Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 crash, ran FRST64, need FIXLIST.TXT


  • This topic is locked This topic is locked
4 replies to this topic

#1 dimepiecenerd

dimepiecenerd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:San Diego, CA
  • Local time:05:30 PM

Posted 22 January 2014 - 01:23 PM

My Computer Specs:
- Windows 7 Professional, 64-bit
- HP Pavilion dv6 Notebook PC
- Intel® Core™ i3-2310M CPU 2.10GHz
- Memory 6GB

1) Microsoft Security Essentials detected Trojan Alureon virus.
 
2) Used Windows Defender Offline via USB drive to remove the virus. (I ran the Defender again to check for virus, no virus detected/complete removal)

2) Now computer won't start up, I get BSOD repeatedly

3) I ran FRST64, saved FRST.txt log (pasted & attached)

 

I tried Safe Mode with Networking (didn't work), Startup Repair (didn't work), System Restore (didn't work), and I don't have a restore CD
 
Thanks for all your help, I really hope my PC starts working again.
 
- dimepiecenerd from San Diego, CA
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 01
Ran by SYSTEM on MININT-79DIUOG on 22-01-2014 09:53:43
Running from H:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2316464 2013-10-10] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Nick\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\Nick\...\Run: [Browser Infrastructure Helper] - C:\Users\Nick\AppData\Local\Smartbar\Application\QuickShare.exe [20248 2013-09-14] (Smartbar)
Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater17.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.0\ToolbarUpdater.exe [1643696 2013-10-10] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-10-10] (AVG Technologies)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-22 09:53 - 2014-01-22 09:53 - 00000000 ____D C:\FRST
2014-01-22 09:38 - 2014-01-22 09:38 - 00000000 ___HD C:\_Exception1
2014-01-22 00:30 - 2012-04-05 12:36 - 00024524 _____ C:\Users\Nick\Documents\RESUME.tif
2014-01-22 00:14 - 2014-01-22 09:17 - 00000000 ____D C:\Windows\Microsoft Antimalware
2014-01-21 16:32 - 2014-01-22 02:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-20 21:25 - 2014-01-21 12:26 - 00000000 ____D C:\ProgramData\Validity
2014-01-20 21:25 - 2014-01-20 21:25 - 00000000 ____D C:\Program Files\Validity Sensors
2014-01-20 21:22 - 2014-01-21 16:14 - 00000000 ____D C:\Windows\System32\MRT
2014-01-14 00:52 - 2014-01-14 00:52 - 00000000 ____D C:\ProgramData\McAfee
2014-01-14 00:41 - 2014-01-14 00:42 - 00000000 ___HD C:\$WINDOWS.~BT
2014-01-14 00:31 - 2014-01-14 00:31 - 00000000 ____D C:\Users\Nick\AppData\Local\Microsoft Corporation
2014-01-13 23:05 - 2014-01-13 23:05 - 00003120 _____ C:\Windows\CHOUNKDJ.ocx
2014-01-13 23:05 - 2014-01-13 23:05 - 00000000 ____D C:\ProgramData\Editor Software
2014-01-13 23:05 - 2014-01-13 23:05 - 00000000 ____D C:\Program Files (x86)\Editor Software
2014-01-13 21:52 - 2014-01-13 21:52 - 00029184 _____ C:\Users\Nick\Downloads\kdp-report-12-2013.xls
2014-01-07 04:14 - 2014-01-07 04:14 - 00262144 _____ C:\Windows\Minidump\010714-46254-01.dmp
2014-01-06 21:12 - 2014-01-06 21:12 - 00262144 _____ C:\Windows\Minidump\010614-42479-01.dmp
2014-01-05 13:10 - 2014-01-05 13:10 - 00262144 _____ C:\Windows\Minidump\010514-43056-01.dmp
2014-01-04 17:06 - 2014-01-04 17:06 - 00262144 _____ C:\Windows\Minidump\010414-40029-01.dmp
2014-01-03 23:02 - 2014-01-03 23:02 - 00262144 _____ C:\Windows\Minidump\010314-37284-01.dmp
2014-01-03 16:26 - 2014-01-03 16:27 - 00262144 _____ C:\Windows\Minidump\010314-39717-01.dmp
2014-01-01 17:29 - 2014-01-01 17:29 - 00262144 _____ C:\Windows\Minidump\010114-31340-01.dmp
2014-01-01 17:26 - 2014-01-01 17:26 - 00262144 _____ C:\Windows\Minidump\010114-32682-01.dmp
2014-01-01 13:50 - 2014-01-01 13:50 - 00262144 _____ C:\Windows\Minidump\010114-33524-01.dmp
2014-01-01 13:35 - 2014-01-01 13:36 - 00262144 _____ C:\Windows\Minidump\010114-35615-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-01-22 09:53 - 2014-01-22 09:53 - 00000000 ____D C:\FRST
2014-01-22 09:38 - 2014-01-22 09:38 - 00000000 ___HD C:\_Exception1
2014-01-22 09:17 - 2014-01-22 00:14 - 00000000 ____D C:\Windows\Microsoft Antimalware
2014-01-22 02:59 - 2013-10-10 14:32 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2014-01-22 02:59 - 2013-10-10 13:49 - 00000000 ____D C:\Users\Nick\AppData\Roaming\AVG2014
2014-01-22 02:59 - 2013-10-10 13:48 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2014-01-22 02:59 - 2013-10-10 13:46 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-22 02:59 - 2013-04-29 19:58 - 00000000 ____D C:\ProgramData\MFAData
2014-01-22 02:59 - 2013-04-29 19:35 - 00000000 ____D C:\Windows\Minidump
2014-01-22 02:59 - 2013-04-29 19:30 - 00000000 ____D C:\Program Files\WinRAR
2014-01-22 02:59 - 2013-04-29 18:33 - 00000000 ____D C:\users\Nick
2014-01-22 02:59 - 2010-11-20 23:16 - 00000000 ____D C:\Windows\ShellNew
