Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows has encountered a critical problem - FRST logs, can anyone help?


  • This topic is locked This topic is locked
52 replies to this topic

#1 Ciaranmck

Ciaranmck

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Swansea
  • Local time:12:24 AM

Posted 11 April 2013 - 09:11 AM

Hey guys, A couple of days back (right after the completion of a download of a film from utorrent, actually, and with one download 10 mins in, both files now accessed via windows recover command promp, accessing through notepad!) I got the 'Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now' error message, I get this as soon as I log on, in fact if I don't log on, after about a minuite it cuts out and rebooks anyway! I tried repairs, chkdsk's, nothing!

 

 

Found you on Google and used your info to get as far as I am now (I've run a FRST on the whole computer and a FRST search on services.exe  - Problem is I don't know what I'm looking at, was wondering if someone here had a better idea of what to do next (I pressed 'fix' and it said it needed a fix log, but I don't have a clue what I'd be doing!)

 

I'm a student with deadlines coming up and seriously need to get this computer working ASAP! Any help would be greatly appreciated!

 

I've attatched both the search.txt and frst.txt files onto here, and pasted them below - Like I said, It'd mean the earth to me to get this working, I'll buy you a virtual beer ha ha.

 

Laptops running windows 7 home premium, its a toshiba satalite, if any of this helps!

 

Thanks again guys!

 

Ciaran.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013
Ran by SYSTEM at 11-04-2013 14:44:27
Running from F:\
Windows 7 Home Premium   (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKU\Ciaran\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Ciaran\...\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme [3676952 2010-01-07] (SRS Labs, Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [282624 2013-02-18] (AVG Technologies CZ, s.r.o.)
4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
4 NACAgentService; "C:\Program Files (x86)\Enterasys Networks\NAC Agent\NacAgtSv.exe" [17441672 2010-09-29] (Enterasys Networks, Inc)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
4 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [109064 2012-06-14] (Wajam)
2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [2671376 2012-04-17] (Intel® Corporation)

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [239416 2013-02-13] (AVG Technologies CZ, s.r.o.)
3 bbcap; C:\Windows\System32\Drivers\bbcap.sys [4608 2013-03-08] (Windows ® Codename Longhorn DDK provider)
3 CompositeBus; C:\Windows\System32\Drivers\CompositeBus.sys [38912 2009-07-13] ()
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-09-24] (DT Soft Ltd)
1 HssDRV6; C:\Windows\System32\Drivers\HssDRV6.sys [41224 2012-06-01] (AnchorFree Inc.)
3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_amd64.sys [346992 2009-12-15] ()

