Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 64bit Startup Repair loop Virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 parkhillmedia

parkhillmedia

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:10:56 AM

Posted 22 August 2013 - 02:53 PM

I have had this problem for a while now and have tried everything possible to fix it, but nothing works. I used about every boot disk imaginable and came up with nothing, yet the stupid pc keeps loading startup repair.

 

Tried the following:

  • avg boot disk (couldn't find drive to work on)
  • kaspersky boot (ran all night, found nothing)
  • ubcd boot (every boot tool does not load, I am thinking the virus or problem is doing this??)
  • f-secure (found nothing, probably can't even read the drive)

 

I have successfully used FRSTx64 to create a log. I am posting it here below.

 

I also was able to get into my drive using kaspersky boot disk, so I deleted everything in my Windows/Boot folder... that did nothing but delay the onset of the virus coming back and booting up "startup repair"... ugh!

 

Thanks in advance for any help!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013 01
Ran by SYSTEM on 16-08-2013 23:12:51
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [] -  [x]
HKU\Optimus\...\Run: [AdobeBridge] -  [x]
HKU\Optimus\...\Run: [Google Update] - C:\Users\Optimus\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-09] (Google Inc.)
Startup: C:\Users\Optimus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [246256 2010-05-14] (CyberLink)
S4 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [731840 2009-05-14] (ESET)
S2 GingerUpdateService; C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [276264 2013-07-30] (Ginger Software)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [36352 2012-11-19] ()

