Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 not booting possible malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 sojay

sojay

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 30 August 2014 - 03:46 PM

Hello,

 

Tried running the start up repair to no avail. I am able to run the system recovery options and I think it may have to do something with windows thinking the OS is on the D: drive. Normally it should be c:. So before all this happened I ran malwarebytes and it detected 50 or so issues. I quarantined it all and restarted the computer. And that's how I got to the current state. I've read a few other posts about running frst and posting the log. So below is the log I got after running it. Any assistance would be appreciated. Thank you in advance

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014 01
Ran by SYSTEM on MININT-1UT7TVT on 30-08-2014 15:12:06
Running from F:\
Platform: WIN_7 (X86) OS Language: English (United States)
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Winlogon: [Userinit] 
HKLM\...\Winlogon: [Shell]  [x ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\Jay\...\Run: [Google Update] => C:\Users\Jay\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-21] (Google Inc.)
HKU\Jay\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\Jay\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)
HKU\Jay\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\Jay\...\Run: [MusicManager] => C:\Users\Jay\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\Jay\...\Run: [uTorrent] => C:\Users\Jay\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-02] (BitTorrent Inc.)
HKU\Jay\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21653096 2014-07-24] (Skype Technologies S.A.)
HKU\Jay\...\Run: [DW7] => "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\Jay\...\Run: [Google+ Auto Backup] => C:\Users\Jay\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)
HKU\Jay\...\Run: [f.lux] => C:\Users\Jay\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\Jay\...\Run: [ScreenSplitter] => C:\Program Files\LG Electronics\Screen Split\bin\ScreenSplit.exe [693288 2013-11-07] (LG Electronics)
HKU\Jay\...\Run: [EADM] => H:\Origin\Origin.exe [3600216 2014-08-29] (Electronic Arts)
Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-03-28] (Coupons.com Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 NovacomD; C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe [61440 2011-06-24] (Palm)
S2 Subsonic; C:\Program Files\Subsonic\subsonic-service.exe [259584 2013-04-17] ()
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248704 2013-04-29] ()
S2 avast! Antivirus; "AVAST Software\Avast\AvastSvc.exe" [X]
S2 BstHdAndroidSvc; "C:\Program Files\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-29] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-29] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-29] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-29] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414392 2014-08-29] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-29] ()
S3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [45792 2012-08-03] (Windows ® Win 7 DDK provider)
S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH)
S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-13] (Microsoft Corporation)
S2 BstHdDrv; \??\C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [X]
S0 gvlnuqi; System32\drivers\rejae.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-30 15:11 - 2014-08-30 15:12 - 00000000 ____D () C:\FRST
2014-08-30 07:17 - 2014-08-30 07:17 - 00085024 _____ () C:\avenger.txt
2014-08-30 07:17 - 2014-08-30 07:17 - 00000000 ____D () C:\Avenger
2014-08-29 19:19 - 2014-08-29 19:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-29 19:18 - 2014-08-29 19:18 - 00000907 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-29 19:18 - 2014-08-29 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-29 19:18 - 2014-08-29 19:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-29 19:18 - 2014-05-12 04:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-08-29 19:18 - 2014-05-12 04:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-29 19:18 - 2014-05-12 04:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-29 19:17 - 2014-08-29 19:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jay\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-29 19:13 - 2014-08-29 19:13 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\AVAST Software
2014-08-29 19:07 - 2014-08-29 19:07 - 00000956 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-29 19:06 - 2014-08-29 19:06 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00414392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-29 19:06 - 2014-08-29 19:06 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00081768 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00071944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-29 19:06 - 2014-08-29 19:06 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-29 19:05 - 2014-08-29 19:05 - 00000000 ____D () C:\Users\Jay\Desktop\AVAST Software
2014-08-29 19:03 - 2014-08-29 19:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-29 19:03 - 2014-08-29 19:03 - 04862664 _____ (AVAST Software) C:\Users\Jay\Desktop\avast_free_antivirus_setup_online.exe
2014-08-29 19:01 - 2014-08-29 19:01 - 02758680 _____ (Sony Corporation) C:\Users\Jay\Desktop\PMHOME_3120DL.exe
2014-08-29 05:47 - 2014-08-29 05:47 - 00011522 _____ () C:\Users\Jay\Desktop\pricing.xlsx
2014-08-27 17:56 - 2014-08-22 17:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-27 17:56 - 2014-08-22 16:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-26 19:11 - 2014-08-26 19:11 - 00273920 _____ () C:\Users\Jay\Desktop\6008-20140817-USD-E.xls
2014-08-26 13:01 - 2014-08-26 13:01 - 00075924 _____ () C:\Users\Jay\Desktop\001.tif
2014-08-22 17:38 - 2014-08-22 17:36 - 00075924 _____ () C:\Users\Public\001.tif
