Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gateway Laptop will not boot. Get Blue Screen


  • Please log in to reply
No replies to this topic

#1 dsygula

dsygula

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 15 April 2013 - 10:09 AM

Hi my is Dan, I have a Gateway Laptop that will not boot and I get a blue screen. I have run the FRST64 Scan tool and the log does show some problems. First is under one month modified files and folders it says Attention:check for possible partition/boot infection: C:\windows\svchost.exe. Also under Bamital and Volsnap check it says TDL4: custom: 26000022 Attention! And also under partitions it says Attention: Malware custom entry on BCD on drive Y: detected. Check for MBR/Partition infection. I would appreciate any help, thanks.

 

can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013
Ran by SYSTEM at 15-04-2013 13:42:44
Running from G:\
Windows 7 Home Premium   (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11444840 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [258304 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a [1655544 2010-10-25] (Suyin)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker 3.0\ReminderApp.exe [144672 2009-12-01] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-07-29] ()
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ===================

2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe /s  [132504 2013-03-24] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll" /prefetch:1 [132984 2011-09-29] (Symantec Corporation)
2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-08] ()

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20130322.001_c8f\BHDrvx64.sys [1387608 2013-03-21] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-16] (Symantec Corporation)
3 EraserUtilDrv11220; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [138912 2013-04-07] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20130405.001_d4c\IDSvia64.sys [513184 2013-04-05] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20130406.008\ENG64.SYS [126192 2013-04-07] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20130406.008\EX64.SYS [2087664 2013-04-07] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-15 13:42 - 2013-04-15 13:42 - 00000000 ____D C:\FRST
2013-04-14 16:54 - 2013-04-14 16:54 - 00004096 __ASH C:\{1D8FFA21-CE01-4643-BE39-8EFF7D61CFEE}.CBM
2013-04-14 15:13 - 2013-04-14 15:13 - 00299520 __ASH C:\EUMONBMP.SYS
2013-04-14 13:55 - 2013-04-14 13:57 - 00000000 ____D C:\.Trash-999
2013-04-14 10:42 - 2013-04-14 10:42 - 00000000 ____D C:\NBRT
2013-04-11 15:42 - 2013-04-11 15:42 - 00000000 __RHD C:\VProRecovery
2013-04-10 23:01 - 2013-04-10 23:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-04-09 20:36 - 2013-04-09 20:36 - 00002376 ____A C:\{1C85A618-4728-4CC3-A90E-8CEC93463536}
2013-04-09 20:17 - 2013-04-09 20:17 - 00003040 ____A C:\{E4B2DEA9-27F8-4324-8462-142DF3988B31}
2013-04-09 16:12 - 2013-04-11 10:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-04-09 16:12 - 2013-04-11 10:00 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Roaming\SUPERAntiSpyware.com
2013-04-09 16:12 - 2013-04-09 16:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-04-09 16:06 - 2013-04-11 10:00 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Local\VS Revo Group
2013-04-09 16:05 - 2013-04-11 09:59 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-04-09 16:05 - 2013-04-11 09:59 - 00000000 ____D C:\Program Files\VS Revo Group
2013-04-07 10:15 - 2013-04-11 10:21 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Roaming\HP SimpleSave Application
2013-04-07 10:15 - 2013-04-11 10:00 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Roaming\HPSS
2013-04-07 10:15 - 2013-04-11 09:59 - 00000000 ____D C:\ProgramData\HPSS
2013-03-25 16:42 - 2013-03-25 16:42 - 00275272 ____A C:\Windows\Minidump\032513-39530-01.dmp
2013-03-24 15:55 - 2013-03-24 15:55 - 00315832 ____A C:\Windows\Minidump\032413-39265-01.dmp
2013-03-17 17:03 - 2013-03-17 17:03 - 00000000 ____A C:\Windows\SysWOW64\sho9D86.tmp
2013-03-17 16:07 - 2013-03-17 16:07 - 00000129 ____A C:\Windows\System32\MRT.INI
2013-03-17 16:03 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-17 16:03 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-17 16:03 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-17 16:03 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-17 16:03 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-17 16:03 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-17 16:03 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-17 16:03 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-17 16:03 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-17 16:03 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-17 16:03 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-17 16:03 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-17 16:03 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-17 16:03 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-17 16:03 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-17 16:03 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-17 16:03 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-17 16:03 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-17 16:03 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-17 16:03 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-17 16:03 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-03-17 16:03 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-17 16:03 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-17 16:03 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-17 16:03 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-17 16:03 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-03-17 16:03 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-03-17 16:03 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-17 16:03 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-17 16:03 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-17 16:03 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-17 16:03 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-17 15:53 - 2013-03-17 15:54 - 00275216 ____A C:\Windows\Minidump\031713-36348-01.dmp

