Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD preventing start up after running Malwarebytes


  • This topic is locked This topic is locked
25 replies to this topic

#1 black777

black777

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:46 AM

Posted 16 August 2013 - 06:58 AM

Hi

 

Problems began a week ago when the computer suddenly started running slowly, particularly during start-up and often prevented the use of applications or programs. I ran ScanDisk and Defrag but this only temporarily fixed the problem. Next, I ran Malwarebytes and it found approx 25 issues. It requested that I reboot to fix everything but after rebooting, BSOD appeared and windows wouldn't start up, even when start up repair was attempted.

 

The computer is running windows 7 64-bit, approx 2 years old and doesn't have a CD/DVD drive. 

 

Please help! I don't know what to do next..

 

 

Thanks


Edited by black777, 16 August 2013 - 07:04 AM.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:46 PM

Posted 16 August 2013 - 07:11 AM

This topic reported and will be respond soon.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 black777

black777
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:46 AM

Posted 23 August 2013 - 05:13 AM

Hello? Are you still there?



#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:46 AM

Posted 25 August 2013 - 11:10 AM

Hi black777,

:welcome: to BleepingComputer.
We sincerely apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Do you still need help? If so, continue to follow these instructions:
 

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.
  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.
  • In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.

    Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.


    FRST
    • Please download Farbar Recovery Scan Tool and save it to a flash drive.

      Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

      Plug the flashdrive into the infected PC.
      :spacer:
    • Enter System Recovery Options.

      To enter System Recovery Options from the Advanced Boot Options:
      • Restart the computer.
      • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
      • Use the arrow keys to select the Repair your computer menu item.
      • Select US as the keyboard language settings, and then click Next.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account an click Next.
      Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
      To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



      To enter System Recovery Options by using Windows installation disc:
      • Insert the installation disc.
      • Restart your computer.
      • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
      • Click Repair your computer.
      • Select US as the keyboard language settings, and then click Next.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
    • On the System Recovery Options menu you will get the following options:
      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


      Select Command Prompt
      :spacer:
    • Once in the Command Prompt:
      • In the command window type in notepad and press Enter.
      • The notepad opens. Under File menu select Open.
      • Select "Computer" and find your flash drive letter and close the notepad.
      • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
        Note: Replace letter e with the drive letter of your flash drive.
      • The tool will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Edited by jntkwx, 25 August 2013 - 11:11 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 25 August 2013 - 11:40 AM

Ignore this post.


Edited by jntkwx, 25 August 2013 - 11:40 AM.


#6 black777

black777
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:46 AM

Posted 25 August 2013 - 05:27 PM

Hi Jason

 

Thanks for getting back to me.

 

Here is the requested scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02
Ran by SYSTEM on 26-08-2013 10:21:37
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804520 2011-06-30] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [98088 2011-06-30] (Synaptics Incorporated)
HKLM\...\Run: [LiveUpdate] - C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-10] (AsusTek Computer Inc.)
HKLM\...\Run: [Eee Docking] - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [461488 2011-01-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-18] (Realtek Semiconductor)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-03] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HotkeyMon] - AsusSender.exe C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [x]
HKLM-x32\...\Run: [HotkeyService] - AsusSender.exe C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [x]
HKLM-x32\...\Run: [SuperHybridEngine] - AsusSender.exe C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [x]
HKLM-x32\...\Run: [CapsHook] - AsusSender.exe C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [x]
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-07-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [iSeriesCharge] - AsusSender.exe C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe [x]
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-30] (Apple Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [92096 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [797104 2011-01-26] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [92096 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [797104 2011-01-26] (AsusTek Computer Inc.)
Startup: C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-05-12] (Advanced Micro Devices, Inc.)
S2 AsusService; C:\windows\SysWOW64\AsusService.exe [224680 2011-03-03] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 JBoss - SASServer1; C:\Users\Daisy\Desktop\jboss-5.1.0.GA\service\wrapper.exe [204800 2013-01-24] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-03] (Malwarebytes Corporation)
S2 NetLogin Helper; C:\Program Files (x86)\NetLogin\NetLoginService.exe [64512 2011-01-12] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 SAS [AppDev-Lev1] Connect Spawner; "C:\Program Files\SASHome\x86\SASFoundation\9.3\spawner.exe" [x]
S2 SAS [AppDev-Lev1] FrameworkServer - SAS Framework Data Server; "C:\Program Files\SASHome\SASFrameworkDataServer\2.2\bin\tkesrv.exe" -name "SAS [AppDev-Lev1] FrameworkServer - SAS Framework Data Server" -set TKPATH "C:\Program Files\SASHome\SASFrameworkDataServer\2.2\bin" [x]
S2 SAS [AppDev-Lev1] Object Spawner; "C:\Program Files\SASHome\x86\SASFoundation\9.3\objspawn" -name "SAS [AppDev-Lev1] Object Spawner" [x]
S2 SAS [AppDev-Lev1] Remote Services; "C:\Program Files\SASHome\SASFoundationServices\9.3\wrapper.exe" -s C:\SAS\AppDev\Lev1\Web\Applications\RemoteServices\wrapper.conf [x]
S2 SAS [AppDev-Lev1] SASMeta - Metadata Server; "C:\Program Files\SASHome\x86\SASFoundation\9.3\sas.exe"  -config "C:\SAS\AppDev\Lev1\SASMeta\MetadataServer\sasv9.cfg" -servicename "SAS [AppDev-Lev1] SASMeta - Metadata Server" [x]
S2 SAS [AppDev-Lev1] Share Server; "C:\Program Files\SASHome\x86\SASFoundation\9.3\sas.exe"  -config "C:\SAS\AppDev\Lev1\ShareServer\sasv9.cfg" -servicename "SAS [AppDev-Lev1] Share Server" [x]