2014-08-22 03:04 - 2014-05-14 08:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-22 03:04 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-22 03:04 - 2014-05-14 08:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-22 03:04 - 2014-05-14 08:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-08-22 03:04 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-08-22 03:04 - 2014-05-14 08:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-22 03:04 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-22 03:04 - 2014-05-14 06:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-22 03:04 - 2014-05-14 06:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-17 17:02 - 2014-08-17 17:02 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\4104
2014-08-17 05:24 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-17 05:24 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-17 05:24 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-17 05:24 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-15 10:11 - 2014-07-31 15:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-15 10:11 - 2014-07-25 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-15 10:11 - 2014-07-25 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-15 10:11 - 2014-07-25 04:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-15 10:11 - 2014-07-25 04:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-15 10:11 - 2014-07-25 04:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-15 10:11 - 2014-07-25 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-15 10:11 - 2014-07-25 04:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-15 10:11 - 2014-07-25 04:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-15 10:11 - 2014-07-25 04:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-15 10:11 - 2014-07-25 03:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-15 10:11 - 2014-07-25 03:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-15 10:11 - 2014-07-25 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-15 10:11 - 2014-07-25 03:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-15 10:11 - 2014-07-25 03:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-15 10:11 - 2014-07-25 03:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-15 10:11 - 2014-07-25 03:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-15 10:11 - 2014-07-25 02:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-15 10:11 - 2014-07-25 02:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-15 10:11 - 2014-07-13 17:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-08-15 10:11 - 2014-06-15 17:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-08-15 10:11 - 2014-06-15 17:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2014-08-15 10:11 - 2014-06-15 17:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2014-08-15 10:10 - 2014-08-06 17:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-15 10:10 - 2014-08-06 17:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-15 10:10 - 2014-07-25 05:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-15 10:10 - 2014-07-25 04:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-15 10:10 - 2014-07-25 04:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-15 10:10 - 2014-07-25 04:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-15 10:10 - 2014-07-25 04:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-15 10:10 - 2014-07-25 04:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-15 10:10 - 2014-07-25 03:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-15 10:10 - 2014-07-25 03:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-15 10:10 - 2014-07-25 03:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-15 10:10 - 2014-07-25 03:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-15 10:10 - 2014-07-25 02:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-15 10:10 - 2014-07-15 18:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-08-15 10:10 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-15 10:10 - 2014-06-03 01:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-08-15 10:10 - 2014-06-03 01:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-08-15 10:10 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-08-15 10:10 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-08-15 06:28 - 2014-08-15 06:28 - 00010057 _____ () C:\Users\Jay\Desktop\hk zero 8-10.xlsx
2014-08-13 13:06 - 2014-08-13 13:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-07 05:48 - 2014-08-07 05:48 - 00010285 _____ () C:\Users\Jay\Desktop\Book1.xlsx
2014-08-07 05:47 - 2014-08-07 05:47 - 00009886 _____ () C:\Users\Jay\Desktop\Book3.xlsx
2014-07-31 15:24 - 2014-07-31 15:24 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-31 15:24 - 2014-07-31 15:24 - 00000000 ____D () C:\Program Files\iTunes
2014-07-31 15:24 - 2014-07-31 15:24 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-30 15:12 - 2014-08-30 15:11 - 00000000 ____D () C:\FRST
2014-08-30 10:20 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-08-30 07:21 - 2012-12-21 21:24 - 00216178 _____ () C:\Windows\PFRO.log
2014-08-30 07:17 - 2014-08-30 07:17 - 00085024 _____ () C:\avenger.txt
2014-08-30 07:17 - 2014-08-30 07:17 - 00000000 ____D () C:\Avenger
2014-08-30 07:17 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Branding
2014-08-30 07:16 - 2012-12-21 21:15 - 01106058 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 06:51 - 2012-12-21 21:43 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Skype
2014-08-29 20:09 - 2013-12-25 12:27 - 00000005 _____ () C:\Windows\System32\lMMLDeleteUserData42107612FX.tmp
2014-08-29 20:09 - 2013-12-25 09:33 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\HTC
2014-08-29 20:09 - 2013-12-25 09:33 - 00000000 ____D () C:\ProgramData\HTC
2014-08-29 20:09 - 2013-12-25 09:33 - 00000000 ____D () C:\Program Files\HTC
