Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop stuck in System Recovery, problems with BackgroundContainer.dll


  • This topic is locked This topic is locked
4 replies to this topic

#1 aknightedpenguin

aknightedpenguin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 12 May 2014 - 05:31 AM

Hi, new to this forum, looking for help repairing a co-worker's laptop.

 

Nothing new installed recently, no particular change in use, started up this morning and froze. Ran system recovery and used FRST, log file attached below. The problematic file seems to be a leftover issue from removing Conduit malware, but I can't do the suggested fixes with Task Scheduler from inside system recovery options. Help?

 


HKU\User\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\User\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION

 

Thanks :)

 

Mod Edit:  Pasted FRST log data into post - Hamluis.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by SYSTEM on MININT-UUSPCK0 on 12-05-2014 18:23:12
Running from H:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [ClientAppLogon32] => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon] => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10358784 2011-11-14] (Intel Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2012-01-03] (Intel® Corporation)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2010-05-09] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Freecorder FLV Service] => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-10-26] (Sonic Solutions)
HKLM-x32\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-08-24] (Macrovision Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-08-24] (Macrovision Corporation)
HKLM-x32\...\Run: [Click&Scan iNSIGHT 20] => C:\Program Files (x86)\Scantron\Document Imaging\iNSIGHT_20\Click&Scan\KSSCFG.exe [192512 2008-06-12] (Scantron Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-11] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\User\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-11] (Google Inc.)
HKU\User\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-19] (Apple Inc.)
HKU\User\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\User\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\User\...\Run: [SDP] => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKU\User\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\User\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
HKU\User\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-28] (Macrovision Corporation)
HKU\User\...\Run: [FLV Player] => C:\Users\User\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-25] ()
HKU\User\...\Run: [Browser Infrastructure Helper] => C:\Users\User\AppData\Local\Smartbar\Application\Smartbar.exe [21024 2013-10-09] (Smartbar)
HKU\User\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\User\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll [490504 2014-04-10] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll [665096 2014-04-10] ()

