Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't boot, tried a few things already


  • Please log in to reply
26 replies to this topic

#1 jcoxpgh

jcoxpgh

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 10 July 2013 - 11:23 PM

I was cleaning up a computer with bitdefender offline.  It told me it found four pieces of spyware.  I told bit defender to remove them. Now I get a reboot loop. I've tried the following:

 

windows recovery wont 'fix it.  I'm told it can't fix it automatically.  StartupRepairOffline. AutoFailover BadDriver.

 

sfc /scannow

chkdsk /r /f

tried fixing the bootrec

i attempted to run ntfsfix from ubuntu

I tried running frst.exe in recovery mode but I get "The subsystem needed to support this image type is not present"

I downloaded OTL.exe and burned it to disk but i get stop error 0x00000007b

 

I'm not sure what else to do.  Any suggestions?


Edited by hamluis, 11 July 2013 - 10:16 AM.
Moved from Win 7 to Am I Inspected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:38 AM

Posted 11 July 2013 - 07:28 PM

I'll report this topic to appropriate helpers.

Hold on there....


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:38 AM

Posted 11 July 2013 - 09:28 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Edited by bloopie, 11 July 2013 - 10:18 PM.
Moved from Aii to Logs forum. ~bloopie

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 jcoxpgh

jcoxpgh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 11 July 2013 - 11:46 PM

When I try to run this program in System Recovery from both the computer and my windows 7 install disc i get the following message:

 

The subsystem needed to support the image type is not present



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:38 AM

Posted 12 July 2013 - 09:15 AM

Are you using the right version, 32bit or 64 bit?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 jcoxpgh

jcoxpgh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 12 July 2013 - 10:05 AM

That was the problem  it was 64bit here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 (ATTENTION: FRST version is 8 days old)
Ran by SYSTEM on 12-07-2013 03:41:55
Running from C:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [72013344 2013-07-03] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-07-04] ()
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\Jason\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1081 2011-05-12] ()
HKU\Jason\...\Run: [Download] "C:\Users\Jason\AppData\Local\SupportSoft\ddoctorv2\Jason\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe" [x]
HKU\Jason\...\Run: [Diagnostics] rundll32 "C:\Users\Jason\AppData\Local\GoPro\Diagnostics\qpkmuj.dll",DllRegisterServerW [x] <===== ATTENTION
AppInit_DLLs:    [0 ] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e-Speaking Voice and Speech Recognition Software.appref-ms ()
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Services (Whitelisted) =================
 