2014-01-22 02:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2014-01-22 02:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-22 02:58 - 2014-01-21 16:32 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-22 02:58 - 2013-11-17 05:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-22 02:58 - 2013-11-13 13:29 - 00000000 ____D C:\Program Files\Adobe
2014-01-22 02:58 - 2013-10-10 14:33 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-22 02:58 - 2013-10-10 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2014-01-22 02:58 - 2013-10-10 13:47 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-22 02:58 - 2013-10-07 00:38 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-22 02:58 - 2013-10-07 00:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-22 02:58 - 2013-04-29 20:40 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-22 02:58 - 2013-04-29 19:57 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2014-01-22 02:58 - 2013-04-29 19:31 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2014-01-22 02:58 - 2013-04-29 19:31 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2014-01-22 02:58 - 2013-04-29 19:30 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-22 02:58 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\WinBioDatabase
2014-01-22 02:58 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-22 02:58 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-22 02:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2014-01-22 02:53 - 2013-10-10 13:43 - 00000000 ____D C:\Users\Nick\AppData\Local\e-academy Inc
2014-01-22 02:53 - 2013-04-29 22:07 - 00000000 ____D C:\ProgramData\Adobe
2014-01-22 02:53 - 2013-04-29 19:31 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Foxit Software
2014-01-22 02:51 - 2013-10-10 14:10 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-22 02:47 - 2013-10-10 14:08 - 00000000 __RHD C:\MSOCache
2014-01-22 02:38 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2014-01-21 16:30 - 2013-08-13 00:54 - 00000000 ____D C:\Windows\System32\appmgmt
2014-01-21 16:14 - 2014-01-20 21:22 - 00000000 ____D C:\Windows\System32\MRT
2014-01-21 12:26 - 2014-01-20 21:25 - 00000000 ____D C:\ProgramData\Validity
2014-01-20 21:25 - 2014-01-20 21:25 - 00000000 ____D C:\Program Files\Validity Sensors
2014-01-15 13:13 - 2013-10-10 14:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-14 03:05 - 2013-04-29 18:33 - 00000000 ____D C:\Users\Nick\AppData\Local\VirtualStore
2014-01-14 01:37 - 2013-07-04 22:38 - 00111520 _____ C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-14 01:33 - 2013-07-28 21:40 - 00000000 ____D C:\Users\Nick\AppData\Local\CrashDumps
2014-01-14 01:20 - 2013-10-06 23:59 - 00000000 ____D C:\Users\Nick\AppData\Local\Adobe
2014-01-14 00:52 - 2014-01-14 00:52 - 00000000 ____D C:\ProgramData\McAfee
2014-01-14 00:42 - 2014-01-14 00:41 - 00000000 ___HD C:\$WINDOWS.~BT
2014-01-14 00:31 - 2014-01-14 00:31 - 00000000 ____D C:\Users\Nick\AppData\Local\Microsoft Corporation
2014-01-13 23:05 - 2014-01-13 23:05 - 00003120 _____ C:\Windows\CHOUNKDJ.ocx
2014-01-13 23:05 - 2014-01-13 23:05 - 00000000 ____D C:\ProgramData\Editor Software
2014-01-13 23:05 - 2014-01-13 23:05 - 00000000 ____D C:\Program Files (x86)\Editor Software
2014-01-13 21:52 - 2014-01-13 21:52 - 00029184 _____ C:\Users\Nick\Downloads\kdp-report-12-2013.xls
2014-01-08 02:26 - 2013-04-29 18:29 - 01081597 _____ C:\Windows\WindowsUpdate.log
2014-01-08 02:25 - 2013-04-30 10:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 02:25 - 2013-04-29 19:36 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Skype
2014-01-08 02:25 - 2013-04-29 19:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 22:41 - 2009-07-13 20:45 - 00020480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 22:41 - 2009-07-13 20:45 - 00020480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 22:33 - 2013-04-29 19:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 22:32 - 2013-04-29 19:35 - 466743909 _____ C:\Windows\MEMORY.DMP
2014-01-07 22:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 22:32 - 2009-07-13 20:51 - 00039884 _____ C:\Windows\setupact.log
2014-01-07 04:14 - 2014-01-07 04:14 - 00262144 _____ C:\Windows\Minidump\010714-46254-01.dmp
2014-01-06 21:12 - 2014-01-06 21:12 - 00262144 _____ C:\Windows\Minidump\010614-42479-01.dmp
2014-01-05 13:10 - 2014-01-05 13:10 - 00262144 _____ C:\Windows\Minidump\010514-43056-01.dmp
2014-01-04 17:06 - 2014-01-04 17:06 - 00262144 _____ C:\Windows\Minidump\010414-40029-01.dmp
2014-01-03 23:02 - 2014-01-03 23:02 - 00262144 _____ C:\Windows\Minidump\010314-37284-01.dmp
2014-01-03 16:27 - 2014-01-03 16:26 - 00262144 _____ C:\Windows\Minidump\010314-39717-01.dmp
2014-01-01 17:29 - 2014-01-01 17:29 - 00262144 _____ C:\Windows\Minidump\010114-31340-01.dmp
2014-01-01 17:26 - 2014-01-01 17:26 - 00262144 _____ C:\Windows\Minidump\010114-32682-01.dmp
2014-01-01 13:50 - 2014-01-01 13:50 - 00262144 _____ C:\Windows\Minidump\010114-33524-01.dmp
2014-01-01 13:36 - 2014-01-01 13:35 - 00262144 _____ C:\Windows\Minidump\010114-35615-01.dmp
2013-12-28 01:46 - 2013-10-10 12:12 - 00000000 ____D C:\Users\Nick\AppData\Local\Smartbar
 