2014-08-29 20:04 - 2014-02-20 11:04 - 00000000 ____D () C:\Users\Jay\AppData\Local\genienext
2014-08-29 20:04 - 2014-02-20 11:03 - 00000000 ____D () C:\Users\Jay\AppData\Local\Conduit
2014-08-29 20:04 - 2014-02-20 11:03 - 00000000 ____D () C:\Program Files\Conduit
2014-08-29 20:04 - 2009-07-13 18:37 - 00000000 ___RD () C:\users\Public
2014-08-29 19:19 - 2014-08-29 19:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-29 19:18 - 2014-08-29 19:18 - 00000907 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-29 19:18 - 2014-08-29 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-29 19:18 - 2014-08-29 19:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-29 19:17 - 2014-08-29 19:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jay\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-29 19:13 - 2014-08-29 19:13 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\AVAST Software
2014-08-29 19:12 - 2013-05-19 16:44 - 00000000 ____D () C:\Program Files\Steam
2014-08-29 19:07 - 2014-08-29 19:07 - 00000956 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-29 19:06 - 2014-08-29 19:06 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00414392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-29 19:06 - 2014-08-29 19:06 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00081768 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00071944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-29 19:06 - 2014-08-29 19:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-29 19:06 - 2014-08-29 19:06 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-29 19:05 - 2014-08-29 19:05 - 00000000 ____D () C:\Users\Jay\Desktop\AVAST Software
2014-08-29 19:05 - 2014-08-29 19:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-29 19:03 - 2014-08-29 19:03 - 04862664 _____ (AVAST Software) C:\Users\Jay\Desktop\avast_free_antivirus_setup_online.exe
2014-08-29 19:01 - 2014-08-29 19:01 - 02758680 _____ (Sony Corporation) C:\Users\Jay\Desktop\PMHOME_3120DL.exe
2014-08-29 18:57 - 2009-07-13 20:39 - 00084052 _____ () C:\Windows\setupact.log
2014-08-29 18:45 - 2012-12-22 21:55 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\uTorrent
2014-08-29 06:22 - 2012-12-22 05:45 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\Dropbox
2014-08-29 05:56 - 2009-07-13 20:34 - 00020816 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-29 05:56 - 2009-07-13 20:34 - 00020816 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-29 05:53 - 2012-12-21 21:20 - 00786598 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-29 05:49 - 2009-07-13 20:33 - 00297936 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-29 05:47 - 2014-08-29 05:47 - 00011522 _____ () C:\Users\Jay\Desktop\pricing.xlsx
2014-08-28 19:20 - 2014-01-22 12:49 - 00000000 ____D () C:\Users\Jay\AppData\Local\Battle.net
2014-08-28 11:35 - 2013-02-14 05:49 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-08-26 19:11 - 2014-08-26 19:11 - 00273920 _____ () C:\Users\Jay\Desktop\6008-20140817-USD-E.xls
2014-08-26 13:01 - 2014-08-26 13:01 - 00075924 _____ () C:\Users\Jay\Desktop\001.tif
2014-08-26 08:01 - 2013-07-24 15:58 - 00000000 ____D () C:\Users\Jay\Desktop\LQ Loan
2014-08-26 07:51 - 2014-03-23 09:23 - 00000000 ____D () C:\Users\Public\insurance
2014-08-26 07:51 - 2014-03-13 07:05 - 00000000 ____D () C:\Users\Public\New folder (2)
2014-08-26 07:51 - 2014-02-25 14:46 - 00000000 ____D () C:\Users\Public\direct
2014-08-26 07:51 - 2013-10-18 06:17 - 00000000 ____D () C:\Users\Public\New folder
2014-08-26 07:50 - 2013-06-13 14:01 - 00080384 ___SH () C:\Users\Public\Thumbs.db
2014-08-24 18:26 - 2012-12-23 20:05 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-08-22 17:46 - 2014-08-27 17:56 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-22 17:36 - 2014-08-22 17:38 - 00075924 _____ () C:\Users\Public\001.tif
2014-08-22 16:42 - 2014-08-27 17:56 - 02352640 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-17 18:35 - 2014-07-24 12:18 - 00000000 ____D () C:\ProgramData\Origin
2014-08-17 17:02 - 2014-08-17 17:02 - 00000000 ____D () C:\Users\Jay\AppData\Roaming\4104
2014-08-17 13:51 - 2012-12-22 05:47 - 00000000 ____D () C:\Program Files\Subsonic
2014-08-17 10:13 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\rescache
2014-08-17 06:39 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-17 05:52 - 2014-06-23 05:08 - 00000000 ____D () C:\Users\Jay\Desktop\Media Companion 3.597b
2014-08-17 05:50 - 2014-05-06 07:34 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-17 05:31 - 2013-07-18 08:01 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-17 05:31 - 2012-12-27 10:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 05:26 - 2012-12-21 21:32 - 96303304 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-08-15 06:28 - 2014-08-15 06:28 - 00010057 _____ () C:\Users\Jay\Desktop\hk zero 8-10.xlsx
2014-08-13 13:06 - 2014-08-13 13:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-13 13:06 - 2012-12-21 21:43 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 08:19 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\NDF
2014-08-07 05:48 - 2014-08-07 05:48 - 00010285 _____ () C:\Users\Jay\Desktop\Book1.xlsx
2014-08-07 05:47 - 2014-08-07 05:47 - 00009886 _____ () C:\Users\Jay\Desktop\Book3.xlsx
2014-08-06 17:43 - 2014-08-15 10:10 - 00412160 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-06 17:39 - 2014-08-15 10:10 - 00302592 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-07-31 15:24 - 2014-07-31 15:24 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-31 15:24 - 2014-07-31 15:24 - 00000000 ____D () C:\Program Files\iTunes
2014-07-31 15:24 - 2014-07-31 15:24 - 00000000 ____D () C:\Program Files\iPod
2014-07-31 15:24 - 2012-12-21 21:28 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-31 15:16 - 2014-08-15 10:11 - 00307384 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-31 06:32 - 2013-11-19 18:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
 