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-08-01] (AVG Technologies CZ, s.r.o.)
S2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-30] (AVG Technologies CZ, s.r.o.)
S2 SkypeUpdate; C:\Users\Jason\Desktop\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
S2 sprtsvc_ddoctorv2; C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-04] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-20] (AVG Technologies CZ, s.r.o.)
S1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)
S1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-12] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-04] (AVG Technologies)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\avgldx64.sys C7D7733C4745E356CEB61DE0CD32896D
C:\Windows\System32\Drivers\avgmfx64.sys 0DB5A749ACD8E66091736F88C40207BD
C:\Windows\System32\Drivers\avgtdia.sys 8AA68C0BA2B84FD7EB3E1F10BBFC825B
C:\Windows\system32\drivers\avgtpx64.sys 34E9A86B0EF71BA72B58D72215EBFABC
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys FB4FDA64F2E8552EAEB5986C3F34462C
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys 0372C154226F7074CD150F475A4870A6
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys 36FDF367A1DABFF903E2214023D71368
C:\Windows\System32\DRIVERS\IntcDAud.sys 49072EDBC5C2F964917D1B585C90ED0A
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 184C189D4FC416978550FC599BB4EDDA
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 365ED58B47B46DE8B1C5FA759B6FCD6E
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 77B01BC848298223A95D4EC23E1785A1
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-11 18:36 - 2013-07-07 16:09 - 01934636 ____A (Farbar) C:\FRST64.exe
2013-07-09 21:50 - 2013-07-09 21:50 - 00000000 ____D C:\FRST
2013-07-09 17:32 - 2013-07-09 17:32 - 00040898 ____A C:\Extras.Txt
2013-07-09 17:28 - 2013-07-09 17:32 - 02619160 ____A C:\OTL.Txt
2013-07-08 08:05 - 2013-07-08 01:12 - 01373373 ____A (Farbar) C:\FRST.exe
2013-07-07 12:20 - 2013-07-07 12:20 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-03 19:52 - 2013-07-03 19:52 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Malwarebytes
2013-07-03 19:50 - 2013-07-03 19:51 - 00277768 ____A C:\Windows\Minidump\070313-23353-01.dmp
2013-07-03 19:49 - 2013-07-03 19:49 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-03 19:49 - 2013-04-04 10:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-03 19:49 - 2009-01-25 09:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-07-03 19:48 - 2013-07-03 19:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 19:47 - 2013-07-03 19:47 - 00254152 ____A (Secure By Design Inc.) C:\Users\Jason\Downloads\Ninite Malwarebytes Spybot 2 Installer.exe
2013-07-03 13:03 - 2013-07-03 13:03 - 00277768 ____A C:\Windows\Minidump\070313-35131-01.dmp
2013-07-03 06:32 - 2013-07-03 06:37 - 00000000 ____D C:\013affbdbfdb3b78bffa
2013-07-03 03:46 - 2013-07-03 03:46 - 00003432 ____N C:\bootsqm.dat
2013-07-02 11:55 - 2013-07-02 11:55 - 00277768 ____A C:\Windows\Minidump\070213-36317-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2013-07-09 21:50 - 2013-07-09 21:50 - 00000000 ____D C:\FRST
2013-07-09 17:32 - 2013-07-09 17:32 - 00040898 ____A C:\Extras.Txt
2013-07-09 17:32 - 2013-07-09 17:28 - 02619160 ____A C:\OTL.Txt
2013-07-08 01:12 - 2013-07-08 08:05 - 01373373 ____A (Farbar) C:\FRST.exe
2013-07-07 16:09 - 2013-07-11 18:36 - 01934636 ____A (Farbar) C:\FRST64.exe
2013-07-07 12:20 - 2013-07-07 12:20 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-07 06:13 - 2010-07-30 19:43 - 00148248 ____A C:\Windows\WindowsUpdate.log
2013-07-07 06:13 - 2010-07-30 17:31 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2013-07-07 06:13 - 2009-07-13 21:13 - 00761236 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 06:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 06:08 - 2009-07-13 20:51 - 00068243 ____A C:\Windows\setupact.log
2013-07-04 07:22 - 2011-12-13 11:51 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-04 07:22 - 2011-12-13 11:51 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-04 07:21 - 2012-11-09 11:01 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-07-04 07:20 - 2010-07-30 17:23 - 00011744 ____A C:\Windows\PFRO.log
2013-07-04 01:13 - 2010-07-31 07:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 19:52 - 2013-07-03 19:52 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Malwarebytes
2013-07-03 19:51 - 2013-07-03 19:50 - 00277768 ____A C:\Windows\Minidump\070313-23353-01.dmp
2013-07-03 19:50 - 2011-02-15 13:19 - 468040668 ____A C:\Windows\MEMORY.DMP
2013-07-03 19:50 - 2011-02-15 13:19 - 00000000 ____D C:\Windows\Minidump
2013-07-03 19:49 - 2013-07-03 19:49 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-03 19:49 - 2013-07-03 19:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 19:47 - 2013-07-03 19:47 - 00254152 ____A (Secure By Design Inc.) C:\Users\Jason\Downloads\Ninite Malwarebytes Spybot 2 Installer.exe
2013-07-03 19:31 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 19:31 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 13:03 - 2013-07-03 13:03 - 00277768 ____A C:\Windows\Minidump\070313-35131-01.dmp
2013-07-03 06:37 - 2013-07-03 06:32 - 00000000 ____D C:\013affbdbfdb3b78bffa
2013-07-03 06:37 - 2012-10-12 13:50 - 00000129 ____A C:\Windows\System32\MRT.INI
2013-07-03 06:32 - 2010-07-30 17:16 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-03 06:31 - 2010-08-25 08:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-03 03:46 - 2013-07-03 03:46 - 00003432 ____N C:\bootsqm.dat
2013-07-02 11:55 - 2013-07-02 11:55 - 00277768 ____A C:\Windows\Minidump\070213-36317-01.dmp
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
TDL4: custom:26000022 <===== ATTENTION!
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {b8e9008a-9c5d-11df-bfda-99f2e8c493ea}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {b8e9008a-9c5d-11df-bfda-99f2e8c493ea}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\b8e9008c-9c5d-11df-bfda-99f2e8c493ea\Winre.wim,{b8e9008d-9c5d-11df-bfda-99f2e8c493ea}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\b8e9008c-9c5d-11df-bfda-99f2e8c493ea\Winre.wim,{b8e9008d-9c5d-11df-bfda-99f2e8c493ea}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {b8e9008a-9c5d-11df-bfda-99f2e8c493ea}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
custom:26000022         Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {b8e9008d-9c5d-11df-bfda-99f2e8c493ea}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\b8e9008c-9c5d-11df-bfda-99f2e8c493ea\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 3892.54 MB
Available physical RAM: 3069.71 MB
Total Pagefile: 3890.69 MB
Available Pagefile: 3079.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:180.63 GB) NTFS (Disk=0 Partition=2)
Drive g: (MULTIBOOT) (Removable) (Total:14.51 GB) (Free:4.51 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected.
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E635605C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
 