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-10 02:01 - 2013-04-10 02:01 - 00001118 ____A C:\Settings.ini
2013-04-09 12:02 - 2013-04-09 12:02 - 00003560 ____N C:\bootsqm.dat
2013-04-09 05:55 - 2013-04-09 05:57 - 00000000 ____D C:\Users\Ciaran\Downloads\The Godfather Trilogy Part 1, 2 & 3 DVDRip
2013-04-09 05:52 - 2013-04-09 05:54 - 00000000 ____D C:\Users\Ciaran\Downloads\Harry.Potter.And.The.Deathly.Hallows.Part.2.2011.BluRay.720p.H264
2013-04-08 11:47 - 2013-04-08 12:02 - 00000000 ____D C:\Users\Ciaran\Downloads\Prometheus.2012.DVDRip.XviD-PTpOWeR
2013-04-08 06:33 - 2013-04-08 12:01 - 00000000 ____D C:\Users\Ciaran\Downloads\Billy Connolly Live In London 2010
2013-04-07 10:50 - 2013-04-07 10:50 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\dvdcss
2013-04-07 09:15 - 2013-04-07 09:15 - 00000683 ____A C:\Users\Ciaran\Desktop\Ciaran - Shortcut.lnk
2013-04-04 07:02 - 2013-04-04 07:02 - 00000000 ____D C:\Users\Ciaran\AppData\Local\SRS Labs
2013-04-04 07:01 - 2013-04-04 07:01 - 00000000 ____D C:\ProgramData\SRS Labs
2013-04-04 07:00 - 2013-04-04 07:00 - 00000000 ____D C:\Program Files\SRS Labs
2013-04-04 07:00 - 2009-12-15 05:41 - 00346992 ____A C:\Windows\System32\Drivers\SRS_SSCFilter_amd64.sys
2013-04-04 06:53 - 2013-04-04 06:54 - 08271088 ____A (SRS Labs, Inc.) C:\Users\Ciaran\Downloads\SRS_Audio_Sandbox.exe
2013-04-04 06:51 - 2007-03-21 02:22 - 00000000 ____D C:\Users\Ciaran\Desktop\Realtek Audio driver 6.0.1.5343 WHQL
2013-04-04 06:50 - 2013-04-04 06:50 - 00784680 ____A (SetupManager) C:\Users\Ciaran\Downloads\Setup (4).exe
2013-04-04 06:46 - 2013-04-04 06:47 - 14800051 ____A C:\Users\Ciaran\Downloads\sound-vista-6015343whql.zip
2013-04-03 12:14 - 2013-04-09 12:03 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Ciaran.job
2013-04-03 12:14 - 2013-04-09 05:21 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Ciaran.job
2013-04-03 12:14 - 2013-04-08 05:57 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Ciaran.job
2013-04-03 09:18 - 2013-04-07 14:00 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\vlc
2013-04-03 09:17 - 2013-04-03 09:17 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-04-03 09:15 - 2013-04-03 09:17 - 22916830 ____A C:\Users\Ciaran\Downloads\vlc-2.0.5-win32.exe
2013-04-03 09:14 - 2013-04-03 09:15 - 00393040 ____A (Softonic                                        ) C:\Users\Ciaran\Downloads\SoftonicDownloader_for_vlc-media-player.exe
2013-04-03 05:29 - 2013-04-03 05:30 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-03 05:20 - 2013-04-03 05:23 - 24842968 ____A (DVDVideoSoft Ltd.                                           ) C:\Users\Ciaran\Downloads\FreeYouTubeToMP3Converter (3).exe
2013-04-01 11:04 - 2013-04-03 05:24 - 00000000 ____D C:\Users\Ciaran\Downloads\Ill Manors (2012)
2013-04-01 11:02 - 2013-04-01 11:02 - 00846256 ____A (PrivitizeVPN) C:\Users\Ciaran\Downloads\Ill_Manors_(2012)_720p_BrRip_x264_-_YIFY_secure.exe
2013-04-01 11:02 - 2013-04-01 11:02 - 00846256 ____A (PrivitizeVPN) C:\Users\Ciaran\Downloads\Ill_Manors_(2012)_720p_BrRip_x264_-_YIFY_secure (1).exe
2013-04-01 10:59 - 2013-04-04 10:35 - 00000000 ____D C:\Users\Ciaran\Rise of the Guardians (2012)
2013-04-01 10:58 - 2013-04-01 10:59 - 00000000 ____D C:\Users\Ciaran\Pitch Perfect (2012)
2013-04-01 10:57 - 2013-04-01 10:57 - 00000000 ____D C:\Users\Ciaran\You Don't Mess With the Zohan (2008)
2013-04-01 10:56 - 2013-04-01 10:57 - 00000000 ____D C:\Users\Ciaran\Wreck It Ralph (2012)
2013-04-01 10:55 - 2013-04-01 10:56 - 00000000 ____D C:\Users\Ciaran\Life of Pi (2012)
2013-03-29 09:22 - 2013-03-29 09:26 - 00000000 ____D C:\Users\Ciaran\Documents\wallpapers
2013-03-28 06:29 - 2013-03-28 06:31 - 00000000 ____D C:\ProgramData\PMS
2013-03-28 06:29 - 2013-03-28 06:29 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2013-03-28 06:28 - 2013-03-28 06:28 - 33934236 ____A C:\Users\Ciaran\Downloads\pms-setup-windows-1.72.0.exe
2013-03-28 02:25 - 2013-03-28 02:25 - 00005180 ____A C:\Users\Ciaran\AppData\Local\recently-used.xbel
2013-03-28 01:50 - 2013-03-28 01:50 - 02123962 ____A C:\Users\Ciaran\Downloads\Easterhunt.pptx
2013-03-25 05:28 - 2013-03-25 05:28 - 67738038 ____A C:\Users\Ciaran\Downloads\Peaches bleep the pain away (Nesono RMX).wav
2013-03-24 08:27 - 2013-04-08 07:11 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-03-24 03:36 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-03-23 06:54 - 2013-03-23 06:58 - 00284824 ____A C:\Windows\Minidump\032313-171741-01.dmp
