Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow, Malwarebyte shows no malicious items [Solved]


  • This topic is locked This topic is locked

#61
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Oh, okay then let's see if we can use that:

Put the disc in the disc drive, and then start the computer.

Press a key when you are prompted.

Select a language, a time, a currency, a keyboard or an input method, and then click Next.

At the System Recovery Options menu choose ‘Command Prompt’

At the command prompt type in the command:

bootrec /fixmbr


Note the gap between c and / it's meant to be there.

Press Enter to replace the MBR and then restart your computer.

Note: If your computer fails to boot from the disk you may have to change the boot order in your machines BIOS. If you need help with that let me know. Alternatively it may just be the wrong disk and we will move to another action suggested by one of my colleagues. :)
  • 0

Advertisements


#62
heathermb769

heathermb769

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
I'm in the process of backing up to DVD's - so if the nasties are copied, they won't infect my other backups. I'll try with the recovery disk 1 tomorrow morning (my time) if I have a chance -or after work, and will let you know. :-)
  • 0

#63
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Okay.

If your disk is not the right one then try this:

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

  • 0

#64
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again heathermb769,

Further to my last post and after consultation with a far greater mind than mine I have learned that we a dealing with an infection that needs a different approach.

The instructions I have given you won't work.

We will still need a system repair disk though so go ahead with the instruction in the last post to create that.

Then:

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.

Post post the log (Result.txt) in your next reply.
  • 0

#65
heathermb769

heathermb769

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Well... I tried my recovery disk and it came up asking me if I was ready to replace the image. I canceled out.

I tried to create a repair disk per above instructions. It started up, then a pop-up box "Microsoft Windows Repair Disc has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

I have two options, Debug and Close program. Have tried both, and then tried to re-run - no luck.
  • 0

#66
heathermb769

heathermb769

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Note.... I was able to create a Recovery Disc for Windows 64 bit on my daughter's computer. Can I use that? She has a Gateway...
  • 0

#67
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Note.... I was able to create a Recovery Disc for Windows 64 bit on my daughter's computer. Can I use that?


Yes that should work.

Now that you have that and before we use the ListParts one lets see if we can use Farbars Recovery Scan Tool. The one we tried at post #18 earlier.

Here are the instructions again:

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
  • 0

#68
heathermb769

heathermb769

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Amazing! I could follow the steps!!

Here's the log. I'm on DD's computer - mine is still in the repair mode. Let me know if I should be rebooting...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2012
Ran by SYSTEM at 12-09-2012 19:03:08
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL [59248 2011-05-26] (Microsoft Corporation)
HKLM\...\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-24] (ECAREME)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL [32112 2011-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [98304 2009-04-01] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8493624 2009-07-07] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Heather Laptop\...\Run: [Calendarscope] "C:\Program Files (x86)\Calendarscope\csde.exe" [x]
HKU\Heather Laptop\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2012-01-22] (TomTom)
HKU\Heather Laptop\...\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\Heather Laptop\...\Run: [SODCPreLoad] C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe C:\Users\Heather Laptop\IBM\Lotus\Symphony\.sodc\ [40960 2010-09-12] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\Heather Laptop\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services ====================

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 OberonGameConsoleService; "C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe" [44312 2009-09-14] ()
2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2012-01-22] (TomTom)

