Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Repair Infinite Loop - attached frst.txt


  • This topic is locked This topic is locked
191 replies to this topic

#1 janudler

janudler

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:30 PM

Posted 16 May 2013 - 06:15 PM

Hello,
 
Yesterday morning when I went to startup my computer it went into startup repair. It continues to say that it cannot repair this computer automatically and send or don't send. I always choose don't send. The View Problems details shows signature 03: unknown, signature 05: AutoFailover and Signature 07: CorruptFile.
After trying to use a win7 repair disk created on another win7 system to no avail I found a similiar issue on this site. I downloaded frst64.exe and ran and are attaching frst.txt.

 

Prior to 5/15 my system had been running a bit strange, popups coming up unprovoked, software update windows, music and videos starting randomly, anything that popped up I closed. Norton is running and will occasionally popup and say there is something to be removed, at that time I run the appropriate software.

Any help would be greatly appreciated!
Thank you - Jules

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-05-2013
Ran by SYSTEM on 16-05-2013 18:48:19
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [OCDLMgr]  [x]
HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2012-06-02] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-08-29] (Carbonite, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Adobe\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\Adobe\...\Run: [Spotify Web Helper] "C:\Users\julie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-10-08] ()
HKU\Adobe\...\Run: [Google Update] "C:\Users\julie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-14] (Google Inc.)
HKU\Adobe\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Adobe\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Adobe\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 [x]
HKU\Adobe\...\Policies\system: [DisableRegedit] 0
HKU\Adobe\...\Winlogon: [Shell] Explorer.exe
HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\Guest\...\Run: [Spotify Web Helper] "C:\Users\julie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-10-08] ()
HKU\Guest\...\Run: [Google Update] "C:\Users\julie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-14] (Google Inc.)
HKU\Guest\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Guest\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Guest\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 [x]
HKU\Guest\...\Policies\system: [DisableRegedit] 0
HKU\Guest\...\Winlogon: [Shell] Explorer.exe
HKU\julie\...\Run: [Spotify Web Helper] "C:\Users\julie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-10-08] ()
HKU\julie\...\Run: [Google Update] "C:\Users\julie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-14] (Google Inc.)
HKU\julie\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\julie\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\julie\...\Policies\system: [DisableRegedit] 0
HKU\julie\...\Winlogon: [Shell] Explorer.exe
HKU\ODesk\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\ODesk\...\Run: [Spotify Web Helper] "C:\Users\julie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-10-08] ()
HKU\ODesk\...\Run: [Google Update] "C:\Users\julie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-14] (Google Inc.)
HKU\ODesk\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\ODesk\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\ODesk\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 [x]
HKU\ODesk\...\Policies\system: [DisableRegedit] 0
HKU\ODesk\...\Winlogon: [Shell] Explorer.exe
AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
BootExecute: autocheck autochk * NaBootMir

==================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
S4 AAMWService; C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [1309528 2010-08-30] ()
S4 AAMW_WSC_Service_Vista; C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe [52616 2010-03-02] ()
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
S2 DigiRefresh; d:\Program Files (x86)\Digidesign\Digidesign\Drivers\MMERefresh.exe [77824 2007-10-30] (Digidesign, A Division of Avid Technology, Inc.)
S3 digiSPTIService; d:\Program Files (x86)\Digidesign\Digidesign\Pro Tools\digiSPTIService.exe [159744 2007-10-30] (Digidesign, A Division of Avid Technology, Inc.)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856384 2009-06-10] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] ()
S2 sprtsvc_ddoctorv2; C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
S2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2012-06-02] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2012-06-02] (SupportSoft, Inc.)
S4 Boonty Games; "C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe" [x]
