Jump to content

NEED URGENT HELP!


Recommended Posts

Hi :)

 

I was using this forum to fix a computer before, but now I have a desktop computer to sort out. It gets stuck in a loop of booting. First, you turn it on, then it says "Starting Windows" and takes a while. Then it takes me to "Your computer has failed to shutdown" and doesn't find and issue. I ran Windows Defender Offline and it found nothing, considering the database was old. I have a clean computer that can burn discs and stuff. 

 

It's running Windows 7 32 bit.

 

I have access to command prompt in system recovery mode, but not normal mode.

 

Please Help Me!!!

 

PS How can I run dds?

Link to post
Share on other sites

  • Replies 75
  • Created
  • Last Reply

Top Posters In This Topic

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
Let´s check if this is a malware related problem:
 
 
Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt



  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.


It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Thankyou Marius! :)

 

Here is FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on MININT-OM4NM8H on 10-10-2013 16:12:53
Running from E:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-29] (Kaspersky Lab ZAO)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
HKU\Joanne\...\Run: [PasswordManager] - C:\Program Files\Kaspersky Lab\Kaspersky PURE\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe
HKU\Joanne\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\Joanne\...\Run: [steam] - "C:\Program Files\Steam\Steam.exe" -silent
HKU\Joanne\...\Policies\system: [LogonHoursAction] 2
HKU\Joanne\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Jorja\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Jorja\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe
HKU\Jorja\...\Run: [EA Core] - C:\Program Files\Electronic Arts\EA Link\Core.exe -silent
HKU\Jorja\...\Run: [RocketDock] - "C:\Program Files\RocketDock\RocketDock.exe"
HKU\Jorja\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-04-30] (Apple Inc.)
HKU\Jorja\...\Run: [steam] - "C:\Program Files\Steam\Steam.exe" -silent
HKU\Jorja\...\Run: [Google Update] - "C:\Users\Lucas.Paul-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\Jorja\...\Policies\system: [LogonHoursAction] 2
HKU\Jorja\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lucas.Paul-PC\...\Run: [Exetender] - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Lucas.Paul-PC\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [ 2013-09-30] (Electronic Arts)
HKU\Lucas.Paul-PC\...\Policies\system: [LogonHoursAction] 2
HKU\Lucas.Paul-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Paul\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Paul\...\Run: [Google Update] - C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [ 2010-10-14] (Google Inc.)
HKU\Paul\...\Run: [DriverFinder] - C:\Program Files\DriverFinder\DriverFinder.exe
HKU\Paul\...\Run: [EA Core] - C:\Program Files\Electronic Arts\EA Link\Core.exe -silent
HKU\Paul\...\Run: [steam] - "C:\Program Files\Steam\Steam.exe" -silent
HKU\Paul\...\Run: [Exetender] - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Paul\...\Policies\system: [LogonHoursAction] 2
HKU\Paul\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll [ 2010-10-14] ()
 