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-06-10] (BIOSTAR Group)
S1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-06-10] (BIOSTAR Group)
S1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2c64.sys [15408 2010-05-17] (BIOSTAR Group)
S1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2c64.sys [15408 2010-05-17] (BIOSTAR Group)
S2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [142776 2009-05-14] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134024 2009-05-14] (ESET)
S3 MEMSWEEP2; C:\Windows\system32\E8D5.tmp [6144 2011-05-12] (Sophos Plc)
S3 MEMSWEEP2; C:\Windows\system32\E8D5.tmp [6144 2011-05-12] (Sophos Plc)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-11-04] (Oracle Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 9A6E9363F7A5E5A06629D9DDC76EE6B5
C:\Windows\System32\DRIVERS\atikmpag.sys 957A4C13E1981B1701E600EF1E823C68
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 5B25D1A753CC3A3EDB909BB759AC1098
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asmthub3.sys E1E75921E9EB025009696D4837F531FB
C:\Windows\System32\DRIVERS\asmtxhci.sys B0CF9AB16006B61634D4F955345CA5D2
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\BIOS64.sys 00CADB1BC2D0030F0B2A1063618B6BD7
C:\Windows\system32\drivers\BIOS64.sys 00CADB1BC2D0030F0B2A1063618B6BD7
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BS_I2c64.sys 83601BBE5563D92C1FDB4E960D84DC77
C:\Windows\system32\drivers\BS_I2c64.sys 83601BBE5563D92C1FDB4E960D84DC77
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\eamon.sys 55851F4864F8AD6E98B02307ECA29DB4
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 62C96B617AC7C4C8A9C29D57A36AA874
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys C03463214D23B46B991F582821C8DF69
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B
C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\system32\E8D5.tmp F9CE67E9E0226079B59107B649851F96
C:\Windows\system32\E8D5.tmp F9CE67E9E0226079B59107B649851F96
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 33328FA8A580885AB0065BE6DB266E9F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys BC08F7F3C53CBEE68670ED1314E290FD
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys AFC12DFA4C7B089673AD67402CA19EDB
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901.sys 3B73C849B41FB20D77B0E553214061A5
C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\DRIVERS\VBoxDrv.sys B6437A7C60C817A0D7BEA1D994B01612
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 9E607F6240EADC4C0B3570F3E5E0358C
C:\Windows\System32\DRIVERS\VBoxNetFlt.sys 9F7BC6D33A3AA4AFF35C9DBD69C2BCA0
C:\Windows\System32\Drivers\VBoxUSB.sys 3CC7909465536D89551C2B5374A2F48A
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys 84B57B85A550476456EC5AB32FA99513
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-16 10:59 - 2013-08-16 10:59 - 00000000 ____D C:\Windows\System32\config\mybackup
2013-08-16 01:02 - 2013-08-16 01:02 - 00000000 __SHD C:\found.000
2013-08-15 10:37 - 2013-08-15 10:37 - 00000132 _____ C:\Users\Optimus\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-08-15 10:30 - 2013-08-15 10:30 - 00071016 _____ C:\Users\Optimus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-10 20:25 - 2013-08-10 20:25 - 00000000 _____ C:\Users\Optimus\Desktop\~PI3EC3.tmp
2013-08-10 20:22 - 2013-08-10 20:22 - 00000000 ____D C:\Users\Optimus\AppData\Local\{87D6E90E-7C9B-4879-B422-89AD414895A5}
2013-08-09 12:06 - 2013-08-09 12:09 - 00000362 _____ C:\Users\Optimus\Desktop\my keywords.txt
2013-08-08 22:31 - 2013-08-10 18:18 - 02711217 _____ C:\Users\Optimus\Documents\www.in-toronto-web-design.ca2.spy
2013-08-08 19:28 - 2013-08-09 11:13 - 00083968 _____ C:\Users\Optimus\Documents\plasma cutter.msam
2013-08-07 18:31 - 2013-08-07 18:31 - 00000000 ____D C:\Users\Optimus\Desktop\ofp_goty_upgrade_1_91
2013-08-07 18:21 - 2013-08-07 18:30 - 00869376 _____ C:\Users\Optimus\Documents\buy private jet.msam
2013-08-04 06:21 - 2013-08-04 06:21 - 00002949 _____ C:\Users\Public\Desktop\Ginger.lnk
2013-08-01 05:34 - 2013-08-01 05:50 - 00062976 _____ C:\Users\Optimus\Desktop\hockey Link Report July.xls
2013-08-01 05:33 - 2013-08-01 05:33 - 00027204 _____ C:\Users\Optimus\Desktop\ryrhockeywear.com.xlsx
2013-07-31 16:54 - 2013-07-31 16:55 - 00000040 _____ C:\Users\Optimus\Desktop\jason fag.txt
2013-07-31 08:41 - 2013-07-31 09:03 - 00048128 _____ C:\Users\Optimus\Documents\toronto web development company.msam
2013-07-30 17:59 - 2013-07-30 17:59 - 00000000 ____D C:\Users\Optimus\AppData\Local\{309E250F-FE43-4249-8EBC-199619FD96C9}
2013-07-28 13:16 - 2013-07-28 13:16 - 00000000 ____D C:\Program Files\Codemasters
2013-07-28 11:23 - 2013-07-28 11:23 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\MarketSamurai
2013-07-28 11:22 - 2013-07-28 11:22 - 00000931 _____ C:\Users\Public\Desktop\Market Samurai.lnk
2013-07-28 11:22 - 2013-07-28 11:22 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2013-07-26 15:57 - 2013-08-15 13:05 - 00014977 _____ C:\Windows\WindowsUpdate.log
2013-07-26 11:38 - 2012-09-05 18:27 - 00000029 _____ C:\Users\Optimus\Desktop\GROME Site Info.txt
2013-07-26 10:12 - 2013-08-01 18:19 - 00000000 ____D C:\Users\Optimus\Desktop\KEVINS PICS 4 DESIGNS
2013-07-26 10:10 - 2013-07-26 10:10 - 00000000 ____D C:\Users\Optimus\AppData\Local\{4AB1B0F7-F320-49F3-AD99-F8968D53546D}
2013-07-19 19:11 - 2013-07-19 19:11 - 00000956 _____ C:\Users\Optimus\Desktop\Start Tor Browser.lnk
2013-07-18 16:56 - 2013-07-18 17:00 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\MultiBit
2013-07-18 16:56 - 2013-07-18 16:56 - 00001817 _____ C:\Users\Public\Desktop\MultiBit 0.5.12.lnk
2013-07-18 16:56 - 2013-07-18 16:56 - 00000000 ____D C:\Program Files (x86)\MultiBit-0.5.12
2013-07-18 16:50 - 2013-07-18 16:50 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\poclbm
2013-07-18 15:30 - 2013-07-18 15:32 - 00000042 _____ C:\Users\Optimus\Desktop\silk pass.txt
2013-07-18 15:27 - 2013-07-18 15:27 - 27884121 _____ (Igor Pavlov) C:\Users\Optimus\Downloads\tor-browser-2.3.25-10_en-US.exe
2013-07-18 15:27 - 2013-06-23 18:50 - 00000000 ____D C:\Users\Optimus\Downloads\Tor Browser