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-11] (AVAST Software)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-03] ()
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S2 SafetyNutManager2; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3544072 2014-04-10] (Somoto LTD)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-23] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-11] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-11] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-11] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-11] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-11] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-11] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-11] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-12] (Huawei Technologies Co., Ltd.)
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\configmgrc1.cfg [36224 2014-04-10] (Somoto LTD)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-12] (Huawei Technologies Co., Ltd.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-06-05] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-06-05] (CACE Technologies, Inc.)
S3 prl_virtual_sound; C:\Windows\System32\DRIVERS\prl_virtual_sound.sys [46824 2013-08-26] (Parallels Holdings, Ltd. and its affiliates.)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-10-26] (Sonic Solutions)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-12 17:22 - 2014-05-12 18:23 - 00000000 ____D () C:\FRST
2014-05-12 00:28 - 2014-05-12 00:29 - 00000000 ____D () C:\Users\User\Desktop\New folder
2014-05-11 18:26 - 2014-05-11 18:25 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-05-11 18:25 - 2014-05-11 18:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-11 17:58 - 2014-05-12 00:50 - 00003364 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-05-06 01:52 - 2014-05-06 01:52 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-05-06 01:45 - 2014-04-13 18:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-06 01:45 - 2014-04-13 18:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-05 01:57 - 2014-04-29 06:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-05 01:56 - 2014-04-29 05:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-05 01:56 - 2014-04-29 04:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 01:56 - 2014-04-29 04:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-04 23:19 - 2014-05-04 23:19 - 00060416 _____ () C:\Users\User\Downloads\AA09.tmp
2014-04-23 23:08 - 2014-04-14 04:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-23 23:07 - 2014-04-14 04:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-23 23:07 - 2014-04-14 04:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-23 23:07 - 2014-04-14 04:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-23 23:06 - 2014-04-23 23:07 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-22 01:49 - 2014-03-06 00:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-04-22 01:49 - 2014-03-06 00:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-04-22 01:49 - 2014-03-06 00:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 01:49 - 2014-03-05 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 01:48 - 2014-03-06 01:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-04-22 01:48 - 2014-03-06 00:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-22 01:48 - 2014-03-06 00:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-04-22 01:48 - 2014-03-06 00:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-22 01:48 - 2014-03-06 00:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-22 01:48 - 2014-03-06 00:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-22 01:48 - 2014-03-06 00:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-04-22 01:48 - 2014-03-06 00:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-04-22 01:48 - 2014-03-06 00:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-04-22 01:48 - 2014-03-06 00:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-22 01:48 - 2014-03-06 00:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-22 01:48 - 2014-03-06 00:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-04-22 01:48 - 2014-03-06 00:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-22 01:48 - 2014-03-06 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 01:48 - 2014-03-06 00:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 01:48 - 2014-03-05 23:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-22 01:48 - 2014-03-05 23:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-22 01:48 - 2014-03-05 23:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 01:48 - 2014-03-05 23:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 01:48 - 2014-03-05 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 01:48 - 2014-03-05 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 01:48 - 2014-03-05 23:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-04-22 01:48 - 2014-03-05 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 01:48 - 2014-03-05 23:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 01:48 - 2014-03-05 23:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 01:48 - 2014-03-05 23:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-22 01:48 - 2014-03-05 23:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 01:48 - 2014-03-05 23:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-04-22 01:48 - 2014-03-05 23:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 01:48 - 2014-03-05 23:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 01:48 - 2014-03-05 22:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-22 01:48 - 2014-03-05 22:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 01:48 - 2014-03-05 22:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 01:48 - 2014-03-05 22:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 01:48 - 2014-03-05 22:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-22 01:48 - 2014-03-05 21:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-22 01:48 - 2014-03-05 21:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-04-22 01:48 - 2014-03-05 21:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 01:48 - 2014-03-05 21:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 01:48 - 2014-03-05 21:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-14 22:45 - 2014-04-14 22:45 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-04-14 22:45 - 2014-04-14 22:45 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-14 00:53 - 2014-04-14 00:54 - 00003106 _____ () C:\Windows\System32\Tasks\Google Pinyin Daemon
2014-04-13 19:16 - 2014-04-14 22:41 - 00001366 _____ () C:\ProgramData\hpzinstall.log
2014-04-13 19:15 - 2014-04-13 19:15 - 00000000 ____D () C:\ProgramData\HP