========================== Services (Whitelisted) =================
 
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-29] (Kaspersky Lab ZAO)
S2 HPSLPSVC; C:\Users\Ryan\AppData\Local\Temp\7zS2ED5\hpslpsvc32.dll [701288 2012-08-27] (Hewlett-Packard Co.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 vToolbarUpdater15.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [1008816 2013-05-10] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [34592 2013-05-10] (AVG Technologies)
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S3 JL2005C; C:\Windows\System32\Drivers\jl2005c.sys [64998 2010-03-22] (Windows ® 2000 DDK provider)
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-03] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-03] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-29] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
S3 LTXMD_VAC; C:\Windows\System32\drivers\lmvac.sys [25616 2009-05-21] (Windows ® Codename Longhorn DDK provider)
S3 tenCapture; C:\Windows\System32\DRIVERS\tenCapture.sys [20664 2012-07-19] (Hajo Krabbenhöft)
S3 digitalpower; system32\drivers\digitalpower.sys [x]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]
S3 nmwcd; system32\drivers\ccdcmb.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-10 16:12 - 2013-10-10 16:12 - 00000000 ____D C:\FRST
2013-10-10 15:35 - 2013-10-10 15:35 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-09 00:26 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-08 22:26 - 2013-09-22 15:28 - 01141248 _____ C:\Windows\System32\urlmon.dll
2013-10-08 22:26 - 2013-09-22 15:28 - 00042496 _____ C:\Windows\System32\ie4uinit.exe
2013-10-08 22:26 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-08 22:26 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-08 22:26 - 2013-09-22 15:27 - 02876928 _____ C:\Windows\System32\jscript9.dll
2013-10-08 22:26 - 2013-09-22 15:27 - 02048512 _____ C:\Windows\System32\iertutil.dll
2013-10-08 22:26 - 2013-09-22 15:27 - 00690688 _____ C:\Windows\System32\jscript.dll
2013-10-08 22:26 - 2013-09-22 15:27 - 00493056 _____ C:\Windows\System32\msfeeds.dll
2013-10-08 22:26 - 2013-09-22 15:27 - 00391168 _____ C:\Windows\System32\ieui.dll
2013-10-08 22:26 - 2013-09-22 15:27 - 00109056 _____ C:\Windows\System32\iesysprep.dll
2013-10-08 22:26 - 2013-09-22 15:27 - 00061440 _____ C:\Windows\System32\iesetup.dll
2013-10-08 22:26 - 2013-09-22 15:27 - 00039424 _____ C:\Windows\System32\jsproxy.dll
2013-10-08 22:26 - 2013-09-22 15:27 - 00033280 _____ C:\Windows\System32\iernonce.dll
2013-10-08 22:26 - 2013-09-20 19:30 - 02706432 _____ C:\Windows\System32\mshtml.tlb
2013-10-08 22:26 - 2013-09-20 18:39 - 00071680 _____ C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-08 21:08 - 2013-09-13 16:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-08 21:08 - 2013-09-07 18:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-08 21:08 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-08 21:08 - 2013-09-03 17:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-08 21:08 - 2013-09-03 17:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-08 21:08 - 2013-09-03 17:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-08 21:08 - 2013-09-03 17:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-08 21:08 - 2013-09-03 17:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-08 21:08 - 2013-09-03 17:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-08 21:08 - 2013-09-03 17:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-08 21:08 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-10-08 21:08 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-08 21:08 - 2013-08-28 17:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-08 21:08 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-08 21:08 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-08 21:08 - 2013-08-27 17:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-08 21:08 - 2013-08-27 16:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-08 21:08 - 2013-08-01 03:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-08 21:08 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 21:08 - 2013-07-12 02:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-08 21:08 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-08 21:08 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-08 21:08 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-08 21:08 - 2013-07-04 01:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-08 21:08 - 2013-07-02 20:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-08 21:08 - 2013-07-02 19:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-08 21:08 - 2013-07-02 19:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-08 21:08 - 2013-06-25 14:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-08 21:08 - 2013-06-05 20:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-08 21:08 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-08 21:08 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-08 21:08 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-08 21:08 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-06 21:42 - 2013-10-06 21:42 - 00283359 _____ C:\Users\Lucas.Paul-PC\Desktop\Untitled (4).wma
2013-10-03 03:43 - 2013-10-03 03:45 - 00000000 ____D C:\Users\Joanne\Desktop\Deposit Receipt and Acceptance
2013-10-01 05:51 - 2013-10-01 05:51 - 00137768 _____ C:\Users\Lucas.Paul-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-30 18:15 - 2013-09-30 18:16 - 00000000 ____D C:\Users\Joanne\AppData\Local\{1F477A0F-C26D-4ABD-AA6D-B47DF8CF0BC9}
2013-09-27 17:27 - 2013-10-09 04:47 - 00003752 _____ C:\Windows\setupact.log
2013-09-27 17:27 - 2013-10-09 00:16 - 00481240 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-27 17:27 - 2013-09-27 17:27 - 00000000 _____ C:\Windows\setuperr.log
2013-09-24 01:30 - 2013-09-24 01:30 - 01042066 _____ C:\Users\Joanne\Downloads\AdwCleaner.exe
2013-09-24 01:30 - 2013-09-24 01:30 - 00922112 _____ C:\Users\Joanne\Downloads\RogueKiller (1).exe
2013-09-24 01:30 - 2013-09-24 01:30 - 00000000 ____D C:\AdwCleaner
2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 ____D C:\Program Files\Origin Games
2013-09-16 04:18 - 2013-09-16 04:18 - 09725829 _____ C:\Users\Lucas.Paul-PC\Desktop\Untitled (3).wma
2013-09-12 00:23 - 2013-08-04 17:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-12 00:23 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-12 00:23 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-12 00:22 - 2013-08-01 17:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-12 00:22 - 2013-08-01 17:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-12 00:22 - 2013-08-01 17:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 16:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-12 00:22 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 00:22 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
 
