Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran hitmanpro/kickstart to remove zero access virus and now computer won't boot


  • This topic is locked This topic is locked
4 replies to this topic

#1 PacharyZaxman

PacharyZaxman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 12 August 2013 - 10:51 PM

So the same issue a lot of people seem to be having :/ I've got a dell xps14z x64 running windows 7. I used Hitman pro/kickstart to try and remove the zero access virus (disables windows security and stops you downloading with IE). Restarted thinking it had got rid of it but now the computer won't boot. Just goes to system recovery and keeps loading for ages. It asks to try and restore the system as well but it just keeps loading. Ran farbar recovery scan tool which seems to be the go. Any help would be greatly appreciated. The following is the scan result:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02
Ran by SYSTEM on 13-08-2013 03:51:27
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7233640 2011-06-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2011-06-08] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-02-11] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [6517104 2011-07-14] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-04-29] ()
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [96240 2011-08-19] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] -  [x]
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-20] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-04-29] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-19] (Apple Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] - C:\Program Files (x86)\SecureW2\sw2_tray.exe [218024 2012-12-10] (SecureW2 B.V.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-12] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKU\Zak\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\Zak\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-13] (Take-Two Interactive Software, Inc.)
HKU\Zak\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe [243360 2011-12-02] (Adobe Systems, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-06-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-09] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Zak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KeyboardLocker.lnk
ShortcutTarget: KeyboardLocker.lnk ->  (No File)
BootExecute: autocheck autochk * bootdelete
 