S2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [x]
S3 STSService; "C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-01] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-10] (Symantec Corporation)
S1 GIDv2; C:\Windows\System32\Drivers\GIDv2.sys [29288 2011-07-05] (StrikeForce Technologies, Inc.)
S0 HKDirFlt; C:\Windows\System32\drivers\HKDirFlt.sys [37992 2010-06-23] (Wondershare Software Co.,Ltd)
S0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39216 2011-05-10] (Paragon Software Group)
S0 MirDisk; C:\Windows\System32\drivers\MirDisk.sys [28264 2010-06-23] () <===== ATTENTION
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S2 ntk_dtv; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [82416 2009-09-17] (Cyberlink Corp.)
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-13] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34040 2011-01-16] (Windows ® Codename Longhorn DDK provider)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-10-08] (Symantec Corporation)
S1 ajluudbl; \??\C:\Windows\system32\drivers\ajluudbl.sys [x]
S1 amowvsig; \??\C:\Windows\system32\drivers\amowvsig.sys [x]
S1 aouuptau; \??\C:\Windows\system32\drivers\aouuptau.sys [x]
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [x]
S1 boeejxul; \??\C:\Windows\system32\drivers\boeejxul.sys [x]
S1 ddvtvsra; \??\C:\Windows\system32\drivers\ddvtvsra.sys [x]
S1 esjdoofs; \??\C:\Windows\system32\drivers\esjdoofs.sys [x]
S1 fvkvlvfn; \??\C:\Windows\system32\drivers\fvkvlvfn.sys [x]
S1 hfkgsqyl; \??\C:\Windows\system32\drivers\hfkgsqyl.sys [x]
S1 hnisbxti; \??\C:\Windows\system32\drivers\hnisbxti.sys [x]
S1 icjktxcl; \??\C:\Windows\system32\drivers\icjktxcl.sys [x]
S1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130425.001\IDSvia64.sys [x]
S1 ikjrpumo; \??\C:\Windows\system32\drivers\ikjrpumo.sys [x]
S1 mobikqwt; \??\C:\Windows\system32\drivers\mobikqwt.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130426.017\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130426.017\EX64.SYS [x]
S1 peauserk; \??\C:\Windows\system32\drivers\peauserk.sys [x]
S1 quvhhrmv; \??\C:\Windows\system32\drivers\quvhhrmv.sys [x]
S1 SRTSP; \SystemRoot\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [x]
S0 SymDS; system32\drivers\N360x64\0502020.003\SYMDS64.SYS [x]
S0 SymEFA; system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0502020.003\Ironx64.SYS [x]
S1 SymNetS; \SystemRoot\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [x]
S1 txmttzpi; \??\C:\Windows\system32\drivers\txmttzpi.sys [x]
S1 uphdpmpn; \??\C:\Windows\system32\drivers\uphdpmpn.sys [x]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]
S1 vdpeysou; \??\C:\Windows\system32\drivers\vdpeysou.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-16 18:47 - 2013-05-16 18:47 - 00000000 ____D C:\FRST
2013-05-15 13:56 - 2013-05-15 13:56 - 00000000 ____D C:\Windows\System32\config\mybackup
2013-05-13 07:34 - 2013-05-13 07:40 - 805895954 ____A C:\Users\julie\Downloads\Portal.of.Evil.Stolen.Runes.Collectors.Edition.v1.0.0.1-TE.rar
2013-05-09 15:40 - 2013-05-09 15:40 - 00000000 ____D C:\Users\julie\AppData\Roaming\Anuman
2013-05-09 15:03 - 2013-05-09 15:03 - 00000000 ____D C:\Users\julie\Documents\Ghost of Thornton Hall
2013-05-05 16:06 - 2013-05-05 16:06 - 00000000 ___RD C:\Users\julie\Documents\HP Photo Creations
2013-05-05 16:04 - 2013-05-05 16:06 - 00001993 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-05-05 16:02 - 2013-05-05 16:03 - 41600032 ____A (HP) C:\Users\julie\Downloads\hppc-hpcom.11182.exe
2013-05-05 14:01 - 2013-05-05 14:01 - 00000064 ____A C:\Windows\GPlrLanc.dat
2013-05-03 16:47 - 2013-05-03 16:47 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2013-05-03 14:07 - 2013-05-03 14:07 - 00000000 ____A C:\Windows\SysWOW64\shoA1D4.tmp
2013-05-02 16:55 - 2013-05-02 16:55 - 00000897 ____A C:\Users\Public\Desktop\Shiver 3 - Moonlit Grove Collectors Edition.lnk
2013-04-27 20:44 - 2013-04-27 20:44 - 06287769 ____A C:\Users\julie\Downloads\adobe_creative_suite_cleaner_tool.zip
2013-04-26 15:46 - 2013-04-26 15:46 - 00000000 ____A C:\Windows\SysWOW64\shoD147.tmp
2013-04-26 08:57 - 2013-04-26 08:57 - 00002576 ____A C:\{A69E0C42-0CFE-49E8-AE71-44E6021F76EF}
2013-04-24 09:01 - 2013-04-12 06:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-19 14:00 - 2013-04-19 14:00 - 00003072 ____A C:\{7CD693C0-83FC-4CD2-85D9-B3FC5562748D}
2013-04-18 19:10 - 2013-04-18 19:10 - 00000976 ____A C:\Users\Public\Desktop\Redemption Cemetery 4 - Salvation of the Lost CE.lnk
2013-04-18 16:04 - 2013-04-18 16:04 - 00001350 ____A C:\Users\julie\Desktop\Redemption Cemetery - Salvation of the Lost - Collector's Edition.lnk
2013-04-17 17:00 - 2013-04-17 17:00 - 00000000 ____D C:\ProgramData\Candy Factory
2013-04-17 16:59 - 2013-04-17 16:59 - 00002042 ____A C:\Users\Public\Desktop\Play Grandpa's Candy Factory.lnk
2013-04-17 16:59 - 2013-04-17 16:59 - 00000000 ____D C:\Program Files (x86)\Grandpa's Candy Factory