==================== One Month Modified Files and Folders =======

2013-04-14 16:54 - 2013-04-14 16:54 - 00004096 __ASH C:\{1D8FFA21-CE01-4643-BE39-8EFF7D61CFEE}.CBM
2013-04-14 15:13 - 2013-04-14 15:13 - 00299520 __ASH C:\EUMONBMP.SYS
2013-04-14 13:57 - 2013-04-14 13:55 - 00000000 ____D C:\.Trash-999
2013-04-14 10:42 - 2013-04-14 10:42 - 00000000 ____D C:\NBRT
2013-04-11 15:42 - 2013-04-11 15:42 - 00000000 __RHD C:\VProRecovery
2013-04-11 10:22 - 2011-03-28 15:09 - 00000000 ____D C:\users\Linda McGinnis
2013-04-11 10:21 - 2013-04-09 16:12 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-04-11 10:21 - 2013-04-07 10:15 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Roaming\HP SimpleSave Application
2013-04-11 10:21 - 2012-11-20 15:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-11 10:21 - 2012-03-04 15:42 - 00000000 ____D C:\Program Files (x86)\Kodak
2013-04-11 10:21 - 2012-03-04 15:40 - 00000000 ____D C:\ProgramData\Kodak
2013-04-11 10:21 - 2010-11-11 20:00 - 00000000 ____D C:\ProgramData\Norton
2013-04-11 10:21 - 2010-11-11 19:57 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-11 10:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-04-11 10:13 - 2010-11-11 19:58 - 00000000 ____D C:\ProgramData\Adobe
2013-04-11 10:00 - 2013-04-09 16:12 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Roaming\SUPERAntiSpyware.com
2013-04-11 10:00 - 2013-04-09 16:06 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Local\VS Revo Group
2013-04-11 10:00 - 2013-04-07 10:15 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Roaming\HPSS
2013-04-11 09:59 - 2013-04-09 16:05 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-04-11 09:59 - 2013-04-09 16:05 - 00000000 ____D C:\Program Files\VS Revo Group
2013-04-11 09:59 - 2013-04-07 10:15 - 00000000 ____D C:\ProgramData\HPSS
2013-04-10 23:01 - 2013-04-10 23:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-04-09 20:36 - 2013-04-09 20:36 - 00002376 ____A C:\{1C85A618-4728-4CC3-A90E-8CEC93463536}
2013-04-09 20:17 - 2013-04-09 20:17 - 00003040 ____A C:\{E4B2DEA9-27F8-4324-8462-142DF3988B31}
2013-04-09 16:12 - 2013-04-09 16:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-04-07 09:58 - 2011-03-28 15:10 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Roaming\Adobe
2013-04-07 06:39 - 2011-02-25 04:55 - 01758470 ____A C:\Windows\WindowsUpdate.log
2013-04-07 06:30 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-07 06:30 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-07 06:28 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-07 06:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-07 06:21 - 2009-07-13 20:51 - 00064387 ____A C:\Windows\setupact.log
2013-04-04 02:13 - 2011-03-28 15:10 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Local\Adobe
2013-03-25 16:42 - 2013-03-25 16:42 - 00275272 ____A C:\Windows\Minidump\032513-39530-01.dmp
2013-03-25 16:42 - 2011-06-26 07:21 - 518970541 ____A C:\Windows\MEMORY.DMP
2013-03-25 16:42 - 2011-06-26 07:21 - 00000000 ____D C:\Windows\Minidump
2013-03-25 01:57 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-03-24 15:55 - 2013-03-24 15:55 - 00315832 ____A C:\Windows\Minidump\032413-39265-01.dmp
2013-03-24 11:11 - 2011-03-28 15:37 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Roaming\SoftGrid Client
2013-03-24 10:58 - 2012-10-29 02:07 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.0
2013-03-17 19:31 - 2012-03-04 15:47 - 00000000 ____D C:\Users\Linda McGinnis\AppData\Local\Eastman_Kodak_Company
2013-03-17 19:31 - 2012-03-04 15:44 - 00000000 ____D C:\Windows\SysWOW64\kodak
2013-03-17 19:31 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-03-17 17:03 - 2013-03-17 17:03 - 00000000 ____A C:\Windows\SysWOW64\sho9D86.tmp
2013-03-17 16:52 - 2012-05-14 02:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-17 16:52 - 2012-05-14 02:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-17 16:07 - 2013-03-17 16:07 - 00000129 ____A C:\Windows\System32\MRT.INI
2013-03-17 16:05 - 2011-03-31 17:24 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-17 15:54 - 2013-03-17 15:53 - 00275216 ____A C:\Windows\Minidump\031713-36348-01.dmp
2013-03-16 22:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF


ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3834.9 MB
Available physical RAM: 3147.98 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3132.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Gateway) (Fixed) (Total:583.07 GB) (Free:527.25 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.24 GB) NTFS
4 Drive g: (EASEUSBOOT) (Removable) (Total:7.44 GB) (Free:3.93 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          596 GB      0 B        
  Disk 1    Online         7633 MB      0 B        

Partitions of Disk 0:
===============

Disk ID: 8167E29B

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery            13 GB  1024 KB
  Partition 2    Primary            100 MB    13 GB
  Partition 3    Primary            583 GB    13 GB

==================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   PQSERVICE    NTFS   Partition     13 GB  Healthy    Hidden 

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM RESE  NTFS   Partition    100 MB  Healthy           

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   Gateway      NTFS   Partition    583 GB  Healthy           

=========================================================

Partitions of Disk 1:
===============

Disk ID: 06ECDDD9

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           7633 MB    16 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   EASEUSBOOT   FAT32  Removable   7633 MB  Healthy           

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 8167E29B

Partition 1:
=========
Hex: 0020210027FEFFFF000800000000A001
Active: NO
Type: 27
Size: 13 GB

Partition 2:
=========
Hex: 80FEFFFF07FEFFFF0008A00100200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF0028A3010050E248
Active: NO
Type: 07 (NTFS)
Size: 583 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 06ECDDD9

Partition 1:
=========
Hex: 800021000B22D5CD20000000E08BEE00
Active: YES
Type: 0B
Size: 7 GB


Last Boot: 2013-04-08 18:32

==================== End Of Log =============================

 



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users