Some content of TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\9-qtzrqu.dll
C:\Users\Nick\AppData\Local\Temp\AVG-Safeguard.exe
C:\Users\Nick\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Nick\AppData\Local\Temp\ez2ybe4g.dll
C:\Users\Nick\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Nick\AppData\Local\Temp\ogie3yms.dll
C:\Users\Nick\AppData\Local\Temp\oi_{3AF06DB6-9A5D-4979-A944-BAE18F6040C1}.exe
C:\Users\Nick\AppData\Local\Temp\oi_{E4D3C5D6-48FF-49AF-B1EE-3414710B3F04}.exe
C:\Users\Nick\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Nick\AppData\Local\Temp\t-va0gky.dll
C:\Users\Nick\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Nick\AppData\Local\Temp\ur9z4mtq.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
TDL4: custom:26000022 <===== ATTENTION!
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-01-08 02:26:21
Restore point made on: 2014-01-13 23:04:50
Restore point made on: 2014-01-14 00:30:54
Restore point made on: 2014-01-14 00:40:46
Restore point made on: 2014-01-14 00:48:19
Restore point made on: 2014-01-14 00:50:14
Restore point made on: 2014-01-14 00:51:01
Restore point made on: 2014-01-14 01:12:45
Restore point made on: 2014-01-14 01:30:31
Restore point made on: 2014-01-15 13:12:24
Restore point made on: 2014-01-20 21:21:40
Restore point made on: 2014-01-21 16:26:48
Restore point made on: 2014-01-21 16:28:25
Restore point made on: 2014-01-21 16:30:40
Restore point made on: 2014-01-22 00:02:02
Restore point made on: 2014-01-22 00:06:05
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 6091.86 MB
Available physical RAM: 5280.6 MB
Total Pagefile: 6090.06 MB
Available Pagefile: 5378.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:451.22 GB) (Free:382.76 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:14.24 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: (WDO_MEDIA64) (Removable) (Total:0.48 GB) (Free:0.22 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected.
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1A3F0DFB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 495 MB) (Disk ID: B6648BBF)
Partition 1: (Active) - (Size=495 MB) - (Type=0B)
 