==================== Drivers (Whitelisted) ====================

S3 AiDriver; C:\Windows\System32\DRIVERS\AiDriver.sys [17152 2012-05-06] (ASUSTek Computer Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-06-27] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-06-27] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-16] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-16] ()
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-10] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-10] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-08-12] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130813.001\IDSvia64.sys [513184 2013-07-09] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130813.001\IDSvia64.sys [513184 2013-07-09] (Symantec Corporation)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130815.001\ENG64.SYS [126040 2013-08-12] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130815.001\ENG64.SYS [126040 2013-08-12] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130815.001\EX64.SYS [2098776 2013-08-12] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130815.001\EX64.SYS [2098776 2013-08-12] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S2 TMAgent;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-16 01:29 - 2013-08-16 01:33 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Daisy\Downloads\tdsskiller.exe
2013-08-16 01:08 - 2013-08-16 01:08 - 00000175 _____ C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-08-16 01:08 - 2013-08-16 01:08 - 00000175 _____ C:\Windows\System32\Drivers\aswSP.sys.sum
2013-08-16 01:08 - 2013-08-16 01:08 - 00000175 _____ C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-08-16 01:07 - 2013-08-16 01:08 - 01030952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-08-16 01:07 - 2013-08-16 01:08 - 00189936 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-08-16 01:07 - 2013-08-16 01:07 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-16 01:07 - 2013-08-16 01:07 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-16 01:07 - 2013-08-16 01:07 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-16 01:07 - 2013-05-09 00:59 - 00378432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-08-16 01:07 - 2013-05-09 00:59 - 00080816 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-08-16 01:07 - 2013-05-09 00:59 - 00072016 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-08-16 01:07 - 2013-05-09 00:59 - 00065336 _____ C:\Windows\System32\Drivers\aswRvrt.sys
2013-08-16 01:07 - 2013-05-09 00:59 - 00064288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-08-16 01:07 - 2013-05-09 00:59 - 00033400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-08-16 01:07 - 2013-05-09 00:58 - 00287840 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-08-16 01:06 - 2013-08-16 01:06 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-16 01:06 - 2013-05-09 00:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-16 01:04 - 2013-08-16 01:06 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-16 01:01 - 2013-08-16 01:03 - 117478104 _____ C:\Users\Daisy\Downloads\avast_free_antivirus_setup.exe
2013-08-16 00:56 - 2013-08-16 00:56 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Malwarebytes
2013-08-16 00:56 - 2013-08-16 00:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 00:56 - 2013-08-16 00:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-16 00:56 - 2013-04-03 18:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-08-16 00:55 - 2013-08-16 00:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Daisy\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-14 23:19 - 2013-08-14 23:20 - 00001156 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-14 19:52 - 2013-08-14 19:52 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 19:51 - 2013-08-14 19:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-14 19:51 - 2013-08-14 19:52 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 19:51 - 2013-08-14 19:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-14 19:51 - 2013-08-14 19:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 01:02 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 01:02 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 01:02 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 01:02 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 01:02 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 01:02 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 01:02 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 01:02 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 01:02 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 01:02 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 01:02 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 01:02 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 01:02 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 01:02 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 01:02 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 01:02 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 01:02 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 01:02 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 01:02 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 01:01 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 01:01 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 01:01 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 01:01 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 01:01 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 01:01 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 01:01 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 01:01 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 01:01 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 01:01 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 01:01 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 01:01 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-13 21:06 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-13 21:06 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-13 21:06 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-13 21:06 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-13 21:06 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 21:06 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 21:06 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 21:06 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 21:01 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-13 21:01 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 20:57 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-13 20:57 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 20:57 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-13 20:57 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-13 20:57 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-13 20:57 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-13 20:57 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 20:57 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 20:57 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 20:57 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 20:57 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 20:57 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 20:57 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 20:57 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 20:57 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 20:57 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 20:57 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-13 03:32 - 2013-08-14 00:47 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-13 03:31 - 2013-08-13 03:31 - 00784872 _____ (Google Inc.) C:\Users\Daisy\Downloads\ChromeSetup.exe
2013-08-12 13:08 - 2013-08-12 13:11 - 339880845 _____ C:\Users\Daisy\Downloads\A201307291401.LT319053-slides.m4v
2013-08-12 03:48 - 2013-08-13 01:50 - 00007669 _____ C:\Users\Daisy\AppData\Local\resmon.resmoncfg
2013-08-05 17:20 - 2013-08-05 17:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-01 03:08 - 2013-08-01 03:08 - 33733457 _____ C:\Users\Daisy\Desktop\Lecture3.swf