==================== One Month Modified Files and Folders =======

2013-05-16 18:47 - 2013-05-16 18:47 - 00000000 ____D C:\FRST
2013-05-15 13:56 - 2013-05-15 13:56 - 00000000 ____D C:\Windows\System32\config\mybackup
2013-05-15 06:17 - 2010-08-11 03:28 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2013-05-15 06:14 - 2009-07-13 15:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2013-05-15 06:12 - 2009-07-13 15:25 - 00004096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll
2013-05-15 06:07 - 2009-07-13 16:01 - 00171600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2013-05-15 06:06 - 2010-08-11 03:29 - 01975296 ____A (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2013-05-15 06:05 - 2009-07-13 15:21 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2013-05-15 06:00 - 2009-07-13 15:19 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2013-05-15 05:54 - 2009-07-13 15:59 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\oleres.dll
2013-05-14 18:39 - 2010-08-10 19:40 - 01144415 ____A C:\Windows\WindowsUpdate.log
2013-05-14 18:33 - 2011-09-30 11:04 - 00000338 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-05-14 18:07 - 2012-11-30 13:22 - 00000000 ____D C:\Users\julie\AppData\Roaming\vlc
2013-05-14 17:58 - 2010-08-14 08:29 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-14 17:55 - 2010-09-07 05:45 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-347088052-1388568336-2005525118-1000UA.job
2013-05-14 17:49 - 2012-04-13 13:27 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-347088052-1388568336-2005525118-1000UA.job
2013-05-14 14:49 - 2012-04-13 13:27 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-347088052-1388568336-2005525118-1000Core.job
2013-05-14 11:55 - 2010-09-07 05:45 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-347088052-1388568336-2005525118-1000Core.job
2013-05-14 09:57 - 2010-08-14 08:29 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-14 09:45 - 2010-08-11 05:19 - 00000000 ____D C:\Users\julie\AppData\Local\Adobe
2013-05-14 03:06 - 2011-10-15 10:44 - 00000354 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-julie-PC-julie.job
2013-05-13 14:27 - 2013-04-09 14:18 - 00000000 ____D C:\Users\julie\AppData\Local\CrashDumps
2013-05-13 07:40 - 2013-05-13 07:34 - 805895954 ____A C:\Users\julie\Downloads\Portal.of.Evil.Stolen.Runes.Collectors.Edition.v1.0.0.1-TE.rar
2013-05-13 06:39 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-13 06:39 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-13 06:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-13 06:22 - 2009-07-13 20:51 - 00084526 ____A C:\Windows\setupact.log
2013-05-13 06:19 - 2010-08-16 01:34 - 00267328 ____A C:\Windows\PFRO.log
2013-05-10 08:16 - 2009-07-13 20:45 - 09057088 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-09 15:40 - 2013-05-09 15:40 - 00000000 ____D C:\Users\julie\AppData\Roaming\Anuman
2013-05-09 15:03 - 2013-05-09 15:03 - 00000000 ____D C:\Users\julie\Documents\Ghost of Thornton Hall
2013-05-08 10:12 - 2011-02-22 15:47 - 00000000 ____D C:\ProgramData\Norton
2013-05-08 05:11 - 2010-08-15 09:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-05 18:04 - 2013-01-26 12:46 - 00000000 ____D C:\ProgramData\wxDownload
2013-05-05 16:06 - 2013-05-05 16:06 - 00000000 ___RD C:\Users\julie\Documents\HP Photo Creations
2013-05-05 16:06 - 2013-05-05 16:04 - 00001993 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-05-05 16:06 - 2011-09-22 12:21 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-05-05 16:04 - 2011-09-30 11:05 - 00000000 ____D C:\ProgramData\Visan
2013-05-05 16:03 - 2013-05-05 16:02 - 41600032 ____A (HP) C:\Users\julie\Downloads\hppc-hpcom.11182.exe
2013-05-05 14:01 - 2013-05-05 14:01 - 00000064 ____A C:\Windows\GPlrLanc.dat
2013-05-04 22:48 - 2010-08-17 10:38 - 00000000 ____D C:\Users\julie\AppData\Roaming\Gogii
2013-05-03 16:47 - 2013-05-03 16:47 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2013-05-03 14:07 - 2013-05-03 14:07 - 00000000 ____A C:\Windows\SysWOW64\shoA1D4.tmp
2013-05-02 16:57 - 2010-09-09 20:38 - 00000000 ____D C:\Users\julie\AppData\Roaming\Artogon
2013-05-02 16:56 - 2010-10-02 12:20 - 00000000 ____D C:\Users\julie\AppData\Roaming\LeeGT-Games
2013-05-02 16:55 - 2013-05-02 16:55 - 00000897 ____A C:\Users\Public\Desktop\Shiver 3 - Moonlit Grove Collectors Edition.lnk
2013-05-02 07:29 - 2010-08-10 17:13 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 12:56 - 2010-08-10 19:08 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