LastRegBack: 2013-02-01 16:05
 
==================== End Of Log ============================


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:38 AM

Posted 12 July 2013 - 11:45 AM

Download the enclosed file.

 

Save it next to FRST64.

 

Run FRST64 as you did before, except that this time around click on the Fix button and wait.

 

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

 

Attempt to boot in Normal Mode. If successful, follow these steps:

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

 

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 jcoxpgh

jcoxpgh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 12 July 2013 - 12:08 PM

Computer still reboots.  here are the results.  Thanks btw.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-12 06:02:49 Run:1
Running from C:\
Boot Mode: Recovery
==============================================
 
HKU\Jason\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostics] rundll32 "C:\Users\Jason\AppData\Local\GoPro\Diagnostics\qpkmuj.dll",DllRegisterServerW [x => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
 
The operation completed successfully.
The operation completed successfully.
 
==== End of Fixlog ====


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:38 AM

Posted 12 July 2013 - 12:27 PM

Please rescan with FRST64 and post its report.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 jcoxpgh

jcoxpgh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 12 July 2013 - 12:50 PM

Results

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 (ATTENTION: FRST version is 8 days old)

Ran by SYSTEM on 12-07-2013 06:29:11
Running from C:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [72013344 2013-07-03] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-07-04] ()
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\Jason\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1081 2011-05-12] ()
HKU\Jason\...\Run: [Download] "C:\Users\Jason\AppData\Local\SupportSoft\ddoctorv2\Jason\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe" [x]
HKU\Jason\...\Run: [Diagnostics] rundll32 "C:\Users\Jason\AppData\Local\GoPro\Diagnostics\qpkmuj.dll",DllRegisterServerW [x] <===== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e-Speaking Voice and Speech Recognition Software.appref-ms ()
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Services (Whitelisted) =================
 