2013-03-23 04:49 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-03-23 04:49 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-03-23 04:49 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-03-23 04:49 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-03-23 04:48 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-03-23 04:48 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-03-23 04:46 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-03-23 04:46 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-03-23 04:46 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-03-23 04:46 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-03-23 04:46 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-03-23 04:46 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-03-23 04:46 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-03-23 04:46 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-03-23 04:46 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-03-23 04:46 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-03-23 04:46 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-03-23 04:46 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-03-21 01:29 - 2013-03-21 01:29 - 00000000 ____D C:\Windows\System32\SPReview
2013-03-21 01:28 - 2013-03-21 01:28 - 00000000 ____D C:\Windows\System32\EventProviders
2013-03-20 10:42 - 2013-03-20 13:49 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Microsoft Games
2013-03-20 10:34 - 2013-03-20 10:34 - 00035884 ____A C:\Users\Ciaran\Downloads\eBayISAPI.gz
2013-03-17 13:56 - 2013-03-17 14:17 - 404315838 ____A C:\Users\Ciaran\Downloads\Bigger Stronger Faster[2008]DvDrip[Eng]-FXG.avi.flv
2013-03-16 07:18 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-16 06:29 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-16 06:29 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-16 06:29 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-16 06:29 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-16 06:29 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-16 06:29 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-16 06:29 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-16 06:29 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-16 06:29 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-16 06:29 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-16 06:29 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-16 06:29 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-16 06:29 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-16 06:29 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-16 06:29 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-16 06:29 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-16 06:29 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-16 06:29 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-16 06:29 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-16 06:29 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-16 06:29 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-16 06:29 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-16 06:29 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-16 06:29 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-16 06:29 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-16 06:29 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-16 06:29 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-16 06:29 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-16 06:29 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-16 06:29 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-16 06:29 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-16 06:29 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-16 06:07 - 2013-04-11 05:04 - 00000031 ____A C:\Windows\System32\bbcap.err
2013-03-12 13:26 - 2013-03-12 13:26 - 00841937 ____A C:\Users\Ciaran\Downloads\TS010192741.dotx
2013-03-12 13:20 - 2013-03-12 13:20 - 02576230 ____A C:\Users\Ciaran\Downloads\TS101951857.dotx
2013-03-12 07:56 - 2013-03-12 07:56 - 00069632 ____A C:\Users\Ciaran\Downloads\institution0708.xls
2013-03-12 07:53 - 2013-03-12 07:53 - 00053248 ____A C:\Users\Ciaran\Downloads\BP Business Plan Financial Tables Dec09.xls