2013-04-27 20:44 - 2013-04-27 20:44 - 06287769 ____A C:\Users\julie\Downloads\adobe_creative_suite_cleaner_tool.zip
2013-04-27 05:29 - 2011-01-08 10:35 - 00000000 ____D C:\Users\julie\AppData\Roaming\dvdcss
2013-04-26 17:47 - 2011-09-25 23:04 - 00000000 ____D C:\Windows\rescache
2013-04-26 15:46 - 2013-04-26 15:46 - 00000000 ____A C:\Windows\SysWOW64\shoD147.tmp
2013-04-26 11:33 - 2010-12-29 13:43 - 00000000 ____D C:\Users\julie\AppData\Roaming\Apple Computer
2013-04-26 11:03 - 2010-12-29 13:43 - 00000000 ____D C:\Users\julie\AppData\Local\Apple Computer
2013-04-26 08:57 - 2013-04-26 08:57 - 00002576 ____A C:\{A69E0C42-0CFE-49E8-AE71-44E6021F76EF}
2013-04-26 06:48 - 2010-08-31 08:01 - 00000000 ___RD C:\games
2013-04-26 06:38 - 2013-01-24 17:05 - 00000000 ____D C:\Ebooks
2013-04-26 06:30 - 2013-02-08 21:54 - 00000000 ____D C:\Users\julie\Downloads\EBOOKS
2013-04-19 14:00 - 2013-04-19 14:00 - 00003072 ____A C:\{7CD693C0-83FC-4CD2-85D9-B3FC5562748D}
2013-04-18 19:10 - 2013-04-18 19:10 - 00000976 ____A C:\Users\Public\Desktop\Redemption Cemetery 4 - Salvation of the Lost CE.lnk
2013-04-18 19:04 - 2011-09-16 13:01 - 00000000 ____D C:\Users\julie\AppData\Roaming\SMIGames
2013-04-18 16:16 - 2010-09-11 11:55 - 00000000 ____D C:\Users\julie\AppData\Roaming\ERS Game Studios
2013-04-18 16:04 - 2013-04-18 16:04 - 00001350 ____A C:\Users\julie\Desktop\Redemption Cemetery - Salvation of the Lost - Collector's Edition.lnk
2013-04-17 17:00 - 2013-04-17 17:00 - 00000000 ____D C:\ProgramData\Candy Factory
2013-04-17 16:59 - 2013-04-17 16:59 - 00002042 ____A C:\Users\Public\Desktop\Play Grandpa's Candy Factory.lnk
2013-04-17 16:59 - 2013-04-17 16:59 - 00000000 ____D C:\Program Files (x86)\Grandpa's Candy Factory
2013-04-17 16:59 - 2013-04-11 10:28 - 00001276 ____A C:\Users\Public\Desktop\More Great Games.lnk

Other Malware:
===========
C:\Users\julie\g2mdlhlpx.exe
C:\ProgramData\hash.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4093.2 MB
Available physical RAM: 3464.53 MB
Total Pagefile: 4091.34 MB
Available Pagefile: 3454.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:220.31 GB) (Free:10.2 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:7.21 GB) NTFS (Disk=1 Partition=1)
Drive e: (RECOVERY) (Fixed) (Total:12.58 GB) (Free:1.97 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:7.64 GB) (Free:0 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: A2BF227E)
Partition 1: (Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 0589D83F)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 8 GB) (Disk ID: 73696D20)
Partition 1: (Not Active) - (Size=-4750121984) - (Type=0A)
Partition 2: (Not Active) - (Size=260 GB) - (Type=65)
Partition 3: (Not Active) - (Size=0) - (Type=65)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)


Last Boot: 2013-04-26 17:11

==================== End Of Log ============================

 

*Moderator Edit: Moved topic from Windows 7 to the appropriate forum. FRST logs are allowed only in Malware Removal Logs. ~ Queen-Evie*

Attached Files

  • Attached File  FRST.txt   23.38KB   3 downloads

Edited by janudler, 16 May 2013 - 07:10 PM.

Thank you,

 

jules

 

In Memory of my brother Pastor James Camacho who is celebrating in heaven with his beloved Lord and Savior
"Keep the Main Thing the Main Thing"
What is the Main Thing?

Matthew 22:37 "You shall love the Lord your God with all your heart, with all your soul, and with all your mind."

 


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 21 May 2013 - 06:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/494864 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 janudler

janudler
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:30 PM

Posted 22 May 2013 - 03:30 PM

Hello,

 

I am running Windows 7 64. I do not have the original Windows CD, I upgraded and downloaded Windows 7 about two years ago.
HP dv7-1023cl. The frst log is embedded in the original post. I cannot run DDS as my system never gets into windows. On the 15th of May the computer was running fine, I had not loaded anything that day and it shut down appropriately. When I turned the computer on the next morning Startup Repair runs and comes back and cannot find the problem. I have tried to boot from a win7 startup disk that I created, but I still get in the startup repair loop. Nothing I do seems to stop this.