==================== One Month Modified Files and Folders =======

2013-08-16 23:12 - 2013-08-16 23:12 - 00000000 ____D C:\FRST
2013-08-16 10:59 - 2013-08-16 10:59 - 00000000 ____D C:\Windows\System32\config\mybackup
2013-08-16 01:02 - 2013-08-16 01:02 - 00000000 __SHD C:\found.000
2013-08-15 13:05 - 2013-07-26 15:57 - 00014977 _____ C:\Windows\WindowsUpdate.log
2013-08-15 13:05 - 2011-08-26 15:57 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\vlc
2013-08-15 12:28 - 2011-12-09 15:42 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3985042329-3843279605-1482743816-1000UA.job
2013-08-15 12:10 - 2013-05-30 09:53 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-15 11:59 - 2011-07-13 17:55 - 00000000 ____D C:\ProcessExplorer
2013-08-15 10:37 - 2013-08-15 10:37 - 00000132 _____ C:\Users\Optimus\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-08-15 10:32 - 2013-06-06 17:35 - 00000132 _____ C:\Users\Optimus\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-08-15 10:30 - 2013-08-15 10:30 - 00071016 _____ C:\Users\Optimus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-15 09:28 - 2011-12-09 15:42 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3985042329-3843279605-1482743816-1000Core.job
2013-08-14 16:54 - 2013-03-13 16:42 - 00008161 _____ C:\Windows\System32\TeamViewer8_Hooks.log
2013-08-14 14:10 - 2013-05-30 09:53 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-13 09:25 - 2013-04-12 14:46 - 02306048 _____ C:\Users\Optimus\Documents\web design staten island.msam
2013-08-12 23:27 - 2013-04-23 17:40 - 00127025 _____ C:\Users\Optimus\.ranktracker.properties
2013-08-12 23:27 - 2013-04-23 17:32 - 00000000 ____D C:\Users\Optimus\.ranktracker
2013-08-12 23:27 - 2011-07-13 16:40 - 00000000 ____D C:\users\Optimus
2013-08-10 20:25 - 2013-08-10 20:25 - 00000000 _____ C:\Users\Optimus\Desktop\~PI3EC3.tmp
2013-08-10 20:22 - 2013-08-10 20:22 - 00000000 ____D C:\Users\Optimus\AppData\Local\{87D6E90E-7C9B-4879-B422-89AD414895A5}
2013-08-10 18:18 - 2013-08-08 22:31 - 02711217 _____ C:\Users\Optimus\Documents\www.in-toronto-web-design.ca2.spy
2013-08-10 18:18 - 2012-04-26 15:42 - 00222717 _____ C:\Users\Optimus\.spyglass.properties
2013-08-10 18:18 - 2012-04-26 15:41 - 00000000 ____D C:\Users\Optimus\.seospyglass
2013-08-09 12:27 - 2013-04-02 21:23 - 00002306 _____ C:\Users\Optimus\Desktop\Park Hill Media.lnk
2013-08-09 12:09 - 2013-08-09 12:06 - 00000362 _____ C:\Users\Optimus\Desktop\my keywords.txt
2013-08-09 11:13 - 2013-08-08 19:28 - 00083968 _____ C:\Users\Optimus\Documents\plasma cutter.msam
2013-08-07 18:31 - 2013-08-07 18:31 - 00000000 ____D C:\Users\Optimus\Desktop\ofp_goty_upgrade_1_91
2013-08-07 18:30 - 2013-08-07 18:21 - 00869376 _____ C:\Users\Optimus\Documents\buy private jet.msam
2013-08-04 06:21 - 2013-08-04 06:21 - 00002949 _____ C:\Users\Public\Desktop\Ginger.lnk
2013-08-04 06:21 - 2013-06-09 19:27 - 00037630 _____ C:\GingerSetupHelper.log
2013-08-04 06:21 - 2013-06-09 19:27 - 00008069 _____ C:\GingerSetup.log
2013-08-04 06:21 - 2012-02-06 10:26 - 00000000 ____D C:\Program Files (x86)\Ginger
2013-08-04 06:21 - 2011-07-13 16:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-01 18:19 - 2013-07-26 10:12 - 00000000 ____D C:\Users\Optimus\Desktop\KEVINS PICS 4 DESIGNS
2013-08-01 16:54 - 2013-07-07 12:08 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\Skype
2013-08-01 05:50 - 2013-08-01 05:34 - 00062976 _____ C:\Users\Optimus\Desktop\hockey Link Report July.xls
2013-08-01 05:33 - 2013-08-01 05:33 - 00027204 _____ C:\Users\Optimus\Desktop\ryrhockeywear.com.xlsx
2013-08-01 02:30 - 2011-12-09 15:42 - 00002380 _____ C:\Users\Optimus\Desktop\Google Chrome.lnk
2013-07-31 16:55 - 2013-07-31 16:54 - 00000040 _____ C:\Users\Optimus\Desktop\jason fag.txt
2013-07-31 09:03 - 2013-07-31 08:41 - 00048128 _____ C:\Users\Optimus\Documents\toronto web development company.msam
2013-07-30 18:10 - 2012-10-05 13:31 - 00001456 _____ C:\Users\Optimus\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-07-30 18:06 - 2012-10-03 17:26 - 00000132 _____ C:\Users\Optimus\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-07-30 17:59 - 2013-07-30 17:59 - 00000000 ____D C:\Users\Optimus\AppData\Local\{309E250F-FE43-4249-8EBC-199619FD96C9}
2013-07-30 15:26 - 2009-07-13 20:45 - 00016192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 15:26 - 2009-07-13 20:45 - 00016192 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 15:25 - 2009-07-13 21:13 - 00779266 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-30 15:20 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 13:16 - 2013-07-28 13:16 - 00000000 ____D C:\Program Files\Codemasters
2013-07-28 11:23 - 2013-07-28 11:23 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\MarketSamurai
2013-07-28 11:22 - 2013-07-28 11:22 - 00000931 _____ C:\Users\Public\Desktop\Market Samurai.lnk
2013-07-28 11:22 - 2013-07-28 11:22 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2013-07-26 11:25 - 2011-08-14 08:31 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\Notepad++
2013-07-26 10:34 - 2011-07-19 09:24 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\Adobe
2013-07-26 10:10 - 2013-07-26 10:10 - 00000000 ____D C:\Users\Optimus\AppData\Local\{4AB1B0F7-F320-49F3-AD99-F8968D53546D}
2013-07-26 10:06 - 2013-04-07 11:48 - 00080594 _____ C:\Users\Optimus\Desktop\park-hill-media-web-design-experts.psd
2013-07-26 10:04 - 2012-09-29 20:09 - 00000000 ____D C:\Users\Optimus\Documents\Adobe
2013-07-21 17:05 - 2011-09-22 21:57 - 00000000 ____D C:\Program Files (x86)\ContentComposer
2013-07-19 19:11 - 2013-07-19 19:11 - 00000956 _____ C:\Users\Optimus\Desktop\Start Tor Browser.lnk
2013-07-18 17:00 - 2013-07-18 16:56 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\MultiBit
2013-07-18 16:56 - 2013-07-18 16:56 - 00001817 _____ C:\Users\Public\Desktop\MultiBit 0.5.12.lnk
2013-07-18 16:56 - 2013-07-18 16:56 - 00000000 ____D C:\Program Files (x86)\MultiBit-0.5.12
2013-07-18 16:50 - 2013-07-18 16:50 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\poclbm
2013-07-18 15:32 - 2013-07-18 15:30 - 00000042 _____ C:\Users\Optimus\Desktop\silk pass.txt
2013-07-18 15:27 - 2013-07-18 15:27 - 27884121 _____ (Igor Pavlov) C:\Users\Optimus\Downloads\tor-browser-2.3.25-10_en-US.exe
2013-07-17 07:29 - 2012-07-03 08:47 - 00021671 _____ C:\Users\Optimus\Desktop\all scrap only.txt
2013-07-17 06:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-17 06:39 - 2013-06-11 16:50 - 00000136 _____ C:\Users\Optimus\Desktop\busy people.txt
2013-07-17 05:41 - 2011-08-20 07:28 - 00000000 ____D C:\Users\Optimus\AppData\Roaming\FileZilla