==================== One Month Modified Files and Folders =======
 
2013-10-10 16:12 - 2013-10-10 16:12 - 00000000 ____D C:\FRST
2013-10-10 15:35 - 2013-10-10 15:35 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-09 04:48 - 2012-05-26 19:34 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-10-09 04:47 - 2013-09-27 17:27 - 00003752 _____ C:\Windows\setupact.log
2013-10-09 04:47 - 2011-02-10 03:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-09 00:31 - 2013-05-10 04:47 - 01462405 _____ C:\Windows\WindowsUpdate.log
2013-10-09 00:31 - 2010-03-19 20:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 00:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-09 00:28 - 2013-08-15 01:25 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 00:28 - 2011-04-04 16:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 00:28 - 2010-03-21 18:59 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-09 00:26 - 2013-05-15 02:12 - 00000000 ____D C:\Users\Lucas.Paul-PC\AppData\Roaming\TS3Client
2013-10-09 00:23 - 2009-07-13 20:34 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 00:23 - 2009-07-13 20:34 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 00:17 - 2012-01-02 03:37 - 00000000 ____D C:\Program Files\Origin
2013-10-09 00:16 - 2013-09-27 17:27 - 00481240 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-09 00:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\tracing
2013-10-08 22:10 - 2012-03-31 19:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-08 22:10 - 2012-01-02 19:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-10-08 00:22 - 2011-06-10 04:10 - 00000000 ____D C:\Users\Jorja\AppData\Roaming\.minecraft
2013-10-06 21:42 - 2013-10-06 21:42 - 00283359 _____ C:\Users\Lucas.Paul-PC\Desktop\Untitled (4).wma
2013-10-06 18:37 - 2013-03-29 23:08 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-06 18:03 - 2010-03-19 19:40 - 00006596 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-04 01:13 - 2012-03-16 21:34 - 00000000 ____D C:\Users\Lucas.Paul-PC\AppData\Local\CrashDumps
2013-10-03 03:45 - 2013-10-03 03:43 - 00000000 ____D C:\Users\Joanne\Desktop\Deposit Receipt and Acceptance
2013-10-01 05:51 - 2013-10-01 05:51 - 00137768 _____ C:\Users\Lucas.Paul-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-30 18:16 - 2013-09-30 18:15 - 00000000 ____D C:\Users\Joanne\AppData\Local\{1F477A0F-C26D-4ABD-AA6D-B47DF8CF0BC9}
2013-09-27 17:27 - 2013-09-27 17:27 - 00000000 _____ C:\Windows\setuperr.log
2013-09-27 16:45 - 2010-03-19 20:26 - 00000000 ____D C:\Windows\Panther
2013-09-24 01:30 - 2013-09-24 01:30 - 01042066 _____ C:\Users\Joanne\Downloads\AdwCleaner.exe
2013-09-24 01:30 - 2013-09-24 01:30 - 00922112 _____ C:\Users\Joanne\Downloads\RogueKiller (1).exe
2013-09-24 01:30 - 2013-09-24 01:30 - 00000000 ____D C:\AdwCleaner
2013-09-22 15:28 - 2013-10-09 00:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-22 15:28 - 2013-10-08 22:26 - 01141248 _____ C:\Windows\System32\urlmon.dll
2013-09-22 15:28 - 2013-10-08 22:26 - 00042496 _____ C:\Windows\System32\ie4uinit.exe
2013-09-22 15:27 - 2013-10-08 22:26 - 14335488 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-22 15:27 - 2013-10-08 22:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-22 15:27 - 2013-10-08 22:26 - 02876928 _____ C:\Windows\System32\jscript9.dll
2013-09-22 15:27 - 2013-10-08 22:26 - 02048512 _____ C:\Windows\System32\iertutil.dll
2013-09-22 15:27 - 2013-10-08 22:26 - 00690688 _____ C:\Windows\System32\jscript.dll
2013-09-22 15:27 - 2013-10-08 22:26 - 00493056 _____ C:\Windows\System32\msfeeds.dll
2013-09-22 15:27 - 2013-10-08 22:26 - 00391168 _____ C:\Windows\System32\ieui.dll
2013-09-22 15:27 - 2013-10-08 22:26 - 00109056 _____ C:\Windows\System32\iesysprep.dll
2013-09-22 15:27 - 2013-10-08 22:26 - 00061440 _____ C:\Windows\System32\iesetup.dll
2013-09-22 15:27 - 2013-10-08 22:26 - 00039424 _____ C:\Windows\System32\jsproxy.dll
2013-09-22 15:27 - 2013-10-08 22:26 - 00033280 _____ C:\Windows\System32\iernonce.dll
2013-09-21 23:07 - 2013-09-21 23:07 - 00000000 ____D C:\Program Files\Origin Games
2013-09-20 19:30 - 2013-10-08 22:26 - 02706432 _____ C:\Windows\System32\mshtml.tlb
2013-09-20 18:39 - 2013-10-08 22:26 - 00071680 _____ C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-16 04:18 - 2013-09-16 04:18 - 09725829 _____ C:\Users\Lucas.Paul-PC\Desktop\Untitled (3).wma
2013-09-13 18:53 - 2010-03-21 16:23 - 00002637 _____ C:\Users\Paul\Desktop\Microsoft Office Excel 2007.lnk
2013-09-13 18:53 - 2010-03-19 20:13 - 00002637 _____ C:\Users\Joanne\Desktop\Microsoft Office Excel 2007.lnk
2013-09-13 16:48 - 2013-10-08 21:08 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
 
