Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows 7 home premium will not start after downloading windows defendefr oflin


  • This topic is locked This topic is locked
2 replies to this topic

#1 jackosmits

jackosmits

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 19 March 2013 - 04:12 PM

this is to master suergon general/maleware response team................... PLEASE CHECK ATACHED FILE IVE DONE THE SCAN FROM THE FRST64.EXE DOWNLOAD. HERES THE RESULTS PLEase help

Attached File  FRST.txt   28.8KB   2 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 19-03-2013 02:54:08
Running from F:\
Windows 7 Home Premium   (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms [206064 2009-05-05] (SupportSoft, Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [244208 2009-06-10] (Sonic Solutions)
HKLM-x32\...\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2011-06-01] ()
HKLM-x32\...\Run: [BackupNowEZtray] "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k [580632 2011-09-23] (NTI Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [2127896 2013-01-25] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [380416 2010-11-20] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot [295072 2012-12-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [9356272db73b5bbca1d96677b6f61d22] "C:\ProgramData\hkcmde.exe" .. [115200 2013-02-13] ()
HKU\Ron Smith\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-09-23] (Microsoft Corporation)
HKU\Ron Smith\...\Run: [Google Update] "C:\Users\Ron Smith\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-05] (Google Inc.)
HKU\Ron Smith\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-05] (SUPERAntiSpyware.com)
HKU\Ron Smith\...\Run: [Soft32 Updater.exe] C:\Users\Ron Smith\AppData\Local\Soft32\Soft32 Updater\Soft32 Updater.exe /SILENT [x]
HKU\Ron Smith\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [969104 2012-12-09] (BitTorrent, Inc.)
HKU\Ron Smith\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\Ron Smith\...\Run: [5cd8f17f4086744065eb0992a09e05a2] "C:\Users\Ron Smith\AppData\Local\Temp\Trojan.exe" .. [70656 2013-02-17] ()
HKU\Ron Smith\...\Run: [GoogleChromeAutoLaunch_431CEA620B8326BDCA3B6AA2204C4467] "C:\Users\Ron Smith\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [1248208 2013-01-25] (Google Inc.)
HKU\Ron Smith\...\Run: [9356272db73b5bbca1d96677b6f61d22] "C:\ProgramData\hkcmde.exe" .. [115200 2013-02-13] ()
HKU\Ron Smith\...\CurrentVersion\Windows: [Load] C:\Users\RONSMI~1\LOCALS~1\Temp\msawahaeq.pif
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-12-05] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Ron Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe ()
Startup: C:\Users\Ron Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9356272db73b5bbca1d96677b6f61d22.exe ()
Startup: C:\Users\Ron Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk ->  (No File)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-09-07] (SUPERAntiSpyware.com)
2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [166408 2013-01-25] (Microsoft Corp.)
2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [234776 2012-09-05] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199032 2010-04-27] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [244840 2010-04-27] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [158832 2011-03-13] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
2 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [38608 2012-11-29] ()
2 vseamps; "C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe" [149544 2010-04-08] (Authentium, Inc)
2 vsedsps; "C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe" [148008 2010-04-08] (Authentium, Inc)
2 vseqrts; "C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe" [205352 2010-04-08] (Authentium, Inc)
2 SessionLauncher; C:\Users\RONSMI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [62416 2010-04-27] (McAfee, Inc.)