==================== One Month Modified Files and Folders =======

2013-08-16 01:36 - 2012-02-15 12:14 - 01585010 _____ C:\Windows\WindowsUpdate.log
2013-08-16 01:33 - 2013-08-16 01:29 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Daisy\Downloads\tdsskiller.exe
2013-08-16 01:10 - 2012-10-11 01:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-16 01:08 - 2013-08-16 01:08 - 00000175 _____ C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-08-16 01:08 - 2013-08-16 01:08 - 00000175 _____ C:\Windows\System32\Drivers\aswSP.sys.sum
2013-08-16 01:08 - 2013-08-16 01:08 - 00000175 _____ C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-08-16 01:08 - 2013-08-16 01:07 - 01030952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-08-16 01:08 - 2013-08-16 01:07 - 00189936 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-08-16 01:07 - 2013-08-16 01:07 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-16 01:07 - 2013-08-16 01:07 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-16 01:07 - 2013-08-16 01:07 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-16 01:06 - 2013-08-16 01:06 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-16 01:06 - 2013-08-16 01:04 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-16 01:03 - 2013-08-16 01:01 - 117478104 _____ C:\Users\Daisy\Downloads\avast_free_antivirus_setup.exe
2013-08-16 00:56 - 2013-08-16 00:56 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\Malwarebytes
2013-08-16 00:56 - 2013-08-16 00:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 00:56 - 2013-08-16 00:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-16 00:55 - 2013-08-16 00:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Daisy\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-15 22:04 - 2009-07-13 20:51 - 00118610 _____ C:\Windows\setupact.log
2013-08-15 21:59 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 21:56 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 21:45 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 03:09 - 2012-02-14 15:22 - 00076840 _____ C:\Users\Daisy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-15 03:01 - 2009-07-13 20:45 - 00390232 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-14 23:20 - 2013-08-14 23:19 - 00001156 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-08-14 23:20 - 2013-04-27 03:10 - 00001116 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-08-14 23:20 - 2012-08-31 04:05 - 00001613 _____ C:\Users\Daisy\Desktop\DivX Movies.lnk
2013-08-14 23:20 - 2012-02-17 00:54 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-14 23:20 - 2012-02-17 00:53 - 00000000 ____D C:\ProgramData\DivX
2013-08-14 23:18 - 2013-06-21 00:06 - 00000000 _____ C:\END
2013-08-14 23:06 - 2009-07-13 21:13 - 00804284 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-14 19:52 - 2013-08-14 19:52 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 19:52 - 2013-08-14 19:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-14 19:52 - 2013-08-14 19:51 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 19:52 - 2013-08-14 19:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-14 19:51 - 2013-08-14 19:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 03:25 - 2013-05-24 22:17 - 00000258 __RSH C:\Users\Daisy\ntuser.pol
2013-08-14 03:25 - 2012-02-14 15:22 - 00000000 ____D C:\users\Daisy
2013-08-14 00:52 - 2012-03-09 21:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 00:49 - 2013-07-21 02:42 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 00:49 - 2012-02-25 16:57 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 00:47 - 2013-08-13 03:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-13 14:26 - 2011-07-22 12:25 - 00967050 _____ C:\Windows\PFRO.log
2013-08-13 03:31 - 2013-08-13 03:31 - 00784872 _____ (Google Inc.) C:\Users\Daisy\Downloads\ChromeSetup.exe
2013-08-13 01:50 - 2013-08-12 03:48 - 00007669 _____ C:\Users\Daisy\AppData\Local\resmon.resmoncfg
2013-08-12 13:11 - 2013-08-12 13:08 - 339880845 _____ C:\Users\Daisy\Downloads\A201307291401.LT319053-slides.m4v
2013-08-12 12:58 - 2012-12-25 00:38 - 00000000 ____D C:\Users\Daisy\AppData\Roaming\NCH Software
2013-08-12 12:45 - 2012-02-14 21:56 - 00000000 ____D C:\Users\Daisy\AppData\Local\Google
2013-08-12 04:39 - 2013-01-24 00:30 - 00000000 ____D C:\Program Files\SASHome
2013-08-10 22:32 - 2012-10-11 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-08 10:58 - 2012-03-25 23:03 - 00000000 ____D C:\ProgramData\Norton
2013-08-08 10:58 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-08 10:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-05 17:20 - 2013-08-05 17:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-01 03:08 - 2013-08-01 03:08 - 33733457 _____ C:\Users\Daisy\Desktop\Lecture3.swf