==================== One Month Modified Files and Folders =======

2013-04-11 14:43 - 2013-04-11 14:43 - 00000000 ____D C:\FRST
2013-04-11 05:04 - 2013-03-16 06:07 - 00000031 ____A C:\Windows\System32\bbcap.err
2013-04-11 05:04 - 2013-01-19 17:00 - 00005389 ____A C:\Windows\setupact.log
2013-04-11 05:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-10 03:04 - 2009-07-13 20:45 - 00015360 ____A C:\Windows\System32\umstartup.etl
2013-04-10 02:01 - 2013-04-10 02:01 - 00001118 ____A C:\Settings.ini
2013-04-09 12:03 - 2013-04-03 12:14 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Ciaran.job
2013-04-09 12:02 - 2013-04-09 12:02 - 00003560 ____N C:\bootsqm.dat
2013-04-09 09:42 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-09 06:07 - 2012-11-29 04:27 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\uTorrent
2013-04-09 05:57 - 2013-04-09 05:55 - 00000000 ____D C:\Users\Ciaran\Downloads\The Godfather Trilogy Part 1, 2 & 3 DVDRip
2013-04-09 05:54 - 2013-04-09 05:52 - 00000000 ____D C:\Users\Ciaran\Downloads\Harry.Potter.And.The.Deathly.Hallows.Part.2.2011.BluRay.720p.H264
2013-04-09 05:52 - 2012-06-28 09:14 - 01123095 ____A C:\Windows\WindowsUpdate.log
2013-04-09 05:21 - 2013-04-03 12:14 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Ciaran.job
2013-04-09 04:17 - 2012-12-19 08:19 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-09 02:48 - 2012-06-28 02:06 - 00000000 ____D C:\ProgramData\MFAData
2013-04-08 12:02 - 2013-04-08 11:47 - 00000000 ____D C:\Users\Ciaran\Downloads\Prometheus.2012.DVDRip.XviD-PTpOWeR
2013-04-08 12:01 - 2013-04-08 06:33 - 00000000 ____D C:\Users\Ciaran\Downloads\Billy Connolly Live In London 2010
2013-04-08 08:54 - 2012-09-24 03:48 - 00000000 ____D C:\Users\Ciaran\Documents\Max Payne 2 Savegames
2013-04-08 07:19 - 2009-07-13 20:45 - 00019664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-08 07:19 - 2009-07-13 20:45 - 00019664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-08 07:11 - 2013-03-24 08:27 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-04-08 05:59 - 2012-09-24 12:12 - 00000000 ____D C:\users\Guest
2013-04-08 05:57 - 2013-04-03 12:14 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Ciaran.job
2013-04-07 14:00 - 2013-04-03 09:18 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\vlc
2013-04-07 10:50 - 2013-04-07 10:50 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\dvdcss
2013-04-07 09:15 - 2013-04-07 09:15 - 00000683 ____A C:\Users\Ciaran\Desktop\Ciaran - Shortcut.lnk
2013-04-07 07:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-05 06:57 - 2012-06-28 06:13 - 00064630 ____A C:\Windows\PFRO.log
2013-04-04 11:15 - 2012-06-28 01:29 - 00000000 ____D C:\users\Ciaran
2013-04-04 10:35 - 2013-04-01 10:59 - 00000000 ____D C:\Users\Ciaran\Rise of the Guardians (2012)
2013-04-04 07:02 - 2013-04-04 07:02 - 00000000 ____D C:\Users\Ciaran\AppData\Local\SRS Labs
2013-04-04 07:01 - 2013-04-04 07:01 - 00000000 ____D C:\ProgramData\SRS Labs
2013-04-04 07:00 - 2013-04-04 07:00 - 00000000 ____D C:\Program Files\SRS Labs
2013-04-04 06:54 - 2013-04-04 06:53 - 08271088 ____A (SRS Labs, Inc.) C:\Users\Ciaran\Downloads\SRS_Audio_Sandbox.exe
2013-04-04 06:50 - 2013-04-04 06:50 - 00784680 ____A (SetupManager) C:\Users\Ciaran\Downloads\Setup (4).exe
2013-04-04 06:47 - 2013-04-04 06:46 - 14800051 ____A C:\Users\Ciaran\Downloads\sound-vista-6015343whql.zip
2013-04-03 09:17 - 2013-04-03 09:17 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-04-03 09:17 - 2013-04-03 09:15 - 22916830 ____A C:\Users\Ciaran\Downloads\vlc-2.0.5-win32.exe
2013-04-03 09:15 - 2013-04-03 09:14 - 00393040 ____A (Softonic                                        ) C:\Users\Ciaran\Downloads\SoftonicDownloader_for_vlc-media-player.exe
2013-04-03 09:13 - 2012-07-08 12:37 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\DivX
2013-04-03 05:30 - 2013-04-03 05:29 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-03 05:29 - 2012-11-04 04:49 - 00000000 ____D C:\Users\Ciaran\AppData\Roaming\DVDVideoSoft
2013-04-03 05:24 - 2013-04-01 11:04 - 00000000 ____D C:\Users\Ciaran\Downloads\Ill Manors (2012)
2013-04-03 05:24 - 2012-10-08 05:39 - 01799168 __ASH C:\Users\Ciaran\Downloads\Thumbs.db
2013-04-03 05:23 - 2013-04-03 05:20 - 24842968 ____A (DVDVideoSoft Ltd.                                           ) C:\Users\Ciaran\Downloads\FreeYouTubeToMP3Converter (3).exe
2013-04-01 11:02 - 2013-04-01 11:02 - 00846256 ____A (PrivitizeVPN) C:\Users\Ciaran\Downloads\Ill_Manors_(2012)_720p_BrRip_x264_-_YIFY_secure.exe
2013-04-01 11:02 - 2013-04-01 11:02 - 00846256 ____A (PrivitizeVPN) C:\Users\Ciaran\Downloads\Ill_Manors_(2012)_720p_BrRip_x264_-_YIFY_secure (1).exe
2013-04-01 10:59 - 2013-04-01 10:58 - 00000000 ____D C:\Users\Ciaran\Pitch Perfect (2012)