3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2010-05-09] (GEAR Software Inc.)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [189880 2010-04-27] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [440688 2010-04-27] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75288 2010-04-27] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [93840 2010-04-27] (McAfee, Inc.)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
1 MpKsl6a9119e5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43A67203-BBFD-4282-A5D9-03999BD258CC}\MpKsl6a9119e5.sys [35664 2013-02-18] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2012-01-04] (Windows ® Win 7 DDK provider)
1 azujgmcx; \??\C:\Windows\system32\drivers\azujgmcx.sys [x]
1 dpjkefun; \??\C:\Windows\system32\drivers\dpjkefun.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
1 eubojxub; \??\C:\Windows\system32\drivers\eubojxub.sys [x]
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [x]
1 mubpasdj; \??\C:\Windows\system32\drivers\mubpasdj.sys [x]
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [x]
1 phosauvr; \??\C:\Windows\system32\drivers\phosauvr.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-19 02:53 - 2013-03-19 02:53 - 00000000 ____D C:\FRST
2013-02-18 23:41 - 2013-02-18 19:40 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-02-18 21:03 - 2013-02-18 21:03 - 00277264 ____A C:\Windows\Minidump\021813-24772-01.dmp
2013-02-18 21:00 - 2013-02-18 21:00 - 00277264 ____A C:\Windows\Minidump\021813-24304-01.dmp
2013-02-18 21:00 - 2013-02-18 21:00 - 00000000 ____D C:\ProgramData\BackupNowEZ
2013-02-18 21:00 - 2013-02-18 21:00 - 00000000 ____D C:\ProgramData\Application Data\BackupNowEZ
2013-02-18 20:56 - 2013-02-18 20:56 - 00277264 ____A C:\Windows\Minidump\021813-25786-01.dmp
2013-02-18 20:47 - 2013-02-18 20:47 - 00277264 ____A C:\Windows\Minidump\021813-23774-01.dmp
2013-02-18 20:44 - 2013-02-13 20:11 - 00115200 ____A C:\ProgramData\hkcmde.exe
2013-02-18 20:44 - 2013-02-13 20:11 - 00115200 ____A C:\ProgramData\Application Data\hkcmde.exe
2013-02-18 19:43 - 2013-02-18 19:43 - 00277264 ____A C:\Windows\Minidump\021813-27237-01.dmp
2013-02-18 19:29 - 2013-02-18 19:29 - 00277264 ____A C:\Windows\Minidump\021813-24476-01.dmp
2013-02-18 19:23 - 2013-02-18 19:23 - 00277264 ____A C:\Windows\Minidump\021813-24133-01.dmp
2013-02-18 15:44 - 2013-02-18 15:44 - 00317184 ____A C:\Windows\Minidump\021813-28407-01.dmp
2013-02-18 15:07 - 2013-02-18 15:07 - 00277264 ____A C:\Windows\Minidump\021813-29530-01.dmp
2013-02-18 15:00 - 2013-02-18 15:00 - 00277264 ____A C:\Windows\Minidump\021813-26379-01.dmp
2013-02-18 14:48 - 2013-02-18 14:48 - 00277264 ____A C:\Windows\Minidump\021813-28860-01.dmp
2013-02-18 14:12 - 2013-02-18 14:12 - 00277264 ____A C:\Windows\Minidump\021813-28048-01.dmp
2013-02-18 10:50 - 2013-02-19 00:32 - 00000000 ____D C:\Users\Ron Smith\Downloads\[ www.UsaBit.com ] - The.Loneliest.Planet.2011.LIMITED.DVDRip.XviD-GECKOS
2013-02-18 10:47 - 2013-02-19 00:32 - 00000000 ____D C:\Users\Ron Smith\Downloads\[ www.UsaBit.com ] - The.Oranges.2011.DVDRiP.XviD-PHOBOS
2013-02-18 10:43 - 2013-02-18 11:10 - 734739466 ____A C:\Users\Ron Smith\Downloads\Shanghai Calling 2012 WEBRip X264-WBFS.mp4
2013-02-18 10:38 - 2013-02-18 10:38 - 00000000 ____D C:\Users\Ron Smith\Downloads\National Geographic-Killing Lincoln [2013]
2013-02-18 10:34 - 2013-02-19 00:32 - 00000000 ____D C:\Users\Ron Smith\Downloads\[ www.TorrentDay.com ] - Heartland.CA.S06E14.480p.HDTV.x264-mSD
2013-02-18 10:33 - 2013-02-19 00:32 - 00000000 ____D C:\Users\Ron Smith\Downloads\Revenge.S02E14.HDTV.XviD-AFG
2013-02-18 10:22 - 2013-02-19 00:32 - 00000000 ____D C:\Users\Ron Smith\Downloads\The.Mentalist.S05E14.HDTV.XviD-AFG
2013-02-18 10:20 - 2013-02-19 00:32 - 00000000 ____D C:\Users\Ron Smith\Downloads\Girls.S02E06.HDTV.XviD-AFG
2013-02-18 10:19 - 2013-02-19 00:32 - 00000000 ____D C:\Users\Ron Smith\Downloads\The.Walking.Dead.S03E10.HDTV.XviD-AFG
2013-02-17 22:30 - 2013-02-17 22:30 - 00277320 ____A C:\Windows\Minidump\021713-29437-01.dmp