 

Thank you,

 

Julie Nudler

 

ORIG EMAIL:

Hello,
 
Yesterday morning when I went to startup my computer it went into startup repair. It continues to say that it cannot repair this computer automatically and send or don't send. I always choose don't send. The View Problems details shows signature 03: unknown, signature 05: AutoFailover and Signature 07: CorruptFile.
After trying to use a win7 repair disk created on another win7 system to no avail I found a similiar issue on this site. I downloaded frst64.exe and ran and are attaching frst.txt.

 

Prior to 5/15 my system had been running a bit strange, popups coming up unprovoked, software update windows, music and videos starting randomly, anything that popped up I closed. Norton is running and will occasionally popup and say there is something to be removed, at that time I run the appropriate software.

Any help would be greatly appreciated!
Thank you - Jules

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-05-2013
Ran by SYSTEM on 16-05-2013 18:48:19
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [OCDLMgr]  [x]
HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2012-06-02] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-08-29] (Carbonite, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Adobe\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\Adobe\...\Run: [Spotify Web Helper] "C:\Users\julie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-10-08] ()
HKU\Adobe\...\Run: [Google Update] "C:\Users\julie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-14] (Google Inc.)
HKU\Adobe\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Adobe\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Adobe\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 [x]
HKU\Adobe\...\Policies\system: [DisableRegedit] 0
HKU\Adobe\...\Winlogon: [Shell] Explorer.exe
HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\Guest\...\Run: [Spotify Web Helper] "C:\Users\julie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-10-08] ()
HKU\Guest\...\Run: [Google Update] "C:\Users\julie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-14] (Google Inc.)
HKU\Guest\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Guest\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Guest\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 [x]
HKU\Guest\...\Policies\system: [DisableRegedit] 0
HKU\Guest\...\Winlogon: [Shell] Explorer.exe
HKU\julie\...\Run: [Spotify Web Helper] "C:\Users\julie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-10-08] ()
HKU\julie\...\Run: [Google Update] "C:\Users\julie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-14] (Google Inc.)
HKU\julie\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\julie\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\julie\...\Policies\system: [DisableRegedit] 0
HKU\julie\...\Winlogon: [Shell] Explorer.exe
HKU\ODesk\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\ODesk\...\Run: [Spotify Web Helper] "C:\Users\julie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-10-08] ()
HKU\ODesk\...\Run: [Google Update] "C:\Users\julie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-14] (Google Inc.)
HKU\ODesk\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\ODesk\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\ODesk\...\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 [x]
HKU\ODesk\...\Policies\system: [DisableRegedit] 0
HKU\ODesk\...\Winlogon: [Shell] Explorer.exe
AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
BootExecute: autocheck autochk * NaBootMir

==================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
S4 AAMWService; C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [1309528 2010-08-30] ()
S4 AAMW_WSC_Service_Vista; C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe [52616 2010-03-02] ()
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
S2 DigiRefresh; d:\Program Files (x86)\Digidesign\Digidesign\Drivers\MMERefresh.exe [77824 2007-10-30] (Digidesign, A Division of Avid Technology, Inc.)
S3 digiSPTIService; d:\Program Files (x86)\Digidesign\Digidesign\Pro Tools\digiSPTIService.exe [159744 2007-10-30] (Digidesign, A Division of Avid Technology, Inc.)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856384 2009-06-10] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] ()
S2 sprtsvc_ddoctorv2; C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
S2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2012-06-02] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2012-06-02] (SupportSoft, Inc.)
S4 Boonty Games; "C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe" [x]
S2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [x]
S3 STSService; "C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-01] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-10] (Symantec Corporation)
S1 GIDv2; C:\Windows\System32\Drivers\GIDv2.sys [29288 2011-07-05] (StrikeForce Technologies, Inc.)
S0 HKDirFlt; C:\Windows\System32\drivers\HKDirFlt.sys [37992 2010-06-23] (Wondershare Software Co.,Ltd)
S0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39216 2011-05-10] (Paragon Software Group)
S0 MirDisk; C:\Windows\System32\drivers\MirDisk.sys [28264 2010-06-23] () <===== ATTENTION
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S2 ntk_dtv; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [82416 2009-09-17] (Cyberlink Corp.)
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-13] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34040 2011-01-16] (Windows ® Codename Longhorn DDK provider)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-10-08] (Symantec Corporation)
S1 ajluudbl; \??\C:\Windows\system32\drivers\ajluudbl.sys [x]
S1 amowvsig; \??\C:\Windows\system32\drivers\amowvsig.sys [x]
S1 aouuptau; \??\C:\Windows\system32\drivers\aouuptau.sys [x]
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [x]
S1 boeejxul; \??\C:\Windows\system32\drivers\boeejxul.sys [x]
S1 ddvtvsra; \??\C:\Windows\system32\drivers\ddvtvsra.sys [x]
S1 esjdoofs; \??\C:\Windows\system32\drivers\esjdoofs.sys [x]
S1 fvkvlvfn; \??\C:\Windows\system32\drivers\fvkvlvfn.sys [x]
S1 hfkgsqyl; \??\C:\Windows\system32\drivers\hfkgsqyl.sys [x]
S1 hnisbxti; \??\C:\Windows\system32\drivers\hnisbxti.sys [x]
S1 icjktxcl; \??\C:\Windows\system32\drivers\icjktxcl.sys [x]
S1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130425.001\IDSvia64.sys [x]
S1 ikjrpumo; \??\C:\Windows\system32\drivers\ikjrpumo.sys [x]
S1 mobikqwt; \??\C:\Windows\system32\drivers\mobikqwt.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130426.017\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130426.017\EX64.SYS [x]
S1 peauserk; \??\C:\Windows\system32\drivers\peauserk.sys [x]
S1 quvhhrmv; \??\C:\Windows\system32\drivers\quvhhrmv.sys [x]
S1 SRTSP; \SystemRoot\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [x]
S0 SymDS; system32\drivers\N360x64\0502020.003\SYMDS64.SYS [x]
S0 SymEFA; system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0502020.003\Ironx64.SYS [x]
S1 SymNetS; \SystemRoot\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [x]
S1 txmttzpi; \??\C:\Windows\system32\drivers\txmttzpi.sys [x]
S1 uphdpmpn; \??\C:\Windows\system32\drivers\uphdpmpn.sys [x]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]
S1 vdpeysou; \??\C:\Windows\system32\drivers\vdpeysou.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-16 18:47 - 2013-05-16 18:47 - 00000000 ____D C:\FRST
2013-05-15 13:56 - 2013-05-15 13:56 - 00000000 ____D C:\Windows\System32\config\mybackup
2013-05-13 07:34 - 2013-05-13 07:40 - 805895954 ____A C:\Users\julie\Downloads\Portal.of.Evil.Stolen.Runes.Collectors.Edition.v1.0.0.1-TE.rar
2013-05-09 15:40 - 2013-05-09 15:40 - 00000000 ____D C:\Users\julie\AppData\Roaming\Anuman
2013-05-09 15:03 - 2013-05-09 15:03 - 00000000 ____D C:\Users\julie\Documents\Ghost of Thornton Hall
2013-05-05 16:06 - 2013-05-05 16:06 - 00000000 ___RD C:\Users\julie\Documents\HP Photo Creations
2013-05-05 16:04 - 2013-05-05 16:06 - 00001993 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-05-05 16:02 - 2013-05-05 16:03 - 41600032 ____A (HP) C:\Users\julie\Downloads\hppc-hpcom.11182.exe
2013-05-05 14:01 - 2013-05-05 14:01 - 00000064 ____A C:\Windows\GPlrLanc.dat
2013-05-03 16:47 - 2013-05-03 16:47 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2013-05-03 14:07 - 2013-05-03 14:07 - 00000000 ____A C:\Windows\SysWOW64\shoA1D4.tmp
2013-05-02 16:55 - 2013-05-02 16:55 - 00000897 ____A C:\Users\Public\Desktop\Shiver 3 - Moonlit Grove Collectors Edition.lnk
2013-04-27 20:44 - 2013-04-27 20:44 - 06287769 ____A C:\Users\julie\Downloads\adobe_creative_suite_cleaner_tool.zip
2013-04-26 15:46 - 2013-04-26 15:46 - 00000000 ____A C:\Windows\SysWOW64\shoD147.tmp
2013-04-26 08:57 - 2013-04-26 08:57 - 00002576 ____A C:\{A69E0C42-0CFE-49E8-AE71-44E6021F76EF}
2013-04-24 09:01 - 2013-04-12 06:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-19 14:00 - 2013-04-19 14:00 - 00003072 ____A C:\{7CD693C0-83FC-4CD2-85D9-B3FC5562748D}
2013-04-18 19:10 - 2013-04-18 19:10 - 00000976 ____A C:\Users\Public\Desktop\Redemption Cemetery 4 - Salvation of the Lost CE.lnk
2013-04-18 16:04 - 2013-04-18 16:04 - 00001350 ____A C:\Users\julie\Desktop\Redemption Cemetery - Salvation of the Lost - Collector's Edition.lnk
2013-04-17 17:00 - 2013-04-17 17:00 - 00000000 ____D C:\ProgramData\Candy Factory
2013-04-17 16:59 - 2013-04-17 16:59 - 00002042 ____A C:\Users\Public\Desktop\Play Grandpa's Candy Factory.lnk
2013-04-17 16:59 - 2013-04-17 16:59 - 00000000 ____D C:\Program Files (x86)\Grandpa's Candy Factory