2013-04-01 10:57 - 2013-04-01 10:57 - 00000000 ____D C:\Users\Ciaran\You Don't Mess With the Zohan (2008)
2013-04-01 10:57 - 2013-04-01 10:56 - 00000000 ____D C:\Users\Ciaran\Wreck It Ralph (2012)
2013-04-01 10:56 - 2013-04-01 10:55 - 00000000 ____D C:\Users\Ciaran\Life of Pi (2012)
2013-03-29 09:27 - 2012-10-13 04:05 - 01413120 __ASH C:\Users\Ciaran\Desktop\Thumbs.db
2013-03-29 09:26 - 2013-03-29 09:22 - 00000000 ____D C:\Users\Ciaran\Documents\wallpapers
2013-03-28 11:26 - 2013-03-06 09:12 - 00000000 ____D C:\Users\Ciaran\.gimp-2.8
2013-03-28 06:31 - 2013-03-28 06:29 - 00000000 ____D C:\ProgramData\PMS
2013-03-28 06:29 - 2013-03-28 06:29 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2013-03-28 06:28 - 2013-03-28 06:28 - 33934236 ____A C:\Users\Ciaran\Downloads\pms-setup-windows-1.72.0.exe
2013-03-28 02:25 - 2013-03-28 02:25 - 00005180 ____A C:\Users\Ciaran\AppData\Local\recently-used.xbel
2013-03-28 01:50 - 2013-03-28 01:50 - 02123962 ____A C:\Users\Ciaran\Downloads\Easterhunt.pptx
2013-03-25 05:28 - 2013-03-25 05:28 - 67738038 ____A C:\Users\Ciaran\Downloads\Peaches bleep the pain away (Nesono RMX).wav
2013-03-24 10:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-03-24 08:20 - 2009-07-13 20:45 - 00419296 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-23 08:21 - 2009-07-13 21:08 - 00030752 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-03-23 08:07 - 2012-11-21 13:09 - 00000000 ____D C:\Windows\Minidump
2013-03-23 08:03 - 2012-11-21 13:09 - 316864455 ____A C:\Windows\MEMORY.DMP
2013-03-23 06:58 - 2013-03-23 06:54 - 00284824 ____A C:\Windows\Minidump\032313-171741-01.dmp
2013-03-22 08:04 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-03-22 08:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-03-22 08:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-03-22 08:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-03-22 08:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-03-22 08:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-03-22 08:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-03-22 08:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-03-22 08:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-03-22 08:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-03-22 08:04 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-03-22 08:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-03-22 08:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-03-22 08:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-03-22 08:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-03-22 08:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-03-22 08:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-03-22 08:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-03-22 08:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sppui
2013-03-22 08:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2013-03-22 08:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2013-03-22 08:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-03-22 08:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-03-22 08:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2013-03-22 08:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-03-21 01:58 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2013-03-21 01:58 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-03-21 01:29 - 2013-03-21 01:29 - 00000000 ____D C:\Windows\System32\SPReview
2013-03-21 01:28 - 2013-03-21 01:28 - 00000000 ____D C:\Windows\System32\EventProviders
2013-03-20 13:49 - 2013-03-20 10:42 - 00000000 ____D C:\Users\Ciaran\AppData\Local\Microsoft Games
2013-03-20 10:34 - 2013-03-20 10:34 - 00035884 ____A C:\Users\Ciaran\Downloads\eBayISAPI.gz
2013-03-19 07:30 - 2012-10-14 12:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-03-18 03:30 - 2012-10-04 08:45 - 00000000 ____D C:\Users\Ciaran\me and MY vivii
2013-03-17 14:17 - 2013-03-17 13:56 - 404315838 ____A C:\Users\Ciaran\Downloads\Bigger Stronger Faster[2008]DvDrip[Eng]-FXG.avi.flv
2013-03-16 06:56 - 2012-06-28 05:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-16 06:56 - 2012-06-28 05:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-16 06:37 - 2012-06-28 02:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-16 06:33 - 2012-06-28 04:47 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-12 13:26 - 2013-03-12 13:26 - 00841937 ____A C:\Users\Ciaran\Downloads\TS010192741.dotx
2013-03-12 13:20 - 2013-03-12 13:20 - 02576230 ____A C:\Users\Ciaran\Downloads\TS101951857.dotx
2013-03-12 07:56 - 2013-03-12 07:56 - 00069632 ____A C:\Users\Ciaran\Downloads\institution0708.xls
2013-03-12 07:53 - 2013-03-12 07:53 - 00053248 ____A C:\Users\Ciaran\Downloads\BP Business Plan Financial Tables Dec09.xls