Files to move or delete:
====================
C:\Users\Jorja\jagex_runescape_preferences.dat
 
 
Some content of TEMP:
====================
C:\Users\Joanne\AppData\Local\Temp\HitmanPro.exe
C:\Users\Joanne\AppData\Local\Temp\Quarantine.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
[2013-10-08 22:26] - [2013-09-22 15:27] - 2048512 ____A () C:\Windows\System32\IERTUTIL.dll
[2013-10-08 22:26] - [2013-09-22 15:28] - 1141248 ____A () C:\Windows\System32\URLMON.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
7
Restore point made on: 2013-09-24 01:06:18
Restore point made on: 2013-09-27 02:22:50
Restore point made on: 2013-10-01 19:02:28
Restore point made on: 2013-10-04 22:01:01
Restore point made on: 2013-10-08 21:05:57
Restore point made on: 2013-10-08 22:21:43
Restore point made on: 2013-10-09 00:26:41
 
==================== Memory info =========================== 
 
Percentage of memory in use: 17%
Total physical RAM: 4060.99 MB
Available physical RAM: 3355.82 MB
Total Pagefile: 4059.27 MB
Available Pagefile: 3360.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.91 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:465.71 GB) (Free:236.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (WDO_Media32) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
 
 
LastRegBack: 2013-09-30 15:57
 
==================== End Of Log ============================
Link to post
Share on other sites

No malware to see...

 

System File Check (offline mode)

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Select Command Prompt
  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your system drive letter and system path (for example, D:\windows\) and close the notepad.
  • enter the following command:



sfc /scannow /offbootdir=d:\ /offwindir=d:\windows


Replace the red and pink parts with the informations you obtained from the last step of this tutorial.

Note: Depending on how your computer is setup, the Command Prompt, when used from outside of Windows, doesn't always assign drive letters in the same way that you see them from inside Windows. In other words, Windows might be at C:\Windows when you're using it, but D:\Windows from the Command Prompt in System Recovery Options.

Link to post
Share on other sites

OK then we can do the following:

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"




Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Link to post
Share on other sites

Hi Marius.

I will be gone for about 3 days and will not be able to run any tools, but I still have Internet access if you have to talk to me.

Just to let you know, I am now able to log in on the computer. It was all because of system restore before running Windows Update. Maybe the update failed to shut the system down or something :/

But I'm in good condition right now :)

It's 9 pm here so it's getting a bit late so I will not be able to run tools now. But in 3 days I will be back :)