==================== One Month Modified Files and Folders =======

2013-03-19 02:53 - 2013-03-19 02:53 - 00000000 ____D C:\FRST
2013-02-19 05:17 - 2011-12-05 09:16 - 00000000 ____D C:\Emergency
2013-02-19 00:32 - 2013-02-18 10:50 - 00000000 ____D C:\Users\Ron Smith\Downloads\[ www.UsaBit.com ] - The.Loneliest.Planet.2011.LIMITED.DVDRip.XviD-GECKOS
2013-02-19 00:32 - 2013-02-18 10:47 - 00000000 ____D C:\Users\Ron Smith\Downloads\[ www.UsaBit.com ] - The.Oranges.2011.DVDRiP.XviD-PHOBOS
2013-02-19 00:32 - 2013-02-18 10:34 - 00000000 ____D C:\Users\Ron Smith\Downloads\[ www.TorrentDay.com ] - Heartland.CA.S06E14.480p.HDTV.x264-mSD
2013-02-19 00:32 - 2013-02-18 10:33 - 00000000 ____D C:\Users\Ron Smith\Downloads\Revenge.S02E14.HDTV.XviD-AFG
2013-02-19 00:32 - 2013-02-18 10:22 - 00000000 ____D C:\Users\Ron Smith\Downloads\The.Mentalist.S05E14.HDTV.XviD-AFG
2013-02-19 00:32 - 2013-02-18 10:20 - 00000000 ____D C:\Users\Ron Smith\Downloads\Girls.S02E06.HDTV.XviD-AFG
2013-02-19 00:32 - 2013-02-18 10:19 - 00000000 ____D C:\Users\Ron Smith\Downloads\The.Walking.Dead.S03E10.HDTV.XviD-AFG
2013-02-19 00:32 - 2013-02-16 10:15 - 00000000 ____D C:\Users\Ron Smith\Downloads\Touch.S02E03.HDTV.XviD-AFG
2013-02-19 00:32 - 2013-02-15 22:52 - 00000000 ____D C:\Users\Ron Smith\Downloads\Malibu.Country.S01E13.HDTV.XviD-AFG
2013-02-19 00:32 - 2012-12-30 11:26 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Nero_AG
2013-02-19 00:32 - 2012-12-30 11:26 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Application Data\Nero_AG
2013-02-19 00:32 - 2012-12-30 11:26 - 00000000 ____D C:\Users\Ron Smith\AppData\Local\Nero_AG
2013-02-19 00:32 - 2012-12-26 22:27 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Nero
2013-02-19 00:32 - 2012-12-26 22:27 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Application Data\Nero
2013-02-19 00:32 - 2012-12-26 22:27 - 00000000 ____D C:\Users\Ron Smith\AppData\Local\Nero
2013-02-19 00:32 - 2012-11-15 21:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-02-19 00:32 - 2012-11-15 21:57 - 00000000 ____D C:\ProgramData\Application Data\McAfee Security Scan
2013-02-19 00:32 - 2012-06-30 21:06 - 00000000 ____D C:\Program Files (x86)\Vuze_Remote
2013-02-19 00:32 - 2012-05-02 22:59 - 00000000 ____D C:\Program Files (x86)\Stellarium
2013-02-19 00:32 - 2012-03-17 20:44 - 00000000 ____D C:\Program Files\Free Opener
2013-02-19 00:32 - 2012-03-01 16:13 - 00000000 ____D C:\Users\Ron Smith\Application Data\uTorrent
2013-02-19 00:32 - 2012-03-01 16:13 - 00000000 ____D C:\Users\Ron Smith\AppData\Roaming\uTorrent
2013-02-19 00:32 - 2012-02-24 22:23 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Soft32
2013-02-19 00:32 - 2012-02-24 22:23 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Application Data\Soft32
2013-02-19 00:32 - 2012-02-24 22:23 - 00000000 ____D C:\Users\Ron Smith\AppData\Local\Soft32
2013-02-19 00:32 - 2012-01-16 19:17 - 00000000 ____D C:\Windows\SysWOW64\custom matrices
2013-02-19 00:32 - 2012-01-16 19:17 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-02-19 00:32 - 2012-01-16 18:40 - 00000000 ____D C:\Users\Ron Smith\Application Data\SUPERAntiSpyware.com
2013-02-19 00:32 - 2012-01-16 18:40 - 00000000 ____D C:\Users\Ron Smith\AppData\Roaming\SUPERAntiSpyware.com
2013-02-19 00:32 - 2012-01-16 18:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-02-19 00:32 - 2012-01-15 23:43 - 00000000 ____D C:\Windows\SysWOW64\Drivers\nti
2013-02-19 00:32 - 2011-12-11 04:01 - 00000000 ____D C:\Windows\Minidump
2013-02-19 00:32 - 2011-12-06 18:53 - 00000000 ____D C:\Program Files\Roxio