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-08-01] (AVG Technologies CZ, s.r.o.)
S2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-30] (AVG Technologies CZ, s.r.o.)
S2 SkypeUpdate; C:\Users\Jason\Desktop\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
S2 sprtsvc_ddoctorv2; C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-04] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-20] (AVG Technologies CZ, s.r.o.)
S1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)
S1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-12] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-04] (AVG Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-11 18:36 - 2013-07-07 16:09 - 01934636 ____A (Farbar) C:\FRST64.exe
2013-07-09 21:50 - 2013-07-09 21:50 - 00000000 ____D C:\FRST
2013-07-09 17:32 - 2013-07-09 17:32 - 00040898 ____A C:\Extras.Txt
2013-07-09 17:28 - 2013-07-09 17:32 - 02619160 ____A C:\OTL.Txt
2013-07-08 08:05 - 2013-07-08 01:12 - 01373373 ____A (Farbar) C:\FRST.exe
2013-07-07 12:20 - 2013-07-07 12:20 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-03 19:52 - 2013-07-03 19:52 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Malwarebytes
2013-07-03 19:50 - 2013-07-03 19:51 - 00277768 ____A C:\Windows\Minidump\070313-23353-01.dmp
2013-07-03 19:49 - 2013-07-03 19:49 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-03 19:49 - 2013-04-04 10:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-03 19:49 - 2009-01-25 09:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-07-03 19:48 - 2013-07-03 19:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 19:47 - 2013-07-03 19:47 - 00254152 ____A (Secure By Design Inc.) C:\Users\Jason\Downloads\Ninite Malwarebytes Spybot 2 Installer.exe
2013-07-03 13:03 - 2013-07-03 13:03 - 00277768 ____A C:\Windows\Minidump\070313-35131-01.dmp
2013-07-03 06:32 - 2013-07-03 06:37 - 00000000 ____D C:\013affbdbfdb3b78bffa
2013-07-03 03:46 - 2013-07-03 03:46 - 00003432 ____N C:\bootsqm.dat
2013-07-02 11:55 - 2013-07-02 11:55 - 00277768 ____A C:\Windows\Minidump\070213-36317-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2013-07-09 21:50 - 2013-07-09 21:50 - 00000000 ____D C:\FRST
2013-07-09 17:32 - 2013-07-09 17:32 - 00040898 ____A C:\Extras.Txt
2013-07-09 17:32 - 2013-07-09 17:28 - 02619160 ____A C:\OTL.Txt
2013-07-08 01:12 - 2013-07-08 08:05 - 01373373 ____A (Farbar) C:\FRST.exe
2013-07-07 16:09 - 2013-07-11 18:36 - 01934636 ____A (Farbar) C:\FRST64.exe
2013-07-07 12:20 - 2013-07-07 12:20 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-07 06:13 - 2010-07-30 19:43 - 00148248 ____A C:\Windows\WindowsUpdate.log
2013-07-07 06:13 - 2010-07-30 17:31 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2013-07-07 06:13 - 2009-07-13 21:13 - 00761236 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 06:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 06:08 - 2009-07-13 20:51 - 00068243 ____A C:\Windows\setupact.log
2013-07-04 07:22 - 2011-12-13 11:51 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-04 07:22 - 2011-12-13 11:51 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-04 07:21 - 2012-11-09 11:01 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-07-04 07:20 - 2010-07-30 17:23 - 00011744 ____A C:\Windows\PFRO.log
2013-07-04 01:13 - 2010-07-31 07:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 19:52 - 2013-07-03 19:52 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Malwarebytes
2013-07-03 19:51 - 2013-07-03 19:50 - 00277768 ____A C:\Windows\Minidump\070313-23353-01.dmp
2013-07-03 19:50 - 2011-02-15 13:19 - 468040668 ____A C:\Windows\MEMORY.DMP
2013-07-03 19:50 - 2011-02-15 13:19 - 00000000 ____D C:\Windows\Minidump
2013-07-03 19:49 - 2013-07-03 19:49 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-03 19:49 - 2013-07-03 19:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 19:47 - 2013-07-03 19:47 - 00254152 ____A (Secure By Design Inc.) C:\Users\Jason\Downloads\Ninite Malwarebytes Spybot 2 Installer.exe
2013-07-03 19:31 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 19:31 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 13:03 - 2013-07-03 13:03 - 00277768 ____A C:\Windows\Minidump\070313-35131-01.dmp
2013-07-03 06:37 - 2013-07-03 06:32 - 00000000 ____D C:\013affbdbfdb3b78bffa
2013-07-03 06:37 - 2012-10-12 13:50 - 00000129 ____A C:\Windows\System32\MRT.INI
2013-07-03 06:32 - 2010-07-30 17:16 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-03 06:31 - 2010-08-25 08:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-03 03:46 - 2013-07-03 03:46 - 00003432 ____N C:\bootsqm.dat
2013-07-02 11:55 - 2013-07-02 11:55 - 00277768 ____A C:\Windows\Minidump\070213-36317-01.dmp
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 3892.54 MB
Available physical RAM: 3051.52 MB
Total Pagefile: 3890.69 MB
Available Pagefile: 3052.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:180.63 GB) NTFS (Disk=0 Partition=2)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E635605C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2013-02-01 16:05
 
==================== End Of Log ============================


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:38 AM

Posted 12 July 2013 - 03:02 PM

Lets try this fix.
 