Files to move or delete:
====================
C:\Users\Daisy\AppData\Local\Temp\CallSHBrowseForFolder.dll
C:\Users\Daisy\AppData\Local\Temp\DivXSetup.exe
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdate.exe8b6c0
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe29f814
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe33e292
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe5058974
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe894cf
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe953ba
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe96805
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe975c487
C:\Users\Daisy\AppData\Local\Temp\goopdate.dll8b71e
C:\Users\Daisy\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\mp3el.exe
C:\Users\Daisy\AppData\Local\Temp\switchsetup.exe
C:\Users\Daisy\AppData\Local\Temp\{78E2CAD7-4C38-43E8-850C-DC0284F074DE}\ISBEW64.exe
C:\Users\Daisy\AppData\Local\Temp\isp77C3.tmp\_Setup.dll

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-14 00:48:49
Restore point made on: 2013-08-16 01:05:54

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3692.39 MB
Available physical RAM: 3112.66 MB
Total Pagefile: 3690.54 MB
Available Pagefile: 3103.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:31.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.95 GB) NTFS
Drive e: (NIVIN'S MEM) (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1E24B49B)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-08-13 22:47

==================== End Of Log ============================



#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:46 AM

Posted 25 August 2013 - 06:02 PM

black777,

Please open notepad, and copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
 
Start
C:\Users\Daisy\AppData\Local\Temp\CallSHBrowseForFolder.dll
C:\Users\Daisy\AppData\Local\Temp\DivXSetup.exe
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdate.exe8b6c0
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe29f814
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe33e292
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe5058974
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe894cf
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe953ba
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe96805
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe975c487
C:\Users\Daisy\AppData\Local\Temp\goopdate.dll8b71e
C:\Users\Daisy\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\mp3el.exe
C:\Users\Daisy\AppData\Local\Temp\switchsetup.exe
C:\Users\Daisy\AppData\Local\Temp\{78E2CAD7-4C38-43E8-850C-DC0284F074DE}\ISBEW64.exe
C:\Users\Daisy\AppData\Local\Temp\isp77C3.tmp\_Setup.dll
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system.

Now please enter System Recovery Options and select "Command Prompt".
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 
Try to boot your computer normally, and let me know if you still get the BSOD. If you do, we'll need to diagnose your BSOD:
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    advancedoptions.png
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    bsod_c.jpg
Please post me the error(s).
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 black777

black777
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:46 AM

Posted 25 August 2013 - 06:25 PM

I'm still getting BSOD with error code: STOP: 0x0000007E (0xFFFFFFFFC0000005, 0xFFFFF880045D2E93, 0xFFFFF880009A8F98, 0xFFFFF880009A87F0)