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2011-07-13 23:03] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 0EE9B1D29838DA994797214CDC00CD19

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {4e7cefba-ae36-11e0-a71f-929b55672796}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4e7cefba-ae36-11e0-a71f-929b55672796}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\4e7cefbc-ae36-11e0-a71f-929b55672796\Winre.wim,{4e7cefbd-ae36-11e0-a71f-929b55672796}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\4e7cefbc-ae36-11e0-a71f-929b55672796\Winre.wim,{4e7cefbd-ae36-11e0-a71f-929b55672796}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {4e7cefba-ae36-11e0-a71f-929b55672796}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {4e7cefbd-ae36-11e0-a71f-929b55672796}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\4e7cefbc-ae36-11e0-a71f-929b55672796\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8191.3 MB
Available physical RAM: 7389.91 MB
Total Pagefile: 8189.45 MB
Available Pagefile: 7383.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:15.26 GB) NTFS
Drive f: (PATRIOT) (Removable) (Total:7.46 GB) (Free:3.46 GB) FAT32
Drive g: (TRAVELDRIVE) (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 70BC678A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 492 MB) (Disk ID: 23EE84A1)
Partition 1: (Active) - (Size=492 MB) - (Type=0B)


LastRegBack: 2013-08-16 03:34

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   34.04KB   1 downloads

Edited by Noviciate, 22 August 2013 - 03:09 PM.
Log added from attachment.