Download the enclosed file.
 
Save it next to FRST64 overwriting the existing one.
 
Run FRST64 as you did before, except that this time around click on the Fix button and wait.
 
The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.
 
Attempt to boot in Normal Mode. Let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 jcoxpgh

jcoxpgh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 13 July 2013 - 12:07 AM

This also didn't work. I just want to say thanks for all of your efforts here is the log:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-12 17:56:06 Run:2
Running from C:\
Boot Mode: Recovery
==============================================
 
HKU\Jason\Software\Microsoft\Windows\CurrentVersion\Run\\Download => Value deleted successfully.
HKU\Jason\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostics] rundll32 "C:\Users\Jason\AppData\Local\GoPro\Diagnostics\qpkmuj.dll",DllRegisterServerW [x => Value not found.
HKLM\System\ControlSet001\Control\Session Manager\\BootExecute => Value was restored successfully.
AVG Security Toolbar Service => Service deleted successfully.
vToolbarUpdater15.3.0 => Service deleted successfully.
C:\FRST.exe => Moved successfully.
C:\ProgramData\AVG Secure Search => Moved successfully.
C:\Program Files (x86)\AVG Secure Search => Moved successfully.
 
==== End of Fixlog ====


#13 jcoxpgh

jcoxpgh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 13 July 2013 - 12:24 AM

I ran frst64 again and here are the results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 (ATTENTION: FRST version is 8 days old)
Ran by SYSTEM on 12-07-2013 06:29:11
Running from C:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [72013344 2013-07-03] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 [202560 2008-04-24] (SupportSoft, Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2236080 2013-07-04] ()
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKU\Jason\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1081 2011-05-12] ()
HKU\Jason\...\Run: [Download] "C:\Users\Jason\AppData\Local\SupportSoft\ddoctorv2\Jason\SSGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe" [x]
HKU\Jason\...\Run: [Diagnostics] rundll32 "C:\Users\Jason\AppData\Local\GoPro\Diagnostics\qpkmuj.dll",DllRegisterServerW [x] <===== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e-Speaking Voice and Speech Recognition Software.appref-ms ()
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Services (Whitelisted) =================
 