==================== One Month Modified Files and Folders =======

2014-05-12 18:23 - 2014-05-12 17:22 - 00000000 ____D () C:\FRST
2014-05-12 01:00 - 2009-07-13 20:45 - 00026096 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 01:00 - 2009-07-13 20:45 - 00026096 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 00:59 - 2014-02-25 17:15 - 00000000 ____D () C:\ProgramData\SafetyNut
2014-05-12 00:59 - 2009-07-13 21:13 - 00891638 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-12 00:56 - 2011-11-10 22:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeraCopy
2014-05-12 00:53 - 2012-02-06 05:22 - 00000440 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2014-05-12 00:52 - 2012-02-03 05:13 - 00000000 ___RD () C:\Users\User\Dropbox
2014-05-12 00:52 - 2012-01-24 19:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-05-12 00:50 - 2014-05-11 17:58 - 00003364 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-05-12 00:50 - 2011-11-25 07:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 00:50 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 00:49 - 2014-02-09 17:15 - 00017389 _____ () C:\Windows\setupact.log
2014-05-12 00:44 - 2013-04-08 22:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\NCH Software
2014-05-12 00:44 - 2013-04-08 22:04 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-12 00:43 - 2014-01-23 16:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-12 00:42 - 2011-11-10 21:52 - 00000000 ____D () C:\ProgramData\Google
2014-05-12 00:42 - 2011-11-10 21:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-12 00:29 - 2014-05-12 00:28 - 00000000 ____D () C:\Users\User\Desktop\New folder
2014-05-12 00:26 - 2012-04-04 01:43 - 14474240 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-05-12 00:07 - 2014-02-13 17:05 - 00171080 _____ () C:\Windows\PFRO.log
2014-05-11 23:40 - 2013-03-03 18:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 23:27 - 2012-01-30 05:56 - 01769584 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 23:08 - 2011-11-25 07:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 23:01 - 2011-11-11 23:04 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345033076-2612854191-1277975603-1000UA.job
2014-05-11 20:07 - 2011-11-10 21:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-05-11 18:26 - 2012-07-24 17:15 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-11 18:25 - 2014-05-11 18:26 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-05-11 18:25 - 2014-05-11 18:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-11 18:25 - 2014-01-08 00:05 - 00085328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2014-05-11 18:25 - 2013-03-03 17:27 - 00208416 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-05-11 18:25 - 2013-03-03 17:27 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-05-11 18:25 - 2012-02-25 02:04 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-05-11 18:25 - 2011-11-21 17:03 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-05-11 18:25 - 2011-11-21 17:03 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-05-11 18:25 - 2011-11-21 17:03 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-05-11 18:25 - 2011-11-21 17:03 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-05-11 18:01 - 2011-11-11 23:04 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345033076-2612854191-1277975603-1000Core.job
2014-05-11 17:02 - 2011-11-25 07:38 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-11 17:02 - 2011-11-25 07:38 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 17:56 - 2011-11-11 23:04 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3345033076-2612854191-1277975603-1000UA
2014-05-08 17:56 - 2011-11-11 23:04 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3345033076-2612854191-1277975603-1000Core
2014-05-06 01:52 - 2014-05-06 01:52 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-05-05 01:05 - 2012-04-18 21:19 - 00000000 ____D () C:\IOPS2009
2014-05-04 23:19 - 2014-05-04 23:19 - 00060416 _____ () C:\Users\User\Downloads\AA09.tmp
2014-05-02 17:36 - 2011-11-12 04:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\XNote Stopwatch
2014-04-29 18:06 - 2011-11-10 22:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-04-29 06:01 - 2014-05-05 01:57 - 23547904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-29 05:40 - 2014-05-05 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-29 04:48 - 2014-05-05 01:56 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 04:34 - 2014-05-05 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-23 23:08 - 2013-10-28 17:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-23 23:07 - 2014-04-23 23:06 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-23 23:07 - 2011-08-09 04:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-23 23:03 - 2012-05-22 00:11 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-23 23:03 - 2011-08-09 04:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-22 23:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-04-22 22:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-20 17:31 - 2013-02-13 22:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-20 17:31 - 2011-11-10 22:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-14 22:45 - 2014-04-14 22:45 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-04-14 22:45 - 2014-04-14 22:45 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-14 22:41 - 2014-04-13 19:16 - 00001366 _____ () C:\ProgramData\hpzinstall.log
2014-04-14 04:13 - 2014-04-23 23:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 04:05 - 2014-04-23 23:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 04:05 - 2014-04-23 23:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 04:04 - 2014-04-23 23:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 00:54 - 2014-04-14 00:53 - 00003106 _____ () C:\Windows\System32\Tasks\Google Pinyin Daemon
2014-04-14 00:53 - 2011-11-10 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Google
2014-04-13 19:15 - 2014-04-13 19:15 - 00000000 ____D () C:\ProgramData\HP
2014-04-13 18:24 - 2014-05-06 01:45 - 00465408 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-04-13 18:19 - 2014-05-06 01:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

Files to move or delete:
====================
C:\Users\User\ParallelsAccess-1.0.22731.929773.exe