==================== One Month Modified Files and Folders =======

2013-05-16 18:47 - 2013-05-16 18:47 - 00000000 ____D C:\FRST
2013-05-15 13:56 - 2013-05-15 13:56 - 00000000 ____D C:\Windows\System32\config\mybackup
2013-05-15 06:17 - 2010-08-11 03:28 - 00034816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2013-05-15 06:14 - 2009-07-13 15:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2013-05-15 06:12 - 2009-07-13 15:25 - 00004096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll
2013-05-15 06:07 - 2009-07-13 16:01 - 00171600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2013-05-15 06:06 - 2010-08-11 03:29 - 01975296 ____A (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2013-05-15 06:05 - 2009-07-13 15:21 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2013-05-15 06:00 - 2009-07-13 15:19 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2013-05-15 05:54 - 2009-07-13 15:59 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\oleres.dll
2013-05-14 18:39 - 2010-08-10 19:40 - 01144415 ____A C:\Windows\WindowsUpdate.log
2013-05-14 18:33 - 2011-09-30 11:04 - 00000338 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-05-14 18:07 - 2012-11-30 13:22 - 00000000 ____D C:\Users\julie\AppData\Roaming\vlc
2013-05-14 17:58 - 2010-08-14 08:29 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-14 17:55 - 2010-09-07 05:45 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-347088052-1388568336-2005525118-1000UA.job
2013-05-14 17:49 - 2012-04-13 13:27 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-347088052-1388568336-2005525118-1000UA.job
2013-05-14 14:49 - 2012-04-13 13:27 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-347088052-1388568336-2005525118-1000Core.job
2013-05-14 11:55 - 2010-09-07 05:45 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-347088052-1388568336-2005525118-1000Core.job
2013-05-14 09:57 - 2010-08-14 08:29 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-14 09:45 - 2010-08-11 05:19 - 00000000 ____D C:\Users\julie\AppData\Local\Adobe
2013-05-14 03:06 - 2011-10-15 10:44 - 00000354 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-julie-PC-julie.job
2013-05-13 14:27 - 2013-04-09 14:18 - 00000000 ____D C:\Users\julie\AppData\Local\CrashDumps
2013-05-13 07:40 - 2013-05-13 07:34 - 805895954 ____A C:\Users\julie\Downloads\Portal.of.Evil.Stolen.Runes.Collectors.Edition.v1.0.0.1-TE.rar
2013-05-13 06:39 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-13 06:39 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-13 06:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-13 06:22 - 2009-07-13 20:51 - 00084526 ____A C:\Windows\setupact.log
2013-05-13 06:19 - 2010-08-16 01:34 - 00267328 ____A C:\Windows\PFRO.log
2013-05-10 08:16 - 2009-07-13 20:45 - 09057088 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-09 15:40 - 2013-05-09 15:40 - 00000000 ____D C:\Users\julie\AppData\Roaming\Anuman
2013-05-09 15:03 - 2013-05-09 15:03 - 00000000 ____D C:\Users\julie\Documents\Ghost of Thornton Hall
2013-05-08 10:12 - 2011-02-22 15:47 - 00000000 ____D C:\ProgramData\Norton
2013-05-08 05:11 - 2010-08-15 09:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-05 18:04 - 2013-01-26 12:46 - 00000000 ____D C:\ProgramData\wxDownload
2013-05-05 16:06 - 2013-05-05 16:06 - 00000000 ___RD C:\Users\julie\Documents\HP Photo Creations
2013-05-05 16:06 - 2013-05-05 16:04 - 00001993 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-05-05 16:06 - 2011-09-22 12:21 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-05-05 16:04 - 2011-09-30 11:05 - 00000000 ____D C:\ProgramData\Visan
2013-05-05 16:03 - 2013-05-05 16:02 - 41600032 ____A (HP) C:\Users\julie\Downloads\hppc-hpcom.11182.exe
2013-05-05 14:01 - 2013-05-05 14:01 - 00000064 ____A C:\Windows\GPlrLanc.dat
2013-05-04 22:48 - 2010-08-17 10:38 - 00000000 ____D C:\Users\julie\AppData\Roaming\Gogii
2013-05-03 16:47 - 2013-05-03 16:47 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2013-05-03 14:07 - 2013-05-03 14:07 - 00000000 ____A C:\Windows\SysWOW64\shoA1D4.tmp
2013-05-02 16:57 - 2010-09-09 20:38 - 00000000 ____D C:\Users\julie\AppData\Roaming\Artogon
2013-05-02 16:56 - 2010-10-02 12:20 - 00000000 ____D C:\Users\julie\AppData\Roaming\LeeGT-Games
2013-05-02 16:55 - 2013-05-02 16:55 - 00000897 ____A C:\Users\Public\Desktop\Shiver 3 - Moonlit Grove Collectors Edition.lnk
2013-05-02 07:29 - 2010-08-10 17:13 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 12:56 - 2010-08-10 19:08 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
2013-04-27 20:44 - 2013-04-27 20:44 - 06287769 ____A C:\Users\julie\Downloads\adobe_creative_suite_cleaner_tool.zip
2013-04-27 05:29 - 2011-01-08 10:35 - 00000000 ____D C:\Users\julie\AppData\Roaming\dvdcss
2013-04-26 17:47 - 2011-09-25 23:04 - 00000000 ____D C:\Windows\rescache
2013-04-26 15:46 - 2013-04-26 15:46 - 00000000 ____A C:\Windows\SysWOW64\shoD147.tmp
2013-04-26 11:33 - 2010-12-29 13:43 - 00000000 ____D C:\Users\julie\AppData\Roaming\Apple Computer
2013-04-26 11:03 - 2010-12-29 13:43 - 00000000 ____D C:\Users\julie\AppData\Local\Apple Computer
2013-04-26 08:57 - 2013-04-26 08:57 - 00002576 ____A C:\{A69E0C42-0CFE-49E8-AE71-44E6021F76EF}
2013-04-26 06:48 - 2010-08-31 08:01 - 00000000 ___RD C:\games
2013-04-26 06:38 - 2013-01-24 17:05 - 00000000 ____D C:\Ebooks
2013-04-26 06:30 - 2013-02-08 21:54 - 00000000 ____D C:\Users\julie\Downloads\EBOOKS
2013-04-19 14:00 - 2013-04-19 14:00 - 00003072 ____A C:\{7CD693C0-83FC-4CD2-85D9-B3FC5562748D}
2013-04-18 19:10 - 2013-04-18 19:10 - 00000976 ____A C:\Users\Public\Desktop\Redemption Cemetery 4 - Salvation of the Lost CE.lnk
2013-04-18 19:04 - 2011-09-16 13:01 - 00000000 ____D C:\Users\julie\AppData\Roaming\SMIGames
2013-04-18 16:16 - 2010-09-11 11:55 - 00000000 ____D C:\Users\julie\AppData\Roaming\ERS Game Studios
2013-04-18 16:04 - 2013-04-18 16:04 - 00001350 ____A C:\Users\julie\Desktop\Redemption Cemetery - Salvation of the Lost - Collector's Edition.lnk
2013-04-17 17:00 - 2013-04-17 17:00 - 00000000 ____D C:\ProgramData\Candy Factory
2013-04-17 16:59 - 2013-04-17 16:59 - 00002042 ____A C:\Users\Public\Desktop\Play Grandpa's Candy Factory.lnk
2013-04-17 16:59 - 2013-04-17 16:59 - 00000000 ____D C:\Program Files (x86)\Grandpa's Candy Factory
2013-04-17 16:59 - 2013-04-11 10:28 - 00001276 ____A C:\Users\Public\Desktop\More Great Games.lnk

Other Malware:
===========
C:\Users\julie\g2mdlhlpx.exe
C:\ProgramData\hash.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4093.2 MB
Available physical RAM: 3464.53 MB
Total Pagefile: 4091.34 MB
Available Pagefile: 3454.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:220.31 GB) (Free:10.2 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:7.21 GB) NTFS (Disk=1 Partition=1)
Drive e: (RECOVERY) (Fixed) (Total:12.58 GB) (Free:1.97 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:7.64 GB) (Free:0 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: A2BF227E)
Partition 1: (Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 0589D83F)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 8 GB) (Disk ID: 73696D20)
Partition 1: (Not Active) - (Size=-4750121984) - (Type=0A)
Partition 2: (Not Active) - (Size=260 GB) - (Type=65)
Partition 3: (Not Active) - (Size=0) - (Type=65)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)


Last Boot: 2013-04-26 17:11

==================== End Of Log ============================

 

*Moderator Edit: Moved topic from Windows 7 to the appropriate forum. FRST logs are allowed only in Malware Removal Logs. ~ Queen-Evie*

Attached Files

Edited by janudler, 22 May 2013 - 06:15 PM.

Thank you,

 

jules

 

In Memory of my brother Pastor James Camacho who is celebrating in heaven with his beloved Lord and Savior
"Keep the Main Thing the Main Thing"
What is the Main Thing?

Matthew 22:37 "You shall love the Lord your God with all your heart, with all your soul, and with all your mind."