==================== Services (Whitelisted) =================
 
S2 0226701371744183mcinstcleanup; C:\Users\Zak\AppData\Local\Temp\022670~1.EXE [833616 2013-01-30] (McAfee, Inc.)
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-12] (Lavasoft Limited)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-12] (SurfRight B.V.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-19] (GFI Software)
S2 HitmanPro37CrusaderBoot; "E:\HitmanPro_x64.exe" /crusader:boot [x]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
S2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
S2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
S2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
S3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [x]
S2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
S2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-24] (DT Soft Ltd)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-10] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-22] (GFI Software)
S4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-12 03:26 - 2013-08-12 03:26 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-08-12 03:26 - 2013-08-12 03:26 - 00001876 _____ C:\Windows\System32\.crusader
2013-08-12 03:26 - 2013-08-12 03:26 - 00001308 _____ C:\Windows\System32\bootdelete.lst
2013-08-12 03:19 - 2013-08-13 00:06 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-12 03:19 - 2013-08-12 03:19 - 00001783 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-12 03:19 - 2013-08-12 03:19 - 00001783 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2013-08-12 03:17 - 2013-08-13 00:06 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-11 21:39 - 2013-08-11 21:50 - 106193905 _____ C:\Users\Zak\Downloads\media (57).m4v
2013-08-11 09:01 - 2013-08-11 09:12 - 111312279 _____ C:\Users\Zak\Downloads\media (56).m4v
2013-08-11 08:49 - 2013-08-11 08:59 - 117386927 _____ C:\Users\Zak\Downloads\media (55).m4v
2013-08-11 08:03 - 2013-08-11 08:06 - 106526818 _____ C:\Users\Zak\Downloads\media (54).m4v
2013-08-11 07:49 - 2013-08-11 07:49 - 10366958 _____ C:\Users\Zak\Downloads\media (54).m4v.crdownload
2013-08-11 00:22 - 2013-08-11 00:36 - 115784839 _____ C:\Users\Zak\Downloads\media (53).m4v
2013-08-10 23:27 - 2013-08-10 23:47 - 73203429 _____ C:\Users\Zak\Downloads\media (52).m4v
2013-08-10 21:59 - 2013-08-10 22:09 - 112062885 _____ C:\Users\Zak\Downloads\media (51).m4v
2013-08-10 06:02 - 2013-08-10 06:24 - 113245403 _____ C:\Users\Zak\Downloads\media (50).m4v
2013-08-10 05:26 - 2013-08-10 05:44 - 106193905 _____ C:\Users\Zak\Downloads\media (49).m4v
2013-08-07 00:51 - 2013-08-07 00:51 - 118222573 _____ C:\Users\Zak\Downloads\media (48).m4v
2013-08-06 23:08 - 2013-08-06 23:13 - 122654181 _____ C:\Users\Zak\Downloads\media (47).m4v
2013-07-31 22:24 - 2013-07-31 22:28 - 63255491 _____ C:\Users\Zak\Downloads\media(4).m4v
2013-07-31 08:21 - 2013-07-31 08:28 - 112566375 _____ C:\Users\Zak\Downloads\media (46).m4v
2013-07-30 19:30 - 2013-07-30 19:39 - 114940304 _____ C:\Users\Zak\Downloads\media (45).m4v
2013-07-28 20:10 - 2013-07-28 20:11 - 71693160 _____ C:\Users\Zak\Downloads\media (44).m4v
2013-07-26 21:48 - 2013-07-26 21:48 - 00209877 _____ C:\Users\Zak\Downloads\Keyboard Locker (1).zip
2013-07-26 21:46 - 2013-08-13 00:06 - 00000000 ____D C:\Users\Zak\Downloads\Keyboard Locker
2013-07-26 21:44 - 2013-07-26 21:44 - 00209877 _____ C:\Users\Zak\Downloads\Keyboard Locker.zip