Some content of TEMP:
====================
C:\Users\Jay\AppData\Local\Temp\30C1.exe
C:\Users\Jay\AppData\Local\Temp\3536.exe
C:\Users\Jay\AppData\Local\Temp\48268uninstall.exe
C:\Users\Jay\AppData\Local\Temp\7DDC.exe
C:\Users\Jay\AppData\Local\Temp\9693.exe
C:\Users\Jay\AppData\Local\Temp\9865.exe
C:\Users\Jay\AppData\Local\Temp\9B54.exe
C:\Users\Jay\AppData\Local\Temp\A553.exe
C:\Users\Jay\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\Jay\AppData\Local\Temp\AskSLib.dll
C:\Users\Jay\AppData\Local\Temp\AVG.exe
C:\Users\Jay\AppData\Local\Temp\BackupSetup.exe
C:\Users\Jay\AppData\Local\Temp\BADB.exe
C:\Users\Jay\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph4r8ed.dll
C:\Users\Jay\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Jay\AppData\Local\Temp\F49A.exe
C:\Users\Jay\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jay\AppData\Local\Temp\IEHistory.exe
C:\Users\Jay\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\Jay\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Jay\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Jay\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Jay\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jay\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Jay\AppData\Local\Temp\offercast.exe
C:\Users\Jay\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jay\AppData\Local\Temp\Sqlite3.dll
C:\Users\Jay\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Jay\AppData\Local\Temp\vcredist_x86_2008.exe
C:\Users\Jay\AppData\Local\Temp\vcredist_x86_2010.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-08-30 07:16:33
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 4095.05 MB
Available physical RAM: 3627.25 MB
Total Pagefile: 4093.33 MB
Available Pagefile: 3633.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:19.62 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:7.26 GB) (Free:6.59 GB) FAT32
Drive h: () (Fixed) (Total:596.17 GB) (Free:50.44 GB) NTFS
Drive i: (New Volume) (Fixed) (Total:931.51 GB) (Free:504.43 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 4BA48186)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E520C45F)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=42)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4892ABC8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
 
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
 
 
LastRegBack: 2014-08-29 06:06
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:47 AM

Posted 31 August 2014 - 09:46 PM

:welcome:

 

Lets give it a try.

 

Download the enclosed file. [attachment=154053:fixlist.txt]

 

Save it in the same location FRST is saved. Run FRST, except that this time around click on the Fix button and wait.

 

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.

 
Attempt to boot in Normal Mode and let me know the outcome.

Edited by JSntgRvr, 31 August 2014 - 09:49 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:47 AM

Posted 10 September 2014 - 09:03 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users