 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 PM

Posted 22 May 2013 - 10:01 PM

Greetings Jules and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 PM

Posted 22 May 2013 - 11:04 PM

Greetings Jules,

Thank you again for your patience. Please do this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [OCDLMgr]  [x]
BootExecute: autocheck autochk * NaBootMir
S0 MirDisk; C:\Windows\System32\drivers\MirDisk.sys [28264 2010-06-23] () <===== ATTENTION
S1 ajluudbl; \??\C:\Windows\system32\drivers\ajluudbl.sys [x]
S1 amowvsig; \??\C:\Windows\system32\drivers\amowvsig.sys [x]
S1 aouuptau; \??\C:\Windows\system32\drivers\aouuptau.sys [x]
S1 boeejxul; \??\C:\Windows\system32\drivers\boeejxul.sys [x]
S1 ddvtvsra; \??\C:\Windows\system32\drivers\ddvtvsra.sys [x]
S1 esjdoofs; \??\C:\Windows\system32\drivers\esjdoofs.sys [x]
S1 fvkvlvfn; \??\C:\Windows\system32\drivers\fvkvlvfn.sys [x]
S1 hfkgsqyl; \??\C:\Windows\system32\drivers\hfkgsqyl.sys [x]
S1 hnisbxti; \??\C:\Windows\system32\drivers\hnisbxti.sys [x]
S1 icjktxcl; \??\C:\Windows\system32\drivers\icjktxcl.sys [x]
S1 ikjrpumo; \??\C:\Windows\system32\drivers\ikjrpumo.sys [x]
S1 mobikqwt; \??\C:\Windows\system32\drivers\mobikqwt.sys [x]
S1 peauserk; \??\C:\Windows\system32\drivers\peauserk.sys [x]
S1 quvhhrmv; \??\C:\Windows\system32\drivers\quvhhrmv.sys [x]
S1 txmttzpi; \??\C:\Windows\system32\drivers\txmttzpi.sys [x]
S1 uphdpmpn; \??\C:\Windows\system32\drivers\uphdpmpn.sys [x]
S1 vdpeysou; \??\C:\Windows\system32\drivers\vdpeysou.sys [x]
2013-05-03 14:07 - 2013-05-03 14:07 - 00000000 ____A C:\Windows\SysWOW64\shoA1D4.tmp
2013-04-26 15:46 - 2013-04-26 15:46 - 00000000 ____A C:\Windows\SysWOW64\shoD147.tmp
C:\Windows\System32\drivers\MirDisk.sys
C:\Windows\system32\drivers\ajluudbl.sys
C:\Windows\system32\drivers\amowvsig.sys
C:\Windows\system32\drivers\aouuptau.sys
C:\Windows\system32\drivers\boeejxul.sys
C:\Windows\system32\drivers\ddvtvsra.sys
C:\Windows\system32\drivers\esjdoofs.sys
C:\Windows\system32\drivers\fvkvlvfn.sys
C:\Windows\system32\drivers\hfkgsqyl.sys
C:\Windows\system32\drivers\hnisbxti.sys
C:\Windows\system32\drivers\icjktxcl.sys
C:\Windows\system32\drivers\ikjrpumo.sys
C:\Windows\system32\drivers\mobikqwt.sys
C:\Windows\system32\drivers\peauserk.sys
C:\Windows\system32\drivers\quvhhrmv.sys
C:\Windows\system32\drivers\txmttzpi.sys
C:\Windows\system32\drivers\uphdpmpn.sys
C:\Windows\system32\drivers\vdpeysou.sys
C:\Users\julie\g2mdlhlpx.exe
C:\ProgramData\hash.dat
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Please attempt to boot your computer into Normal Mode or if unsuccessful Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Were you able to boot into Normal or Safe Mode

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#6 janudler

janudler
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:30 PM

Posted 23 May 2013 - 06:52 AM

Hello Gary,

Thank you so much for helping me out. I appreciate the time you take out of your day to do this and will make sure I respond to you quickly.

 

I ran the fix and below is the fixlog. I did get a bit further when trying to boot in normal mode, when it says Starting Windows I now see the color logo starting and then I quickly get a flash of a blue screen with possibly 10 lines of text and then it goes back into startup repair. So, looking better but still cannot boot. Startup Repair gives the same results as previously stated in initial issue.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2013
Ran by SYSTEM at 2013-05-23 07:37:00 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\OCDLMgr => Value deleted successfully.
HKLM\System\ControlSet001\Control\Session Manager\\BootExecute => Value was restored successfully.
MirDisk => Service deleted successfully.
ajluudbl => Service deleted successfully.
amowvsig => Service deleted successfully.
aouuptau => Service deleted successfully.
boeejxul => Service deleted successfully.
ddvtvsra => Service deleted successfully.
esjdoofs => Service deleted successfully.
fvkvlvfn => Service deleted successfully.
hfkgsqyl => Service deleted successfully.
hnisbxti => Service deleted successfully.
icjktxcl => Service deleted successfully.
ikjrpumo => Service deleted successfully.
mobikqwt => Service deleted successfully.
peauserk => Service deleted successfully.
quvhhrmv => Service deleted successfully.
txmttzpi => Service deleted successfully.
uphdpmpn => Service deleted successfully.
vdpeysou => Service deleted successfully.
C:\Windows\SysWOW64\shoA1D4.tmp => Moved successfully.
C:\Windows\SysWOW64\shoD147.tmp => Moved successfully.
C:\Windows\System32\drivers\MirDisk.sys => Moved successfully.
C:\Windows\system32\drivers\ajluudbl.sys => File/Directory not found.
C:\Windows\system32\drivers\amowvsig.sys => File/Directory not found.
C:\Windows\system32\drivers\aouuptau.sys => File/Directory not found.
C:\Windows\system32\drivers\boeejxul.sys => File/Directory not found.
C:\Windows\system32\drivers\ddvtvsra.sys => File/Directory not found.
C:\Windows\system32\drivers\esjdoofs.sys => File/Directory not found.
C:\Windows\system32\drivers\fvkvlvfn.sys => File/Directory not found.
C:\Windows\system32\drivers\hfkgsqyl.sys => File/Directory not found.
C:\Windows\system32\drivers\hnisbxti.sys => File/Directory not found.
C:\Windows\system32\drivers\icjktxcl.sys => File/Directory not found.
C:\Windows\system32\drivers\ikjrpumo.sys => File/Directory not found.
C:\Windows\system32\drivers\mobikqwt.sys => File/Directory not found.
C:\Windows\system32\drivers\peauserk.sys => File/Directory not found.
C:\Windows\system32\drivers\quvhhrmv.sys => File/Directory not found.
C:\Windows\system32\drivers\txmttzpi.sys => File/Directory not found.
C:\Windows\system32\drivers\uphdpmpn.sys => File/Directory not found.
C:\Windows\system32\drivers\vdpeysou.sys => File/Directory not found.
C:\Users\julie\g2mdlhlpx.exe => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.