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3963.99 MB
Available physical RAM: 3167.93 MB
Total Pagefile: 3962.14 MB
Available Pagefile: 3156.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:93.39 GB) NTFS
3 Drive f: (USB DISK) (Removable) (Total:3.73 GB) (Free:1.96 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          232 GB      0 B        
  Disk 1    Online         3824 MB      0 B        

Partitions of Disk 0:
===============

Disk ID: FDACEB25

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary            232 GB   101 MB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   System Rese  NTFS   Partition    100 MB  Healthy           

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    232 GB  Healthy           

=========================================================

Partitions of Disk 1:
===============

Disk ID: C3072E18

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           3823 MB    16 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F   USB DISK     FAT32  Removable   3823 MB  Healthy           

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: FDACEB25

Partition 1:
=========
Hex: 8020210007DF130C0008000000200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB

Partition 2:
=========
Hex: 00DF140C07FEFFFF002803000028191D
Active: NO
Type: 07 (NTFS)
Size: 233 GB

==============================
Partitions of Disk 1:
===============
Disk ID: C3072E18

Partition 1:
=========
Hex: 800101000B7FD6CA20000000E07F7700
Active: YES
Type: 0B
Size: 4 GB


Last Boot: 2013-04-05 08:17

==================== End Of Log =============================

 

 

 

 

 

Farbar Recovery Scan Tool (x64) Version: 11-04-2013
Ran by SYSTEM at 2013-04-11 14:47:48
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

 

 

 

THANK YOU!