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\User\AppData\Local\Temp\Delta.exe
C:\Users\User\AppData\Local\Temp\DeltaTB.exe
C:\Users\User\AppData\Local\Temp\Execute2App.exe
C:\Users\User\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\User\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\User\AppData\Local\Temp\msvcp90.dll
C:\Users\User\AppData\Local\Temp\msvcr90.dll
C:\Users\User\AppData\Local\Temp\MybabylonTB.exe
C:\Users\User\AppData\Local\Temp\nsj85BC.exe
C:\Users\User\AppData\Local\Temp\nsj89B3.exe
C:\Users\User\AppData\Local\Temp\nsjD98B.exe
C:\Users\User\AppData\Local\Temp\nsjDE1E.exe
C:\Users\User\AppData\Local\Temp\nso80FA.exe
C:\Users\User\AppData\Local\Temp\nsyE272.exe
C:\Users\User\AppData\Local\Temp\tbCon0.dll
C:\Users\User\AppData\Local\Temp\WSSetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 4011.86 MB
Available physical RAM: 3248.97 MB
Total Pagefile: 4010.06 MB
Available Pagefile: 3248.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:203.11 GB) (Free:109.69 GB) NTFS
Drive d: (DATA) (Fixed) (Total:250 GB) (Free:185.66 GB) NTFS
Drive f: (Recovery) (Fixed) (Total:12.55 GB) (Free:1.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4C58F0CA)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=203 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=250 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 980 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-05-08 20:02

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   29.89KB   3 downloads

Edited by hamluis, 12 May 2014 - 07:51 AM.
Removed quote box, moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 13 May 2014 - 02:33 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Fix with FRST (Recovery Environment)

 

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKU\User\...\Run: [Browser Infrastructure Helper] => C:\Users\User\AppData\Local\Smartbar\Application\Smartbar.exe [21024 2013-10-09] (Smartbar)
    HKU\User\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\User\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsemngr.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browsermngr.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
    IFEO\delta babylon.exe: [Debugger] tasklist.exe
    IFEO\delta tb.exe: [Debugger] tasklist.exe
    IFEO\delta2.exe: [Debugger] tasklist.exe
    IFEO\deltainstaller.exe: [Debugger] tasklist.exe
    IFEO\deltasetup.exe: [Debugger] tasklist.exe
    IFEO\deltatb.exe: [Debugger] tasklist.exe
    IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\iminentsetup.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
    HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll [490504 2014-04-10] ()
    HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll [665096 2014-04-10] ()
    
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
    S2 SafetyNutManager2; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3544072 2014-04-10] (Somoto LTD)
    S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\configmgrc1.cfg [36224 2014-04-10] (Somoto LTD)
    
    2014-05-11 17:58 - 2014-05-12 00:50 - 00003364 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
    C:\Users\User\ParallelsAccess-1.0.22731.929773.exe
    C:\Users\User\AppData\Local\Smartbar
    C:\Users\User\AppData\Local\Conduit
    C:\Program Files (x86)\MyPC Backup
    C:\Program Files (x86)\Movies Toolbar
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
     
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Try to boot into windows now.


Edited by TB-Psychotic, 13 May 2014 - 02:33 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 aknightedpenguin

aknightedpenguin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 13 May 2014 - 09:26 PM

Hi Marius, thanks for you assistance in this matter.

 

Apologies if I wasn't clear, the main problem seems to be that the laptop won't start up. Starting up normally causes the laptop to freeze at the Starting Windows screen with the windows logo. It did, however, run in System Recovery. I ran FRST64, got the log file, and the only file that was highlighted was the BackgroundContainer.dll one, which I assumed was the problem.

 

I ran the FRST fixlist you added (thank you for taking the time) and tried restarting, but it froze on the starting windows screen again. Below is the fixlog.

 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 01
Ran by SYSTEM at 2014-05-14 09:49:07 Run:1
Running from D:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\User\...\Run: [Browser Infrastructure Helper] => C:\Users\User\AppData\Local\Smartbar\Application\Smartbar.exe [21024 2013-10-09] (Smartbar)
HKU\User\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\User\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll [490504 2014-04-10] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll [665096 2014-04-10] ()

S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
S2 SafetyNutManager2; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3544072 2014-04-10] (Somoto LTD)
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\configmgrc1.cfg [36224 2014-04-10] (Somoto LTD)

2014-05-11 17:58 - 2014-05-12 00:50 - 00003364 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
C:\Users\User\ParallelsAccess-1.0.22731.929773.exe
C:\Users\User\AppData\Local\Smartbar
C:\Users\User\AppData\Local\Conduit
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Movies Toolbar
*****************