==== End of Fixlog ====

 

 

Thanks, Jules


Thank you,

 

jules

 

In Memory of my brother Pastor James Camacho who is celebrating in heaven with his beloved Lord and Savior
"Keep the Main Thing the Main Thing"
What is the Main Thing?

Matthew 22:37 "You shall love the Lord your God with all your heart, with all your soul, and with all your mind."

 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 PM

Posted 23 May 2013 - 08:05 AM

Hi Jules,

It is my pleasure to help and I trust your computer will be feeling better soon.

What we are going to do is interrupt the automatic reboot process so we can see what the text says. That might give us an important clue about what is bothering your computer when it protects itself by shutting down during the boot up process.

Please do this for me.

===================================================

Diagnose Blue Screen of Death (BSOD) Errors

--------------------
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • BSOD information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#8 janudler

janudler
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:30 PM

Posted 23 May 2013 - 10:59 AM

Thanks for getting back so quickly and sorry for delay on my end.

 

No Message

 

Technical information:

 

*** STOP: 0x0000007B (0xFFFFF880009S98E8, 0cFFFFFFFFC0000034, 0x0000000000000000, 0x0000000000000000)

 

Thanks, Jules


Thank you,

 

jules

 

In Memory of my brother Pastor James Camacho who is celebrating in heaven with his beloved Lord and Savior
"Keep the Main Thing the Main Thing"
What is the Main Thing?

Matthew 22:37 "You shall love the Lord your God with all your heart, with all your soul, and with all your mind."

 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 PM

Posted 23 May 2013 - 04:42 PM

Greetings Jules,

Thank you for the information. Please complete the following for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
Last Boot: 2013-04-26 17:11
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Please attempt to boot your computer into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does your computer boot into Normal Mode?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#10 janudler

janudler
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:30 PM

Posted 23 May 2013 - 04:59 PM

Still get BSOD with this:

 

No Message

 

Technical information:

 

*** STOP: 0x0000007B (0xFFFFF880009S98E8, 0cFFFFFFFFC0000034, 0x0000000000000000, 0x0000000000000000)

 

Here is the log file:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2013
Ran by SYSTEM at 2013-05-23 17:53:33 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

 

Thanks, Jules


Thank you,

 

jules

 

In Memory of my brother Pastor James Camacho who is celebrating in heaven with his beloved Lord and Savior
"Keep the Main Thing the Main Thing"
What is the Main Thing?

Matthew 22:37 "You shall love the Lord your God with all your heart, with all your soul, and with all your mind."

 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 PM

Posted 23 May 2013 - 05:18 PM

Hi Jules,

Thanks for trying that. We need to look a little deeper into your computer. Please do this.

===================================================

Run GETxPUD CD with MBR Report and Driver Search

--------------------
  • From a clean computer download GETxPUD.exe to the desktop of your computer
  • Launch GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image
  • Click on Start and follow the prompts to burn the image to a CD.
  • Please format your USB then download driver.sh to your USB device
  • Remove the USB device and insert it into the infected computer
  • Boot your computer with the GETxPUD CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 while booting to go into Setup and change Boot Sequence to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 or sdc1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?) If it is not there remove the USB device for 5 seconds then reinsert
  • Click Tool at the top
  • Choose Open Terminal
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

dd if=/dev/sda of=mbr.zip bs=512 count=1

  • After it has finished a file will be located on your USB drive named mbr.zip
  • In the terminal window type bash driver.sh and press Enter
  • After it has finished a report will be located on your USB device named report.txt
  • Now type bash driver.sh -af and press Enter
  • You will be prompted to input a file name. Please type the following then press Enter:

Winlogon.exe

  • After the search is completed please type the following then press Enter:

volsnap.sys

  • After the search is completed please type the following then press Enter:

svchost.exe

  • After the search is completed please type the following then press Enter:

explorer.exe

  • After the search is completed please type the following then press Enter:

Userinit.exe

  • After the search is complete please type Exit and press Enter
  • A report will be located in the USB drive as filefind.txt
  • Remove the USB drive, insert it back in your working computer
  • Copy and paste the contents of filefind.txt in your reply
  • Please zip and attach report.txt to your reply
  • Please attach mbr.zip to your reply
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • filefind.txt
  • report.zip
  • mbr.zip

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#12 janudler

janudler
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:30 PM

Posted 23 May 2013 - 09:03 PM

Hi Gary,

 

So, finally got the CD to boot, F9 on my machine. When I open the mnt folder I only see sda1, sda2, and sdb1 which are respectively my C:, E:? and D: drives. I can see all the files but do not see anything corresponds to the USB. I've tried it in two different ports and have tried to remove and then reinsert after a minute. When I remove it, in the upper right of the screen it goes through unmounting a bunch of different drives which I never see listed in mnt directory. Help?


Thank you,

 

jules

 

In Memory of my brother Pastor James Camacho who is celebrating in heaven with his beloved Lord and Savior
"Keep the Main Thing the Main Thing"
What is the Main Thing?

Matthew 22:37 "You shall love the Lord your God with all your heart, with all your soul, and with all your mind."

 


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 PM

Posted 23 May 2013 - 09:33 PM

When you open the sdb1 directory what is in it?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#14 janudler

janudler
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:30 PM

Posted 23 May 2013 - 10:09 PM

When I open sdb1 I see all the folders that I think were on my D: drive. There are Documents, Downloads, EBooks, Games, Users, Users=>Julie=>Almeza (never heard of this) and a bunch of other directories as well as a couple directories with just numbers and letters in the name (28 characters to be exact)

 

A lot of folders are from a backup from a previous system. They have been there for ages.


Edited by janudler, 23 May 2013 - 10:12 PM.

Thank you,

 

jules

 

In Memory of my brother Pastor James Camacho who is celebrating in heaven with his beloved Lord and Savior
"Keep the Main Thing the Main Thing"
What is the Main Thing?

Matthew 22:37 "You shall love the Lord your God with all your heart, with all your soul, and with all your mind."

 


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,805 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:30 PM

Posted 23 May 2013 - 10:26 PM

Is this the same USB device you used for FRST?

Here are a couple things to try.

Insert USB and boot computer, hit F9 for boot options and tell me if you see the option to boot from Removable Device/USB? Don't try to boot, just tell me if it is listed.

Boot into xPUD without the USB device inserted then once xPUD is loaded insert the USB device and see if it is detected.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users