2013-02-19 00:32 - 2011-12-06 17:50 - 00000000 ____D C:\ProgramData\Roxio
2013-02-19 00:32 - 2011-12-06 17:50 - 00000000 ____D C:\ProgramData\Application Data\Roxio
2013-02-19 00:32 - 2011-12-05 18:13 - 00000000 ____D C:\Program Files\Google
2013-02-19 00:32 - 2011-12-05 16:01 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Conduit
2013-02-19 00:32 - 2011-12-05 16:01 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Application Data\Conduit
2013-02-19 00:32 - 2011-12-05 16:01 - 00000000 ____D C:\Users\Ron Smith\AppData\Local\Conduit
2013-02-19 00:32 - 2011-12-05 16:01 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-02-19 00:32 - 2011-12-05 12:32 - 00000000 ____D C:\users\Ron Smith
2013-02-19 00:32 - 2010-10-09 15:36 - 00000000 ____D C:\dell
2013-02-19 00:32 - 2010-10-09 14:56 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-02-19 00:32 - 2010-10-09 14:55 - 00000000 ____D C:\Windows\SysWOW64\x64
2013-02-19 00:32 - 2010-10-09 14:55 - 00000000 ____D C:\Windows\SysWOW64\Lang
2013-02-19 00:32 - 2010-10-09 13:11 - 00000000 ____D C:\ProgramData\Uninstall
2013-02-19 00:32 - 2010-10-09 13:11 - 00000000 ____D C:\ProgramData\Application Data\Uninstall
2013-02-19 00:32 - 2010-10-09 13:11 - 00000000 ____D C:\Program Files (x86)\Roxio
2013-02-19 00:32 - 2010-10-09 13:05 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-02-19 00:32 - 2010-10-09 13:00 - 00000000 ____D C:\Intel
2013-02-19 00:32 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-02-19 00:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-02-19 00:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-02-19 00:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-02-19 00:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-02-19 00:29 - 2012-01-16 19:33 - 00000000 ____D C:\ProgramData\Real
2013-02-19 00:29 - 2012-01-16 19:33 - 00000000 ____D C:\ProgramData\Application Data\Real
2013-02-19 00:29 - 2012-01-15 23:43 - 00000000 ____D C:\Program Files (x86)\NTI
2013-02-19 00:29 - 2011-12-05 18:13 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Google
2013-02-19 00:29 - 2011-12-05 18:13 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Application Data\Google
2013-02-19 00:29 - 2011-12-05 18:13 - 00000000 ____D C:\Users\Ron Smith\AppData\Local\Google
2013-02-19 00:29 - 2011-12-05 18:12 - 00000000 ____D C:\ProgramData\Google
2013-02-19 00:29 - 2011-12-05 18:12 - 00000000 ____D C:\ProgramData\Application Data\Google
2013-02-19 00:29 - 2011-12-05 18:12 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-19 00:29 - 2010-10-09 13:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-02-18 21:33 - 2011-12-09 22:37 - 00059096 ____A C:\Users\Ron Smith\Local Settings\GDIPFONTCACHEV1.DAT
2013-02-18 21:33 - 2011-12-09 22:37 - 00059096 ____A C:\Users\Ron Smith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-02-18 21:33 - 2011-12-09 22:37 - 00059096 ____A C:\Users\Ron Smith\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-18 21:33 - 2011-12-06 22:31 - 00000000 ____D C:\Users\Ron Smith\Tracing
2013-02-18 21:32 - 2010-10-09 13:26 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-02-18 21:32 - 2010-10-09 13:26 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-02-18 21:32 - 2010-10-09 13:26 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-02-18 21:32 - 2010-10-09 13:26 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-02-18 21:32 - 2010-10-09 13:26 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-02-18 21:32 - 2010-10-09 13:26 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-02-18 21:20 - 2011-12-06 18:42 - 00000000 ____D C:\Users\Ron Smith\Application Data\Roxio Log Files