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-08-01] (AVG Technologies CZ, s.r.o.)
S2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-30] (AVG Technologies CZ, s.r.o.)
S2 SkypeUpdate; C:\Users\Jason\Desktop\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)
S2 sprtsvc_ddoctorv2; C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-04] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-20] (AVG Technologies CZ, s.r.o.)
S1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-12] (AVG Technologies CZ, s.r.o.)
S1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-12] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-04] (AVG Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-11 18:36 - 2013-07-07 16:09 - 01934636 ____A (Farbar) C:\FRST64.exe
2013-07-09 21:50 - 2013-07-09 21:50 - 00000000 ____D C:\FRST
2013-07-09 17:32 - 2013-07-09 17:32 - 00040898 ____A C:\Extras.Txt
2013-07-09 17:28 - 2013-07-09 17:32 - 02619160 ____A C:\OTL.Txt
2013-07-08 08:05 - 2013-07-08 01:12 - 01373373 ____A (Farbar) C:\FRST.exe
2013-07-07 12:20 - 2013-07-07 12:20 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-03 19:52 - 2013-07-03 19:52 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Malwarebytes
2013-07-03 19:50 - 2013-07-03 19:51 - 00277768 ____A C:\Windows\Minidump\070313-23353-01.dmp
2013-07-03 19:49 - 2013-07-03 19:49 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-03 19:49 - 2013-04-04 10:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-03 19:49 - 2009-01-25 09:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2013-07-03 19:48 - 2013-07-03 19:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 19:47 - 2013-07-03 19:47 - 00254152 ____A (Secure By Design Inc.) C:\Users\Jason\Downloads\Ninite Malwarebytes Spybot 2 Installer.exe
2013-07-03 13:03 - 2013-07-03 13:03 - 00277768 ____A C:\Windows\Minidump\070313-35131-01.dmp
2013-07-03 06:32 - 2013-07-03 06:37 - 00000000 ____D C:\013affbdbfdb3b78bffa
2013-07-03 03:46 - 2013-07-03 03:46 - 00003432 ____N C:\bootsqm.dat
2013-07-02 11:55 - 2013-07-02 11:55 - 00277768 ____A C:\Windows\Minidump\070213-36317-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2013-07-09 21:50 - 2013-07-09 21:50 - 00000000 ____D C:\FRST
2013-07-09 17:32 - 2013-07-09 17:32 - 00040898 ____A C:\Extras.Txt
2013-07-09 17:32 - 2013-07-09 17:28 - 02619160 ____A C:\OTL.Txt
2013-07-08 01:12 - 2013-07-08 08:05 - 01373373 ____A (Farbar) C:\FRST.exe
2013-07-07 16:09 - 2013-07-11 18:36 - 01934636 ____A (Farbar) C:\FRST64.exe
2013-07-07 12:20 - 2013-07-07 12:20 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-07 06:13 - 2010-07-30 19:43 - 00148248 ____A C:\Windows\WindowsUpdate.log
2013-07-07 06:13 - 2010-07-30 17:31 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2013-07-07 06:13 - 2009-07-13 21:13 - 00761236 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 06:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 06:08 - 2009-07-13 20:51 - 00068243 ____A C:\Windows\setupact.log
2013-07-04 07:22 - 2011-12-13 11:51 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-04 07:22 - 2011-12-13 11:51 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-04 07:21 - 2012-11-09 11:01 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-07-04 07:20 - 2010-07-30 17:23 - 00011744 ____A C:\Windows\PFRO.log
2013-07-04 01:13 - 2010-07-31 07:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 19:52 - 2013-07-03 19:52 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Malwarebytes
2013-07-03 19:51 - 2013-07-03 19:50 - 00277768 ____A C:\Windows\Minidump\070313-23353-01.dmp
2013-07-03 19:50 - 2011-02-15 13:19 - 468040668 ____A C:\Windows\MEMORY.DMP
2013-07-03 19:50 - 2011-02-15 13:19 - 00000000 ____D C:\Windows\Minidump
2013-07-03 19:49 - 2013-07-03 19:49 - 00001383 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-03 19:49 - 2013-07-03 19:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-03 19:49 - 2013-07-03 19:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-03 19:47 - 2013-07-03 19:47 - 00254152 ____A (Secure By Design Inc.) C:\Users\Jason\Downloads\Ninite Malwarebytes Spybot 2 Installer.exe
2013-07-03 19:31 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 19:31 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 13:03 - 2013-07-03 13:03 - 00277768 ____A C:\Windows\Minidump\070313-35131-01.dmp
2013-07-03 06:37 - 2013-07-03 06:32 - 00000000 ____D C:\013affbdbfdb3b78bffa
2013-07-03 06:37 - 2012-10-12 13:50 - 00000129 ____A C:\Windows\System32\MRT.INI
2013-07-03 06:32 - 2010-07-30 17:16 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-03 06:31 - 2010-08-25 08:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-03 03:46 - 2013-07-03 03:46 - 00003432 ____N C:\bootsqm.dat
2013-07-02 11:55 - 2013-07-02 11:55 - 00277768 ____A C:\Windows\Minidump\070213-36317-01.dmp
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 3892.54 MB
Available physical RAM: 3051.52 MB
Total Pagefile: 3890.69 MB
Available Pagefile: 3052.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:180.63 GB) NTFS (Disk=0 Partition=2)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E635605C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2013-02-01 16:05
 
==================== End Of Log ============================


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:38 AM

Posted 13 July 2013 - 01:24 PM

Boot to the Repair Console's Command prompt. At the prompt type the following and press Enter:

sfc /scannow /offbootdir=y:\ /offwindir=c:\windows

Type Exit to return to the Advanced Menu and restart the computer in Normal Mode.
 
Let me know if the command ran and if there has been any improvement.

 

Hint:

 

Copy these instructions in Notepad and save it in the flash drive. When in the Repair Console, open this document and copy and paste the command on the prompt and press Enter.


Edited by JSntgRvr, 13 July 2013 - 01:29 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 jcoxpgh

jcoxpgh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 13 July 2013 - 05:49 PM

Beginning System scan. This process will take some time.

 

Windows Resource Protection did not find any integrity violations.

 

What should I try next?  Is this machine a lost cause?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users