HKU\User\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper => Value deleted successfully.
HKU\User\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => Key deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => Moved successfully.
HKLM\System\ControlSet001\Control\Session Manager\AppCertDlls\\x86 => Value deleted successfully.
HKLM\System\ControlSet001\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully.
BackupStack => Service deleted successfully.
SafetyNutManager2 => Service deleted successfully.
F06DEFF2-5B9C-490D-910F-35D3A9119622 => Service deleted successfully.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
C:\Users\User\ParallelsAccess-1.0.22731.929773.exe => Moved successfully.
C:\Users\User\AppData\Local\Smartbar => Moved successfully.
C:\Users\User\AppData\Local\Conduit => Moved successfully.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
C:\Program Files (x86)\Movies Toolbar => Moved successfully.

==== End of Fixlog ====

Seems to have addressed the BackgroundContainer issue, but the computer still refuses to startup past the Starting Windows screen. I ran FRST64 again, log as follows

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by SYSTEM on MININT-QJ99S6L on 14-05-2014 10:17:32
Running from D:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [ClientAppLogon32] => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon] => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10358784 2011-11-14] (Intel Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2012-01-03] (Intel(R) Corporation)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2010-05-09] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [650080 2011-03-15] (Sony Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-12-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Freecorder FLV Service] => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-10-26] (Sonic Solutions)
HKLM-x32\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-08-24] (Macrovision Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-08-24] (Macrovision Corporation)
HKLM-x32\...\Run: [Click&Scan iNSIGHT 20] => C:\Program Files (x86)\Scantron\Document Imaging\iNSIGHT_20\Click&Scan\KSSCFG.exe [192512 2008-06-12] (Scantron Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-11] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\User\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-11] (Google Inc.)
HKU\User\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-19] (Apple Inc.)
HKU\User\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\User\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\User\...\Run: [SDP] => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKU\User\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\User\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
HKU\User\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-28] (Macrovision Corporation)
HKU\User\...\Run: [FLV Player] => C:\Users\User\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-25] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-11] (AVAST Software)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-03] ()
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-23] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-11] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-11] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-11] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-11] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-11] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-11] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-11] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-12] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-12] (Huawei Technologies Co., Ltd.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-06-05] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-06-05] (CACE Technologies, Inc.)
S3 prl_virtual_sound; C:\Windows\System32\DRIVERS\prl_virtual_sound.sys [46824 2013-08-26] (Parallels Holdings, Ltd. and its affiliates.)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-10-26] (Sonic Solutions)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-12 17:22 - 2014-05-14 10:17 - 00000000 ____D () C:\FRST
2014-05-12 00:28 - 2014-05-12 00:29 - 00000000 ____D () C:\Users\User\Desktop\New folder
2014-05-11 18:26 - 2014-05-11 18:25 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-05-11 18:25 - 2014-05-11 18:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-06 01:52 - 2014-05-06 01:52 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-05-06 01:45 - 2014-04-13 18:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-06 01:45 - 2014-04-13 18:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-05 01:57 - 2014-04-29 06:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-05 01:56 - 2014-04-29 05:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-05 01:56 - 2014-04-29 04:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 01:56 - 2014-04-29 04:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-04 23:19 - 2014-05-04 23:19 - 00060416 _____ () C:\Users\User\Downloads\AA09.tmp
2014-04-23 23:08 - 2014-04-14 04:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-23 23:07 - 2014-04-14 04:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-23 23:07 - 2014-04-14 04:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-23 23:07 - 2014-04-14 04:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-23 23:06 - 2014-04-23 23:07 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-22 01:49 - 2014-03-06 00:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-04-22 01:49 - 2014-03-06 00:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-04-22 01:49 - 2014-03-06 00:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 01:49 - 2014-03-05 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 01:48 - 2014-03-06 01:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-04-22 01:48 - 2014-03-06 00:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-22 01:48 - 2014-03-06 00:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-04-22 01:48 - 2014-03-06 00:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-22 01:48 - 2014-03-06 00:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-22 01:48 - 2014-03-06 00:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-22 01:48 - 2014-03-06 00:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-04-22 01:48 - 2014-03-06 00:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-04-22 01:48 - 2014-03-06 00:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-04-22 01:48 - 2014-03-06 00:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-22 01:48 - 2014-03-06 00:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-22 01:48 - 2014-03-06 00:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-04-22 01:48 - 2014-03-06 00:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-22 01:48 - 2014-03-06 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 01:48 - 2014-03-06 00:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 01:48 - 2014-03-05 23:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-22 01:48 - 2014-03-05 23:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-22 01:48 - 2014-03-05 23:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 01:48 - 2014-03-05 23:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 01:48 - 2014-03-05 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 01:48 - 2014-03-05 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 01:48 - 2014-03-05 23:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-04-22 01:48 - 2014-03-05 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 01:48 - 2014-03-05 23:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 01:48 - 2014-03-05 23:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 01:48 - 2014-03-05 23:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-22 01:48 - 2014-03-05 23:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 01:48 - 2014-03-05 23:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-04-22 01:48 - 2014-03-05 23:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 01:48 - 2014-03-05 23:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 01:48 - 2014-03-05 22:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-22 01:48 - 2014-03-05 22:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 01:48 - 2014-03-05 22:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 01:48 - 2014-03-05 22:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 01:48 - 2014-03-05 22:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-22 01:48 - 2014-03-05 21:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-22 01:48 - 2014-03-05 21:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-04-22 01:48 - 2014-03-05 21:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 01:48 - 2014-03-05 21:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 01:48 - 2014-03-05 21:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-14 22:45 - 2014-04-14 22:45 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-04-14 22:45 - 2014-04-14 22:45 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-14 00:53 - 2014-04-14 00:54 - 00003106 _____ () C:\Windows\System32\Tasks\Google Pinyin Daemon