2013-02-18 21:20 - 2011-12-06 18:42 - 00000000 ____D C:\Users\Ron Smith\AppData\Roaming\Roxio Log Files
2013-02-18 21:09 - 2009-07-14 00:10 - 01586520 ____A C:\Windows\WindowsUpdate.log
2013-02-18 21:06 - 2012-12-02 21:26 - 00000372 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-02-18 21:05 - 2011-12-05 18:13 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-18 21:03 - 2013-02-18 21:03 - 00277264 ____A C:\Windows\Minidump\021813-24772-01.dmp
2013-02-18 21:03 - 2012-07-06 23:02 - 00017922 ____A C:\Windows\setupact.log
2013-02-18 21:03 - 2012-07-06 23:01 - 441809617 ____A C:\Windows\MEMORY.DMP
2013-02-18 21:03 - 2011-12-05 12:35 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-02-18 21:03 - 2010-10-09 14:54 - 01952518 ____A C:\Windows\PFRO.log
2013-02-18 21:03 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-18 21:00 - 2013-02-18 21:00 - 00277264 ____A C:\Windows\Minidump\021813-24304-01.dmp
2013-02-18 21:00 - 2013-02-18 21:00 - 00000000 ____D C:\ProgramData\BackupNowEZ
2013-02-18 21:00 - 2013-02-18 21:00 - 00000000 ____D C:\ProgramData\Application Data\BackupNowEZ
2013-02-18 20:56 - 2013-02-18 20:56 - 00277264 ____A C:\Windows\Minidump\021813-25786-01.dmp
2013-02-18 20:47 - 2013-02-18 20:47 - 00277264 ____A C:\Windows\Minidump\021813-23774-01.dmp
2013-02-18 20:37 - 2011-12-05 18:13 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-18 20:31 - 2011-12-08 15:38 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1342888444-3433514429-3727967558-1001UA.job
2013-02-18 20:27 - 2012-09-20 22:45 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Windows Live
2013-02-18 20:27 - 2012-09-20 22:45 - 00000000 ____D C:\Users\Ron Smith\Local Settings\Application Data\Windows Live
2013-02-18 20:27 - 2012-09-20 22:45 - 00000000 ____D C:\Users\Ron Smith\AppData\Local\Windows Live
2013-02-18 20:23 - 2012-04-04 16:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-18 19:53 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-18 19:53 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-18 19:43 - 2013-02-18 19:43 - 00277264 ____A C:\Windows\Minidump\021813-27237-01.dmp
2013-02-18 19:40 - 2013-02-18 23:41 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-02-18 19:29 - 2013-02-18 19:29 - 00277264 ____A C:\Windows\Minidump\021813-24476-01.dmp
2013-02-18 19:23 - 2013-02-18 19:23 - 00277264 ____A C:\Windows\Minidump\021813-24133-01.dmp
2013-02-18 16:31 - 2011-12-08 15:38 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1342888444-3433514429-3727967558-1001Core.job
2013-02-18 15:44 - 2013-02-18 15:44 - 00317184 ____A C:\Windows\Minidump\021813-28407-01.dmp
2013-02-18 15:13 - 2012-09-10 09:21 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-18 15:07 - 2013-02-18 15:07 - 00277264 ____A C:\Windows\Minidump\021813-29530-01.dmp
2013-02-18 15:00 - 2013-02-18 15:00 - 00277264 ____A C:\Windows\Minidump\021813-26379-01.dmp
2013-02-18 14:48 - 2013-02-18 14:48 - 00277264 ____A C:\Windows\Minidump\021813-28860-01.dmp
2013-02-18 14:12 - 2013-02-18 14:12 - 00277264 ____A C:\Windows\Minidump\021813-28048-01.dmp
2013-02-18 11:10 - 2013-02-18 10:43 - 734739466 ____A C:\Users\Ron Smith\Downloads\Shanghai Calling 2012 WEBRip X264-WBFS.mp4
2013-02-18 10:38 - 2013-02-18 10:38 - 00000000 ____D C:\Users\Ron Smith\Downloads\National Geographic-Killing Lincoln [2013]
2013-02-17 22:30 - 2013-02-17 22:30 - 00277320 ____A C:\Windows\Minidump\021713-29437-01.dmp