Link to post
Share on other sites

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

Link to post
Share on other sites

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-13 13:31:29
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC45 465.76GB
Running: rk1j3tcj.exe; Driver: C:\Users\Joanne\AppData\Local\Temp\pxldapod.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwAdjustPrivilegesToken [0x90A65392]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwAlpcConnectPort [0x90A8024A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwAlpcCreatePort [0x90A80580]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwAlpcSendWaitReceivePort [0x90A808F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwClose [0x90A65E0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwConnectPort [0x90A7FF32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwCreateEvent [0x90A6637E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwCreateMutant [0x90A6626C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwCreatePort [0x90A803F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwCreateSection [0x90A6514E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwCreateSemaphore [0x90A66496]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwCreateSymbolicLinkObject [0x90A81840]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwCreateThread [0x90A659C2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwCreateThreadEx [0x90A65B32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwCreateUserProcess [0x90A665AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwCreateWaitablePort [0x90A804B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwDebugActiveProcess [0x90A66856]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwDeviceIoControlFile [0x90A65E4E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwDuplicateObject [0x90A67858]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwLoadDriver [0x90A66948]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwMapViewOfSection [0x90A81860]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwNotifyChangeKey [0x90A7E722]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwOpenEvent [0x90A66410]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwOpenMutant [0x90A662F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwOpenProcess [0x90A655CC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwOpenSection [0x90A66C98]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwOpenSemaphore [0x90A66528]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwOpenThread [0x90A654C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwPlugPlayControl [0x90A81850]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwQueryDirectoryObject [0x90A66664]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwQueryObject [0x90A7E91A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwQuerySection [0x90A671DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwQueueApcThread [0x90A66AE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwReplyPort [0x90A806E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwReplyWaitReceivePort [0x90A80632]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwRequestWaitReplyPort [0x90A80750]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwResumeThread [0x90A676FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwSecureConnectPort [0x90A800BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwSetContextThread [0x90A65CAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwSetInformationToken [0x90A66702]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwSetSystemInformation [0x90A6732A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwSuspendProcess [0x90A6741E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwSuspendThread [0x90A67558]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwSystemDebugControl [0x90A66778]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwTerminateProcess [0x90A6576C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwTerminateThread [0x90A656C2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwUnmapViewOfSection [0x90A67092]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                               ZwWriteVirtualMemory [0x90A65858]
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \Driver\tdx \Device\Tcp                                                                             kl1.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                             kl1.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                           kl1.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                            fltmgr.sys
 
---- Registry - GMER 2.1 ----
 
Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{52EEFEF9-68CF-4386-AA5C-46C09BC8B33B}  
Reg             HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount                       0
Reg             HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                         C:\Users\Joanne\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_x86_7df3319dea8aedc07e6c9f44bbe16fe132843_1578d538
 
---- EOF - GMER 2.1 ----
 
DDS:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by Joanne at 13:33:04 on 2013-10-13
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.2111 [GMT 8:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {d2f11d8b-3eb5-4b42-9511-370dbec707fb} - <orphaned>
uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>
uURLSearchHooks: {f999a48b-1950-4d81-9971-79018f807b4b} - <orphaned>
uURLSearchHooks: {b81767e1-672d-4da1-b5cc-d277185815a6} - <orphaned>
uURLSearchHooks: {3bbd3c14-4c16-4989-8366-95bc9179779d} - <orphaned>
uURLSearchHooks: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - <orphaned>
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
uRun: [PasswordManager] c:\program files\kaspersky lab\kaspersky pure\kaspersky password manager\module retargetable folder\stpass.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [steam] "c:\program files\steam\Steam.exe" -silent
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1E41E990-CC5E-4BFA-A408-125F66BA1FCB} : DHCPNameServer = 211.29.93.7 198.142.0.51
TCP: Interfaces\{4197BFC4-C0FC-4D28-AD8A-F39370323B74} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-10 34592]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 206448]
R2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.1.0\ToolbarUpdater.exe [2013-5-10 1008816]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2010-5-5 25616]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2013-5-16 20664]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-10-12 10:06:30 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bc13ba7d-dc77-43f8-9576-b726ab2f4c9e}\mpengine.dll
2013-10-11 00:12:45 -------- d-----w- C:\FRST
2013-10-10 23:35:52 -------- d-----w- c:\windows\Microsoft Antimalware
2013-10-09 05:08:13 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-10-09 05:08:06 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-09 05:08:06 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-09 05:08:06 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-09 05:08:05 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-09 05:08:04 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-01 02:15:57 -------- d-----w- c:\users\joanne\appdata\local\{1F477A0F-C26D-4ABD-AA6D-B47DF8CF0BC9}
2013-09-26 18:00:39 208760 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-09-24 09:30:33 -------- d-----w- C:\AdwCleaner
2013-09-22 07:07:00 -------- d-----w- c:\program files\Origin Games
.
==================== Find3M  ====================
.
2013-10-09 06:10:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 06:10:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-31 05:24:18 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-08-10 03:59:10 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-10 03:07:50 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-10 02:17:19 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-08-06 20:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41:01 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 13:35:19.50 ===============
 

 

attach.txt

Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender


    [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.