2013-07-26 21:07 - 2013-07-26 21:13 - 112566375 _____ C:\Users\Zak\Downloads\media (43).m4v
2013-07-26 00:13 - 2013-07-30 10:14 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-26 00:13 - 2013-07-30 10:14 - 00002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-07-26 00:10 - 2013-08-12 03:17 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 00:10 - 2013-08-05 10:15 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-26 00:10 - 2013-07-26 00:13 - 00000000 ____D C:\Users\Zak\AppData\Local\Google
2013-07-26 00:10 - 2013-07-26 00:13 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 00:10 - 2013-07-26 00:10 - 00784848 _____ (Google Inc.) C:\Users\Zak\Downloads\ChromeSetup.exe
2013-07-26 00:10 - 2013-07-26 00:10 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-26 00:10 - 2013-07-26 00:10 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-26 00:05 - 2013-07-26 00:16 - 263829349 _____ C:\Users\Zak\Downloads\media(3).m4v
2013-07-24 00:04 - 2013-07-24 00:31 - 126344891 _____ C:\Users\Zak\Downloads\media (43).m4v.1qfc5tx.partial
2013-07-22 22:05 - 2013-07-23 00:48 - 00074016 _____ C:\Users\Zak\Documents\ZAK2013.TAX
2013-07-22 22:05 - 2013-07-23 00:40 - 00073200 _____ C:\Users\Zak\Documents\ZAK2013.BAK
2013-07-22 21:13 - 2013-04-10 20:06 - 00039504 _____ (ThreatTrack Security) C:\Windows\System32\Drivers\gfiark.sys
2013-07-22 21:00 - 2013-07-22 21:00 - 00001921 _____ C:\Users\Zak\Desktop\e-tax 2013.lnk
2013-07-22 21:00 - 2013-07-22 21:00 - 00000000 ____D C:\Users\Zak\AppData\Local\etax2013
2013-07-22 21:00 - 2013-07-22 21:00 - 00000000 ____D C:\Program Files (x86)\etax2013
2013-07-22 20:57 - 2013-07-22 20:58 - 09672192 _____ C:\Users\Zak\Downloads\etax2013_1.msi
2013-07-22 10:09 - 2013-07-22 10:09 - 00004316 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-22 10:07 - 2013-07-22 10:07 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-22 10:06 - 2013-07-22 10:06 - 00000000 ____D C:\Users\Zak\AppData\Roaming\LavasoftStatistics
2013-07-22 03:14 - 2013-07-22 10:08 - 00001870 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-22 03:14 - 2013-07-22 10:08 - 00001870 _____ C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2013-07-22 03:14 - 2013-07-22 03:14 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-22 03:13 - 2013-08-13 00:06 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-22 03:13 - 2013-07-22 03:15 - 00000000 ____D C:\Users\Zak\AppData\Local\adawarebp
2013-07-22 03:13 - 2013-07-22 03:13 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-22 03:13 - 2013-07-22 03:13 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-07-22 03:13 - 2013-07-22 03:13 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-22 03:13 - 2013-07-22 03:13 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-22 03:13 - 2013-07-22 03:13 - 00000000 ____D C:\Program Files (x86)\adawaretb
2013-07-22 02:57 - 2013-08-10 05:17 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Ad-Aware Antivirus
2013-07-22 02:57 - 2013-07-22 02:57 - 00014456 _____ (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-07-22 02:57 - 2012-09-19 14:40 - 00047496 _____ (GFI Software) C:\Windows\System32\sbbd.exe
2013-07-22 02:50 - 2013-07-22 02:57 - 05616264 _____ (Lavasoft Limited) C:\Users\Zak\Desktop\Adaware_Installer.exe
2013-07-21 21:44 - 2013-08-12 00:54 - 00000000 ____D C:\Users\Zak\Documents\Lecture Notes SEM2-2013
 