Attached Files


Edited by Ciaranmck, 11 April 2013 - 09:18 AM.


BC AdBot (Login to Remove)

 


#2 Ciaranmck

Ciaranmck
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Swansea
  • Local time:12:24 AM

Posted 11 April 2013 - 02:51 PM

Oh yeah, I'd run an AVG search Hours before it went wrong too! And it found nothing :S

#3 Ciaranmck

Ciaranmck
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Swansea
  • Local time:12:24 AM

Posted 12 April 2013 - 08:49 PM

Title was: Suspected malware - putting hard drive into external caddy and scanning fix? ~ OB
 
Hey guys,

Some may have seen I've been having big issues with my laptop (windows has encountered critical error and will restart in one minuite'.

Now, being locked out of my laptop, having not backed up (because I'm an idiot), and having university deadlines as soon as Tuesday, time is really something i don't have much of!

Idea I've had is placing my hard drive into an external caddy and virus/spyware/malware scanning it externally, thus not having to run windows for it to work.

Could this work? Or is this a terrible idea?

Cheers

Keys.


Edited by Orange Blossom, 14 April 2013 - 01:53 AM.
Merged topics. ~ OB


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 15 April 2013 - 10:11 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.

Edited by Oh My, 15 April 2013 - 10:13 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 15 April 2013 - 11:23 PM

Greetings Cirian,

I think you probably know by now but I would like to provide you with a bit of information about the dangers of Peer to Peer networking, i.e. Torrents.

In addition, please run this for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Diagnose Blue Screen of Death (BSOD) Errors

--------------------
  • Boot your machine and press F8 to enter the Advanced Boot Options screen
  • Select Disable Automatic Restart on System Failure, and press Enter
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • BSOD information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Ciaranmck

Ciaranmck
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Swansea
  • Local time:12:24 AM

Posted 16 April 2013 - 05:10 AM

Thank you for your reply Gary!

But I'm afraid there is no BSOD!

Even if I start up in the mode requested, it starts up like normal, allows me to log on, as soon as I log on the error box is already there, telling me it has encountered a critical error.

When it restarts, it doesn't restart, just goes black momentarally and starts start up again!

Is there any other information I can supply you with? If it requires me to run a program it will have to be a program I can run through startup repair cmd, through a flash drive!


Since I posted my first reply, I should add I bought an external caddy and used to to access some of my files (as before mentioned I had deadlines today), while I was at it I AVG scanned it and found 4 'trojan horse generic30 ahdc' files, which are now deleted.

I'm sorry if this has effected your ability to help me.

Thank you for your information on p2p, I will certainly not be using it again! This has shown me what damage malware can really do!

Thank you very much, I appreciate this an awful lot, and I will reply ASAP to your reply.

Ciaran.

#7 Ciaranmck

Ciaranmck
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Swansea
  • Local time:12:24 AM

Posted 16 April 2013 - 07:16 AM

By the way, with me being on GMT and you being on PDT I know it will be awkward being online at similar times, but I'm usually up and active between 12am and 6pm PDT. If I get a reply within those hours I will reply instantly.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 16 April 2013 - 09:17 AM

Greetings Ciaran,

Yes, the timezones may slow things down. I will be mindful of your availability and try to catch you before 6 AM my time if possible.

I certainly understand the necessity to get your files (my son is in college too) and there is no problem with that as long as the infection on your hard drive does not contaminate your other computer. If that was going to happen it already did. You don't mention any symptoms on your second computer so we may be OK.

What I would like to do is to take a look at the AVG log and also check the integrity of your Windows 7 system files.

So please do this, if you would.