BC AdBot (Login to Remove)

 


#2 parkhillmedia

parkhillmedia
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:10:56 AM

Posted 22 August 2013 - 06:27 PM

I am still working on this problem, but was wondering how well I could clean off this drive if I took it out and hooked it up to my good PC to do a real scan from within windows. It is indeed an option for me, but I wasn't sure if doing so would fix the problem. So before bothering with hardware extraction and that extensive work (leaving my only other good PC busy and unable to work on), I wanted to ask people who know their stuff. :D



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 AM

Posted 27 August 2013 - 02:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505280 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 parkhillmedia

parkhillmedia
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:10:56 AM

Posted 27 August 2013 - 03:11 PM

  • I believe I can elaborate below.
  • I can't get into the OS, so I can't run that dds thing.
    • Windows 7 Home Premium 64-bit SP1
    • AMD Phenom II x4 955
    • 8 gigs of ddr3 ram
    • WD 500 gig HD
  • I do have my original Windows CD/DVD available.
  • Thanks!


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:56 PM

Posted 28 August 2013 - 03:43 AM

Hello, my name is Elise and I'll assist you with this issue.

 

Your FRST log shows you have two disks connected with a windows installation, one with Windows 7 and one with a Windows XP MBR. Can you confirm the latter (do you have a disk connected that has/had XP installed)?

 

It looks like you ran a disk check, do you remember if any bad sectors were found?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 parkhillmedia

parkhillmedia
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:10:56 AM

Posted 28 August 2013 - 06:14 AM

Hello and thank you Elise!

 

No installation of XP was ever done. Only windows 7. Never had one either.

 

no bad sectors were found when I scanned with chkdisk.



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:56 PM

Posted 28 August 2013 - 06:15 AM

When you start the computer and select instead of Startup Repair, Start Windows Normally, what happens?

Have you tried booting in safe mode?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 parkhillmedia

parkhillmedia
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:10:56 AM

Posted 28 August 2013 - 01:09 PM

If I don't use startup repair, it just loops back to restarting then going into that question again.

 

I have not been able to get into safe mode, no. :(



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:56 PM

Posted 28 August 2013 - 02:56 PM

Have you tried all 3 different safe modes as well as Last Known Good Configuration?

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    advancedoptions.png
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    bsod_c.jpg
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 parkhillmedia

parkhillmedia
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:10:56 AM

Posted 28 August 2013 - 03:27 PM

Upon pressing f8, I am presented with the screen that you have shown. No matter what I choose, whether it be safe mode or disable automatic restart on system failure, the next thing that happens:

 

There is a loading bar and "winsows is loading files"

 

Then it goes right to "system recovery options"

 

No matter what I do, this stupid loop begins, so I know it has to be some sort of virus.

 

Any thoughts?



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:56 PM

Posted 29 August 2013 - 02:29 AM

Actually thats no indication of malware being involved at all. :) The FRST log shows no malware either. What makes you think this is malware-related, did the computer exhibit any symptoms of being infected before this problem started?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 parkhillmedia

parkhillmedia
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:10:56 AM

Posted 29 August 2013 - 02:18 PM

My belief was that it was a virus because I left my house in the care of one of my friends for a week and when I returned, there were bootleg games installed. This started shortly after I deleted them from the system using revo uninstaller.

 

Before it happened the computer was slow, I restarted then this began. Is there any other way that I can tell what is the matter? There is valuable company data on that PC that I do not want to lose.



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:56 PM

Posted 29 August 2013 - 02:24 PM

Have you tried System Restore? It is possible that Revo uninstaller removed something important.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 parkhillmedia

parkhillmedia
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:10:56 AM

Posted 29 August 2013 - 03:45 PM

I have no restore points at all. I turn it off for better performance and less wear on the HD. I did try my windows disk which found nothing after an all night repair attempt.

 

Quite screwed am I, huh? :(


Edited by parkhillmedia, 29 August 2013 - 03:46 PM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:56 PM

Posted 30 August 2013 - 02:12 AM

 

so I deleted everything in my Windows/Boot folder

 

 

Yes, that was not the best idea. :)

 

I recommend you to backup important data and reinstall Windows. This is not malware but a case of Windows corruption that prevents it from starting. Without knowing exactly what was deleted it is impossible to even attempt a restore.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users