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-02-16 20:24:48
Restore point made on: 2013-02-18 20:39:14
Restore point made on: 2013-02-18 20:59:40
Restore point made on: 2013-02-18 21:10:39

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4060.98 MB
Available physical RAM: 3473.4 MB
Total Pagefile: 4059.13 MB
Available Pagefile: 3468.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:6.98 GB) NTFS
4 Drive f: () (Removable) (Total:7.45 GB) (Free:0.96 GB) FAT32
7 Drive i: (RECOVERY) (Fixed) (Total:12.03 GB) (Free:5.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive i: detected. Check for MBR/Partition infection.
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online         7633 MB      0 B         
  Disk 2    No Media           0 B      0 B         
  Disk 3    No Media           0 B      0 B         
  Disk 4    No Media           0 B      0 B         
  Disk 5    No Media           0 B      0 B         

Partitions of Disk 0:
===============

Disk ID: 259D4594

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                 39 MB    31 KB
  Partition 2    Primary             12 GB    40 MB
  Partition 3    Primary            453 GB    12 GB

==================================================================================

Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 8                      FAT    Partition     39 MB  Healthy    Hidden  

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     I   RECOVERY     NTFS   Partition     12 GB  Healthy            

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    453 GB  Healthy            

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           7633 MB    16 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F                FAT32  Removable   7633 MB  Healthy            

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 259D4594

Partition 1:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB

Partition 2:
=========
Hex: 8019150507FEFFFF0040010000F08001
Active: YES
Type: 07 (NTFS)
Size: 12 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF003082010028B638
Active: NO
Type: 07 (NTFS)
Size: 454 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 000021000B22D5CD20000000E08BEE00
Active: NO
Type: 0B
Size: 7 GB


Last Boot: 2013-02-13 01:56

==================== End Of Log =============================


Edited by Noviciate, 19 March 2013 - 05:44 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 AM

Posted 21 March 2013 - 08:11 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:14 AM

Posted 27 March 2013 - 08:53 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users