 

fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2013 02
Ran by SYSTEM at 2013-08-26 11:12:35 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
C:\Users\Daisy\AppData\Local\Temp\CallSHBrowseForFolder.dll
C:\Users\Daisy\AppData\Local\Temp\DivXSetup.exe
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdate.exe8b6c0
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe29f814
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe33e292
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe5058974
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe894cf
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe953ba
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe96805
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe975c487
C:\Users\Daisy\AppData\Local\Temp\goopdate.dll8b71e
C:\Users\Daisy\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Daisy\AppData\Local\Temp\mp3el.exe
C:\Users\Daisy\AppData\Local\Temp\switchsetup.exe
C:\Users\Daisy\AppData\Local\Temp\{78E2CAD7-4C38-43E8-850C-DC0284F074DE}\ISBEW64.exe
C:\Users\Daisy\AppData\Local\Temp\isp77C3.tmp\_Setup.dll
End
*****************

C:\Users\Daisy\AppData\Local\Temp\CallSHBrowseForFolder.dll => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\DivXSetup.exe => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdate.exe8b6c0 => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe29f814 => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe33e292 => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe5058974 => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe894cf => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe953ba => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe96805 => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\GoogleUpdateSetup.exe975c487 => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\goopdate.dll8b71e => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\mp3el.exe => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\switchsetup.exe => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\{78E2CAD7-4C38-43E8-850C-DC0284F074DE}\ISBEW64.exe => Moved successfully.
C:\Users\Daisy\AppData\Local\Temp\isp77C3.tmp\_Setup.dll => Moved successfully.

==== End of Fixlog ====



#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:46 AM

Posted 26 August 2013 - 10:18 AM

Boot back into System Recovery Options, as we've done previously.
 
Take note of the Location drive letter as it probably will not be C: and the correct drive letter must be entered in the following steps; then click Next.
 
133829d1295795010t-sfc-scannow-run-comma
 
At the System Recovery Options dialog box click Command Prompt.
 
In the command window that opens type this command below and hit the <enter> key, be sure to use your drive letter, where mine is F: for this demonstration yours probably will not be the same.

sfc /scannow /offbootdir=f:\ /offwindir=f:\windows

 
You will get a blinking curser while it checks and attempts to repair any issues it may find, it could take quite a bit of time to complete.
 
To close the command window after the scan type exit and press the Enter key.
 
By the end, your scan may find errors to repair, and if it does it may take you running this command a couple separate times to completely repair any issues it finds so don't give up after just one attempt.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 black777

black777
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:46 AM

Posted 26 August 2013 - 09:25 PM

After typing the command above (using "c:" as indicated by location), it said "Beginning system scan. This process will take some time." Then after 15 min, it came back with "Windows Resource Protection could not perform the requested operation."

 

I attempted the scan 3 separate times but produced with the same result each time.



#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:46 AM

Posted 26 August 2013 - 09:31 PM

Try the same thing again, but first type in the command prompt window:

 

net start trustedinstaller

 

And press Enter.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 black777

black777
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:46 AM

Posted 26 August 2013 - 09:48 PM

It's still giving me the same response



#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:46 AM

Posted 26 August 2013 - 09:54 PM

Ok, still in the command prompt in System Recovery Options, type in:

 

C:

 

And press Enter (use the drive letter that corresponds to your hard drive that we used before).

 

Then type:

 

chkdsk /r

 

When prompted, type  Y  and press Enter to force a dismount of the volume.  Allow chkdsk to run. It may take a while. Please let me know if it finds and attempts to fix any errors.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 black777

black777
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:01:46 AM

Posted 27 August 2013 - 04:27 AM

While chkdsk was verifying files, it found 4 files with the following error "File record segment 12345 is unreadable" and it deleted a orphan file record segment.

 

Verifying indexes: "Correcting error in index $I30 for file 6450" then "Sorting index $I30 for file 6450", "Deleting index enrtry.... in index file 8757"

 

Scanning unindexed files: 28 unindexed files and 0 recovered

 

"Adding 2 bad clusters to Bad Clusters File
Correcting errors in the master file table's <MFT> DATA attribute.

Correcting errors in the Volume Bitmap.

Windows made corrections to the file system"

 

BSOD persists



#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:46 AM

Posted 27 August 2013 - 10:18 AM

Boot your computer again, and press F8 while it's booting.

 

Select Last Known Good Configuration

 

and see if you still get a BSOD.

 

Also try Safe Mode, and see if you still get the BSOD.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users