 
LastRegBack: 2014-01-20 02:24
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   17.19KB   0 downloads

Edited by dimepiecenerd, 22 January 2014 - 03:32 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:30 PM

Posted 22 January 2014 - 08:21 PM

Hello dimepiecenerd,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Nick\...\Run: [Browser Infrastructure Helper] - C:\Users\Nick\AppData\Local\Smartbar\Application\QuickShare.exe [20248 2013-09-14] (Smartbar)
C:\Users\Nick\AppData\Local\Smartbar
C:\Users\Nick\AppData\Local\Temp\9-qtzrqu.dll
C:\Users\Nick\AppData\Local\Temp\AVG-Safeguard.exe
C:\Users\Nick\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Nick\AppData\Local\Temp\ez2ybe4g.dll
C:\Users\Nick\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Nick\AppData\Local\Temp\ogie3yms.dll
C:\Users\Nick\AppData\Local\Temp\oi_{3AF06DB6-9A5D-4979-A944-BAE18F6040C1}.exe
C:\Users\Nick\AppData\Local\Temp\oi_{E4D3C5D6-48FF-49AF-B1EE-3414710B3F04}.exe
C:\Users\Nick\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\Nick\AppData\Local\Temp\t-va0gky.dll
C:\Users\Nick\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Nick\AppData\Local\Temp\ur9z4mtq.dll
TDL4: custom:26000022 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Will your computer boot now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 dimepiecenerd

dimepiecenerd
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:San Diego, CA
  • Local time:05:30 PM

Posted 23 January 2014 - 11:28 AM

I ended up running a different fixlist I got from another site:

TDL4: custom:26000022 <===== ATTENTION!

cmd: bootrec /FixMbr

 

And my PC rebooted!!!. I've attached the FIXLOG for this FIXLIST. Then I upgraded to windows 8 then windows 8.1. Took forever but it looks great.

AVG free 2014 and Windows Defender say there's no threats detected but is there another way/program on windows 8.1 that I can use to make sure the Trojan Alureon is completely gone?

Because when I was going to run another FRST scan, my USB drive with FRST.exe on it was alerted by AVG, which detected a Trojan/sinowel virus on the USB. AVG then removed the threat and deleted the FRST.exe program off the USB.

 

Is this a new virus or the same virus, just a leftover part of the original one that wasn't completely removed?

I got the FRST download directly from this site (seems trustworthy): 
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Should I redownload FRST from same site or different one to check my PC for any leftover "Trojan alureon/sinowel viruses"? It says FRST is for windows xp, vista,7, 8... Not 8.1?

Attached Files


Edited by dimepiecenerd, 23 January 2014 - 11:44 AM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:30 PM

Posted 23 January 2014 - 12:01 PM

I'm sorry but i can no longer help you. You are receiving help from another site an /or doing things on your own. This will compromise any instructions I give you.  


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:30 PM

Posted 26 January 2014 - 12:10 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users