===================================================

Run sfc /scannow on an External Drive From Elevated Command

--------------------
  • Attach your infected external hard drive to your computer
  • Click Start, click on Computer, and identify the drive letter of the infected external hard drive - Use this drive letter to replace "C" in the below SFC command
  • Exit out of the Computer window
  • Click Start and Type cmd
  • Right click on cmd.jpg and select runasadministrator.jpg
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Type the following at the Command Prompt and press Enter (Note: there is a space before each backslash "/" and remember to replace the drive letter)

SFC /SCANNOW /OFFBOOTDIR=[C]:\ /OFFWINDIR=[C]:\WINDOWS

  • Upon completion, if you are notified corrupted files were found and repaired please do the following
  • Navigate to the following location, zip the file and attach it to your response

C:\Windows\Logs\CBS\CBS.log

  • Zip and attach the file in your reply.
===================================================

Please zip and attach the following file in your reply.

C:\ProgramData\AVG2013\log

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did SFC repair any files (zipped log if applicable)
  • Zipped AVG log file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Ciaranmck

Ciaranmck
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Swansea
  • Local time:12:24 AM

Posted 16 April 2013 - 09:38 AM

Ok I don't have ready access to the other computer, it's just room mates, but I should be able to use it in a few hours.

The scan was yesterday, would you like a fresh AVG scan or the log from the existing?

Thank you.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 16 April 2013 - 09:45 AM

Are you able to install the infected hard drive back into your computer?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Ciaranmck

Ciaranmck
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Swansea
  • Local time:12:24 AM

Posted 16 April 2013 - 09:55 AM

Yeah not a problem, shall I start up in recover, run cmd, and run sfc?

What drive on? I only have one drive but I'm pretty sure (when I run chkdsk at least) windows is on a partition 'R'... So shall i try searching c and r or just the one?

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 16 April 2013 - 10:05 AM

Great,

Here are the instructions for you. Also, I would like to see the log from yesterday as that will contain the information I need to review.

I am leaving for a bike ride (beautiful weather in Southern California :) ) and won't return for 3 hours or so.

===================================================

Running sfc /scannow in Windows 7/Vista Recovery Environment - Reboot Required Error

-----------------
  • Restart the computer
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears
  • Use the arrow keys to select the Repair your computer menu item
  • Select English as the keyboard language settings, and then click Next
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • Type the following after the Command Prompt and hit Enter

SFC /SCANNOW /OFFBOOTDIR=[C]:\ /OFFWINDIR=[C]:\WINDOWS

  • Following the scan attempt to boot your computer into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Ciaranmck

Ciaranmck
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Swansea
  • Local time:12:24 AM

Posted 16 April 2013 - 10:23 AM

Windows resource protection could not start the repair service.

Interestingly though I've just checked my drive numbers (via notepad) and I've got

C: System Reserved 61.8mb free of 9.99 (opened appeared empty, may be hidden files inside?)

D: local disk (contains all of the files I expected to be in C)

X: boot

I've tried changing the C to a D for the SFC an still could not start.

Enjoy your bike ride! Don't get much sun in Wales!

Ciaran.

#14 Ciaranmck

Ciaranmck
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Swansea
  • Local time:12:24 AM

Posted 16 April 2013 - 10:28 AM

Ignore that, i stupidly left the '[ ]' in, taken them out, changed C to D, and its started the scan! Will update with details

#15 Ciaranmck

Ciaranmck
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Swansea
  • Local time:12:24 AM

Posted 16 April 2013 - 11:11 AM

Same error on start up unfortunately.

 

"Windows Resource Protection found corrupt files but was unable to fix some of them."

 

I have attatched AVG logs as requested, zipped - I didn't know which you wanted so I've put every log file from the 15th into the zip file, I'm sure you'll have a better idea.

 

I've attatched the CBS, zipped, as requested too.

 

Hope this sheds some light on the issue!

 

Ciaran.

Attached Files

  • Attached File  CBS.zip   75.94KB   2 downloads
  • Attached File  AVG.zip   343.01KB   1 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users