==================== One Month Modified Files and Folders =======

2014-05-14 10:17 - 2014-05-12 17:22 - 00000000 ____D () C:\FRST
2014-05-12 01:00 - 2009-07-13 20:45 - 00026096 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 01:00 - 2009-07-13 20:45 - 00026096 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 00:59 - 2014-02-25 17:15 - 00000000 ____D () C:\ProgramData\SafetyNut
2014-05-12 00:59 - 2009-07-13 21:13 - 00891638 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-12 00:56 - 2011-11-10 22:12 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeraCopy
2014-05-12 00:53 - 2012-02-06 05:22 - 00000440 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2014-05-12 00:52 - 2012-02-03 05:13 - 00000000 ___RD () C:\Users\User\Dropbox
2014-05-12 00:52 - 2012-01-24 19:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-05-12 00:50 - 2011-11-25 07:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 00:50 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 00:49 - 2014-02-09 17:15 - 00017389 _____ () C:\Windows\setupact.log
2014-05-12 00:44 - 2013-04-08 22:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\NCH Software
2014-05-12 00:44 - 2013-04-08 22:04 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-12 00:43 - 2014-01-23 16:49 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-12 00:42 - 2011-11-10 21:52 - 00000000 ____D () C:\ProgramData\Google
2014-05-12 00:42 - 2011-11-10 21:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-12 00:29 - 2014-05-12 00:28 - 00000000 ____D () C:\Users\User\Desktop\New folder
2014-05-12 00:26 - 2012-04-04 01:43 - 14474240 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-05-12 00:07 - 2014-02-13 17:05 - 00171080 _____ () C:\Windows\PFRO.log
2014-05-11 23:40 - 2013-03-03 18:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 23:27 - 2012-01-30 05:56 - 01769584 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 23:08 - 2011-11-25 07:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 23:01 - 2011-11-11 23:04 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345033076-2612854191-1277975603-1000UA.job
2014-05-11 20:07 - 2011-11-10 21:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-05-11 18:26 - 2012-07-24 17:15 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-11 18:25 - 2014-05-11 18:26 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-05-11 18:25 - 2014-05-11 18:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-11 18:25 - 2014-01-08 00:05 - 00085328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2014-05-11 18:25 - 2013-03-03 17:27 - 00208416 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-05-11 18:25 - 2013-03-03 17:27 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-05-11 18:25 - 2012-02-25 02:04 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-05-11 18:25 - 2011-11-21 17:03 - 01039096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-05-11 18:25 - 2011-11-21 17:03 - 00423240 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-05-11 18:25 - 2011-11-21 17:03 - 00334648 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-05-11 18:25 - 2011-11-21 17:03 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-05-11 18:01 - 2011-11-11 23:04 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345033076-2612854191-1277975603-1000Core.job
2014-05-11 17:02 - 2011-11-25 07:38 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-11 17:02 - 2011-11-25 07:38 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 17:56 - 2011-11-11 23:04 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3345033076-2612854191-1277975603-1000UA
2014-05-08 17:56 - 2011-11-11 23:04 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3345033076-2612854191-1277975603-1000Core
2014-05-06 01:52 - 2014-05-06 01:52 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-05-05 01:05 - 2012-04-18 21:19 - 00000000 ____D () C:\IOPS2009