==================== One Month Modified Files and Folders =======
 
2013-08-13 00:06 - 2013-08-12 03:19 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-13 00:06 - 2013-08-12 03:17 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-13 00:06 - 2013-07-26 21:46 - 00000000 ____D C:\Users\Zak\Downloads\Keyboard Locker
2013-08-13 00:06 - 2013-07-22 03:13 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-13 00:06 - 2013-05-25 22:30 - 00000000 ____D C:\Program Files\My Dell
2013-08-13 00:06 - 2013-04-17 22:00 - 00000000 ____D C:\ProgramData\PCDr
2013-08-13 00:06 - 2013-04-15 23:09 - 00000000 ____D C:\Users\Zak\AppData\Roaming\TeamViewer
2013-08-13 00:06 - 2013-04-15 03:27 - 00000000 ____D C:\Users\Zak\AppData\Roaming\vlc
2013-08-13 00:06 - 2013-04-13 06:34 - 00000000 ____D C:\users\Zak
2013-08-13 00:06 - 2011-12-02 05:46 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-13 00:06 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-12 18:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-08-12 03:26 - 2013-08-12 03:26 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-08-12 03:26 - 2013-08-12 03:26 - 00001876 _____ C:\Windows\System32\.crusader
2013-08-12 03:26 - 2013-08-12 03:26 - 00001308 _____ C:\Windows\System32\bootdelete.lst
2013-08-12 03:26 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 03:26 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 03:23 - 2009-07-14 00:13 - 00778660 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-12 03:19 - 2013-08-12 03:19 - 00001783 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-12 03:19 - 2013-08-12 03:19 - 00001783 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2013-08-12 03:18 - 2009-07-13 23:51 - 00079327 _____ C:\Windows\setupact.log
2013-08-12 03:17 - 2013-07-26 00:10 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-12 03:17 - 2011-12-02 04:24 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-08-12 03:17 - 2011-12-02 04:24 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-08-12 03:17 - 2011-12-02 04:14 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-12 03:17 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-12 00:54 - 2013-07-21 21:44 - 00000000 ____D C:\Users\Zak\Documents\Lecture Notes SEM2-2013
2013-08-12 00:53 - 2011-12-02 04:36 - 00000000 ____D C:\ProgramData\Sonic
2013-08-11 21:50 - 2013-08-11 21:39 - 106193905 _____ C:\Users\Zak\Downloads\media (57).m4v
2013-08-11 09:12 - 2013-08-11 09:01 - 111312279 _____ C:\Users\Zak\Downloads\media (56).m4v
2013-08-11 08:59 - 2013-08-11 08:49 - 117386927 _____ C:\Users\Zak\Downloads\media (55).m4v
2013-08-11 08:06 - 2013-08-11 08:03 - 106526818 _____ C:\Users\Zak\Downloads\media (54).m4v
2013-08-11 07:49 - 2013-08-11 07:49 - 10366958 _____ C:\Users\Zak\Downloads\media (54).m4v.crdownload
2013-08-11 00:36 - 2013-08-11 00:22 - 115784839 _____ C:\Users\Zak\Downloads\media (53).m4v
2013-08-10 23:47 - 2013-08-10 23:27 - 73203429 _____ C:\Users\Zak\Downloads\media (52).m4v
2013-08-10 22:09 - 2013-08-10 21:59 - 112062885 _____ C:\Users\Zak\Downloads\media (51).m4v
2013-08-10 06:24 - 2013-08-10 06:02 - 113245403 _____ C:\Users\Zak\Downloads\media (50).m4v
2013-08-10 05:44 - 2013-08-10 05:26 - 106193905 _____ C:\Users\Zak\Downloads\media (49).m4v
2013-08-10 05:17 - 2013-07-22 02:57 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Ad-Aware Antivirus
2013-08-10 05:15 - 2013-05-22 01:13 - 00000000 ____D C:\Users\Zak\Documents\Random Uni Stuff
2013-08-07 00:51 - 2013-08-07 00:51 - 118222573 _____ C:\Users\Zak\Downloads\media (48).m4v
2013-08-06 23:13 - 2013-08-06 23:08 - 122654181 _____ C:\Users\Zak\Downloads\media (47).m4v
2013-08-05 10:15 - 2013-07-26 00:10 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-03 00:04 - 2011-12-02 05:48 - 01936676 _____ C:\Windows\WindowsUpdate.log
2013-08-03 00:03 - 2013-05-25 22:31 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-07-31 22:28 - 2013-07-31 22:24 - 63255491 _____ C:\Users\Zak\Downloads\media(4).m4v
2013-07-31 08:28 - 2013-07-31 08:21 - 112566375 _____ C:\Users\Zak\Downloads\media (46).m4v
2013-07-30 19:39 - 2013-07-30 19:30 - 114940304 _____ C:\Users\Zak\Downloads\media (45).m4v
2013-07-30 10:14 - 2013-07-26 00:13 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-30 10:14 - 2013-07-26 00:13 - 00002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-07-28 20:11 - 2013-07-28 20:10 - 71693160 _____ C:\Users\Zak\Downloads\media (44).m4v
2013-07-26 21:48 - 2013-07-26 21:48 - 00209877 _____ C:\Users\Zak\Downloads\Keyboard Locker (1).zip
2013-07-26 21:44 - 2013-07-26 21:44 - 00209877 _____ C:\Users\Zak\Downloads\Keyboard Locker.zip
2013-07-26 21:13 - 2013-07-26 21:07 - 112566375 _____ C:\Users\Zak\Downloads\media (43).m4v
2013-07-26 00:16 - 2013-07-26 00:05 - 263829349 _____ C:\Users\Zak\Downloads\media(3).m4v
2013-07-26 00:13 - 2013-07-26 00:10 - 00000000 ____D C:\Users\Zak\AppData\Local\Google
2013-07-26 00:13 - 2013-07-26 00:10 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 00:10 - 2013-07-26 00:10 - 00784848 _____ (Google Inc.) C:\Users\Zak\Downloads\ChromeSetup.exe
