windows\SysWOW64\shoB1CC.tmp moved successfully.
C:\Windows\SysWOW64\shoE8CC.tmp moved successfully.
C:\Windows\SysWOW64\shoEAC5.tmp moved successfully.
C:\Windows\SysWOW64\sho647C.tmp moved successfully.
C:\Users\admin\iexplore.exe moved successfully.
C:\Users\admin\vlcplayer.exe moved successfully.
C:\Users\admin\msconfig.exe moved successfully.
C:\Users\admin\firefox.exe moved successfully.
C:\Users\admin\acrobat.exe moved successfully.
C:\ProgramData\ir0odmj.pad moved successfully.
C:\ProgramData\ir0odmj.js moved successfully.
C:\ProgramData\ir0odmj.reg moved successfully.
C:\ProgramData\ir0odmj.bat moved successfully.

==== End of Fixlog ====

 

The computer booted into Normal Mode just fine, but I haven't tried testing anything yet. I recall such things as videogame .exe files not working properly prior to the event.

 

Before reaching the desktop, I did get a black screen that read the following in white font:

"Checking file system in C:

the type of the file system is NTFS.

One of your drives needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue.

Press any key to skip in 10 seconds"

 

I opted to skip for now.



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 18 April 2013 - 04:55 PM

Whenever you have a chance, schedule CHKDSK to run at startup.

 

Lets scan the computer.

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

 

 

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

 

 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 glascow

glascow
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 18 April 2013 - 07:56 PM

TDSSKiller.2.8.16.0_18.04.2013_13.10.39_log.txt:

 

I have opted to put this as an attachment because of the site's reply mechanism repeatedly telling me that it is too long

 

AdwCleaner[S2].txt:

 

# AdwCleaner v2.200 - Logfile created 04/18/2013 at 12:56:07
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : admin - ADMIN-HP
# Boot Mode : Normal
# Running from : C:\Users\admin\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\admin\AppData\Local\Temp\OCS

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3177 octets] - [04/11/2012 01:32:48]
AdwCleaner[S1].txt - [3308 octets] - [04/11/2012 03:41:09]
AdwCleaner[S2].txt - [1091 octets] - [18/04/2013 12:56:07]

########## EOF - C:\AdwCleaner[S2].txt - [1151 octets] ##########

 

mbam-log-2013-04-18 (13-18-44).txt:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.18.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
admin :: ADMIN-HP [administrator]

2013/04/18 午後 01:18:44
mbam-log-2013-04-18 (13-18-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222217
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\admin\AppData\Roaming\skype.dat (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

 

Attached Files



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 18 April 2013 - 09:16 PM

Run TDSSKiller once again and select delete only on the following lines:

 

\Device\Harddisk0\DR0 ( TDSS File System )
\Device\Harddisk0\DR0 ( TDSS File System )

 

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 glascow

glascow
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 18 April 2013 - 11:51 PM

The computer is doing good.

 

Ah, there is one small problem, however. Whenever I right-click a file, or am selecting multiple files at once, a message pops up that says that a Dynamic Link Library initialisation routine has apparantly failed. Multiples of the same message do build up when I do the same action over and over again, but they all move back to the desktop when I resume business in a folder. I have taken a few screenshots using example files within an example folder.

 

It does not bother me very much, but I am not sure if this is a hardware issue or not. This started at around the same time that the videogame .exe files started to not work properly prior to this problem, as I mentioned earlier.

 

EDIT: Forget the screenshots, they take up too much space to be used as attachments

Attached Files


Edited by glascow, 18 April 2013 - 11:57 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users