2014-05-04 23:19 - 2014-05-04 23:19 - 00060416 _____ () C:\Users\User\Downloads\AA09.tmp
2014-05-02 17:36 - 2011-11-12 04:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\XNote Stopwatch
2014-04-29 18:06 - 2011-11-10 22:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-04-29 06:01 - 2014-05-05 01:57 - 23547904 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-29 05:40 - 2014-05-05 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-29 04:48 - 2014-05-05 01:56 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 04:34 - 2014-05-05 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-23 23:08 - 2013-10-28 17:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-23 23:07 - 2014-04-23 23:06 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-23 23:07 - 2011-08-09 04:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-23 23:03 - 2012-05-22 00:11 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-23 23:03 - 2011-08-09 04:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-22 23:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-04-22 22:36 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-20 17:31 - 2013-02-13 22:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-20 17:31 - 2011-11-10 22:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-14 22:45 - 2014-04-14 22:45 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-04-14 22:45 - 2014-04-14 22:45 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-14 22:41 - 2014-04-13 19:16 - 00001366 _____ () C:\ProgramData\hpzinstall.log
2014-04-14 04:13 - 2014-04-23 23:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 04:05 - 2014-04-23 23:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 04:05 - 2014-04-23 23:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 04:04 - 2014-04-23 23:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 00:54 - 2014-04-14 00:53 - 00003106 _____ () C:\Windows\System32\Tasks\Google Pinyin Daemon
2014-04-14 00:53 - 2011-11-10 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Google

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\User\AppData\Local\Temp\Delta.exe
C:\Users\User\AppData\Local\Temp\DeltaTB.exe
C:\Users\User\AppData\Local\Temp\Execute2App.exe
C:\Users\User\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\User\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\User\AppData\Local\Temp\msvcp90.dll
C:\Users\User\AppData\Local\Temp\msvcr90.dll
C:\Users\User\AppData\Local\Temp\MybabylonTB.exe
C:\Users\User\AppData\Local\Temp\nsj85BC.exe
C:\Users\User\AppData\Local\Temp\nsj89B3.exe
C:\Users\User\AppData\Local\Temp\nsjD98B.exe
C:\Users\User\AppData\Local\Temp\nsjDE1E.exe
C:\Users\User\AppData\Local\Temp\nso80FA.exe
C:\Users\User\AppData\Local\Temp\nsyE272.exe
C:\Users\User\AppData\Local\Temp\tbCon0.dll
C:\Users\User\AppData\Local\Temp\WSSetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 4011.86 MB
Available physical RAM: 3237.15 MB
Total Pagefile: 4010.06 MB
Available Pagefile: 3229.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:203.11 GB) (Free:109.67 GB) NTFS
Drive d: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT
Drive e: (DATA) (Fixed) (Total:250 GB) (Free:185.66 GB) NTFS
Drive g: (Recovery) (Fixed) (Total:12.55 GB) (Free:1.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4C58F0CA)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=203 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=250 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 980 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-05-08 20:02

==================== End Of Log ============================

Hope that helps. Thanks!



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 14 May 2014 - 09:45 AM

are you able to reboot into safe mode?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 10 June 2014 - 06:27 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users