2013-07-26 00:10 - 2013-07-26 00:10 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-26 00:10 - 2013-07-26 00:10 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-24 00:31 - 2013-07-24 00:04 - 126344891 _____ C:\Users\Zak\Downloads\media (43).m4v.1qfc5tx.partial
2013-07-23 00:48 - 2013-07-22 22:05 - 00074016 _____ C:\Users\Zak\Documents\ZAK2013.TAX
2013-07-23 00:40 - 2013-07-22 22:05 - 00073200 _____ C:\Users\Zak\Documents\ZAK2013.BAK
2013-07-22 21:00 - 2013-07-22 21:00 - 00001921 _____ C:\Users\Zak\Desktop\e-tax 2013.lnk
2013-07-22 21:00 - 2013-07-22 21:00 - 00000000 ____D C:\Users\Zak\AppData\Local\etax2013
2013-07-22 21:00 - 2013-07-22 21:00 - 00000000 ____D C:\Program Files (x86)\etax2013
2013-07-22 21:00 - 2013-04-13 06:37 - 00000000 ____D C:\Users\Zak\AppData\Local\VirtualStore
2013-07-22 20:58 - 2013-07-22 20:57 - 09672192 _____ C:\Users\Zak\Downloads\etax2013_1.msi
2013-07-22 10:09 - 2013-07-22 10:09 - 00004316 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-22 10:08 - 2013-07-22 03:14 - 00001870 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-22 10:08 - 2013-07-22 03:14 - 00001870 _____ C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2013-07-22 10:08 - 2013-04-21 00:30 - 00000000 ___RD C:\Users\Zak\Dropbox
2013-07-22 10:08 - 2013-04-20 21:55 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Dropbox
2013-07-22 10:07 - 2013-07-22 10:07 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-22 10:06 - 2013-07-22 10:06 - 00000000 ____D C:\Users\Zak\AppData\Roaming\LavasoftStatistics
2013-07-22 10:06 - 2013-04-13 02:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-22 03:15 - 2013-07-22 03:13 - 00000000 ____D C:\Users\Zak\AppData\Local\adawarebp
2013-07-22 03:14 - 2013-07-22 03:14 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-22 03:13 - 2013-07-22 03:13 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-22 03:13 - 2013-07-22 03:13 - 00000000 ____D C:\ProgramData\blekko toolbars
2013-07-22 03:13 - 2013-07-22 03:13 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-22 03:13 - 2013-07-22 03:13 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-22 03:13 - 2013-07-22 03:13 - 00000000 ____D C:\Program Files (x86)\adawaretb
2013-07-22 03:13 - 2013-05-21 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-22 02:57 - 2013-07-22 02:57 - 00014456 _____ (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
2013-07-22 02:57 - 2013-07-22 02:50 - 05616264 _____ (Lavasoft Limited) C:\Users\Zak\Desktop\Adaware_Installer.exe
2013-07-16 01:30 - 2013-04-15 22:50 - 00001092 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-07-16 01:30 - 2013-04-15 22:50 - 00001092 _____ C:\ProgramData\Desktop\TeamViewer 8.lnk
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
TDL4: custom:26000022 <===== ATTENTION!
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-07-11 01:13:10
Restore point made on: 2013-07-22 20:59:58
Restore point made on: 2013-08-05 11:11:58
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 8139.86 MB
Available physical RAM: 7334.05 MB
Total Pagefile: 8138.06 MB
Available Pagefile: 7325 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:685.34 GB) (Free:486.74 GB) NTFS (Disk=0 Partition=3)
Drive e: () (Removable) (Total:1.89 GB) (Free:1.89 GB) FAT (Disk=1 Partition=1)
Drive f: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:4.8 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive f: detected.
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: CB67D5AF)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=685 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 61910101)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
 
 
LastRegBack: 2013-08-02 06:00
 
==================== End Of Log ============================
 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:01 AM

Posted 13 August 2013 - 03:37 AM


Hello PacharyZaxman

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 PacharyZaxman

PacharyZaxman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 13 August 2013 - 05:26 AM

Hi Gringo,

 

First of all thanks so much for the quick reply.. You are an absolute legend. I did what you told me and ran the computer normally. The computer is booting and seems to be working normally :D Here is the next log, let me know how to proceed:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-08-2013 02

Ran by SYSTEM at 2013-08-14 06:08:51 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
 
 
The operation completed successfully.
The operation completed successfully.
 
=========  bootrec /FixMbr =========
 
??T h e   o p e r a t i o n   c o m p l e t e d   s u c c e s s f u l l y . 
 
========= End of CMD: =========
 
 
==== End of Fixlog ====

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:01 AM

Posted 13 August 2013 - 06:53 AM



Hello PacharyZaxman

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:01 AM

Posted 20 August 2013 - 10:21 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users