==================== Drivers =================================

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1799680 2009-05-20] ()
3 ss_bus; C:\Windows\System32\Drivers\ss_bus.sys [127488 2010-04-26] (MCCI Corporation)
3 ss_mdfl; C:\Windows\System32\Drivers\ss_mdfl.sys [18944 2010-04-26] (MCCI Corporation)
3 ss_mdm; C:\Windows\System32\Drivers\ss_mdm.sys [161280 2010-04-26] (MCCI Corporation)
3 tmlwf; [x]
3 tmwfp; [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-11 20:48 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-11 20:48 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-11 20:48 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-11 20:48 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-11 20:48 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-11 20:48 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-11 20:48 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-11 17:32 - 2012-09-11 17:33 - 00016393 ____A C:\Users\Heather Laptop\Desktop\MBRCheck_09.11.12_21.32.01.txt
2012-09-11 17:11 - 2012-09-11 17:12 - 04731392 ____A (AVAST Software) C:\Users\Heather Laptop\Downloads\aswMBR (1).exe
2012-09-11 13:51 - 2012-09-12 01:17 - 00002356 ____A C:\Users\Heather Laptop\Desktop\Rkill.txt
2012-09-11 13:51 - 2012-09-11 13:51 - 00000000 ____D C:\Users\Heather Laptop\Desktop\rkill
2012-09-11 13:50 - 2012-09-11 13:51 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\Heather Laptop\Downloads\rkill.com
2012-09-11 01:27 - 2012-09-11 01:27 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Heather Laptop\Desktop\tdsskiller.exe
2012-09-11 01:24 - 2012-09-11 01:24 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Heather Laptop\Downloads\tdsskiller.exe
2012-09-10 19:06 - 2012-09-10 19:06 - 00000512 ____A C:\mbrdump.dmp
2012-09-10 19:05 - 2012-09-10 19:06 - 00014293 ____A C:\Users\Heather Laptop\Desktop\MBRCheck_09.10.12_23.05.37.txt
2012-09-10 18:40 - 2012-09-10 18:40 - 00080384 ____A C:\Users\Heather Laptop\Desktop\MBRCheck.exe
2012-09-10 18:40 - 2012-09-10 18:40 - 00014174 ____A C:\Users\Heather Laptop\Desktop\MBRCheck_09.10.12_22.40.22.txt
2012-09-10 18:29 - 2012-09-10 18:30 - 04731392 ____A (AVAST Software) C:\Users\Heather Laptop\Desktop\aswMBR.exe
2012-09-10 18:27 - 2012-09-10 18:27 - 04731392 ____A (AVAST Software) C:\Users\Heather Laptop\Downloads\aswMBR.exe
2012-09-09 19:16 - 2012-09-09 19:16 - 00000000 ____D C:\Users\Heather Laptop\Documents\My Weblog Posts
2012-09-09 19:16 - 2012-09-09 19:16 - 00000000 ____D C:\Users\Heather Laptop\AppData\Roaming\Windows Live Writer
2012-09-09 19:16 - 2012-09-09 19:16 - 00000000 ____D C:\Users\Heather Laptop\AppData\Local\Windows Live Writer
2012-09-09 13:30 - 2012-09-09 13:30 - 00015853 ____A C:\ComboFix.txt
2012-09-09 12:18 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-09 12:18 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-09 12:18 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-09 12:18 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-09 12:18 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-09 12:18 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-09 12:18 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-09 12:18 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-09 12:17 - 2012-09-10 17:31 - 00000000 ___SD C:\ComboFix
2012-09-09 12:00 - 2012-09-09 13:30 - 00000000 ___AD C:\Qoobox
2012-09-09 12:00 - 2012-09-09 12:01 - 04747716 ____R (Swearware) C:\Users\Heather Laptop\Desktop\ComboFix.exe
2012-09-09 11:59 - 2012-09-09 11:59 - 00000000 ____D C:\Windows\erdnt
2012-09-09 11:56 - 2012-09-09 11:56 - 04747716 ____R (Swearware) C:\Users\Heather Laptop\Downloads\ComboFix.exe
2012-09-09 11:42 - 2012-09-09 11:42 - 00001298 ____A C:\Users\Heather Laptop\Desktop\RKreport[3].txt
2012-09-09 11:39 - 2012-09-09 11:39 - 00004526 ____A C:\Users\Heather Laptop\Desktop\RKreport[2].txt
2012-09-09 11:37 - 2012-09-09 11:37 - 00004839 ____A C:\Users\Heather Laptop\Desktop\RKreport[1].txt
2012-09-09 11:35 - 2012-09-09 11:38 - 00000000 ____D C:\Users\Heather Laptop\Desktop\RK_Quarantine
2012-09-09 11:35 - 2012-09-09 11:35 - 01378816 ____A C:\Users\Heather Laptop\Desktop\RogueKiller.exe
2012-09-09 06:58 - 2012-09-09 06:58 - 00001927 ____A C:\Users\Heather Laptop\Downloads\FSS 9-9-12.txt
2012-09-09 06:55 - 2012-09-09 06:56 - 00001927 ____A C:\Users\Heather Laptop\Desktop\FSS.txt
2012-09-09 06:55 - 2012-09-09 06:55 - 00693235 ____A (Farbar) C:\Users\Heather Laptop\Downloads\FSS.exe
2012-09-08 16:16 - 2012-09-09 03:32 - 00000112 ____A C:\Users\All Users\5O3w536v.dat
2012-09-08 16:16 - 2012-09-08 16:16 - 00000001 ____A C:\Users\All Users\yDS0gG50.exe_.b
2012-09-08 16:16 - 2012-09-08 16:16 - 00000001 ____A C:\Users\All Users\yDS0gG50.exe.b
2012-09-08 16:16 - 2012-09-08 16:15 - 00110592 ____A C:\Users\All Users\yDS0gG50.exe
2012-09-08 14:48 - 2012-09-08 16:05 - 00105664 ____A C:\Users\Heather Laptop\Downloads\Extras.Txt
2012-09-08 14:45 - 2012-09-08 14:45 - 00087386 ____A C:\Users\Heather Laptop\Downloads\OTL.Txt
2012-09-08 14:33 - 2012-09-08 14:34 - 00599552 ____A (OldTimer Tools) C:\Users\Heather Laptop\Downloads\OTL.exe
2012-08-15 18:39 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 18:39 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 18:39 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 18:39 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 18:39 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 18:39 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 18:39 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 18:39 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 18:39 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 18:39 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 18:39 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 18:39 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 18:39 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 18:39 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 18:39 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 18:39 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 18:39 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-15 18:39 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 18:39 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 18:39 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-15 18:39 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 18:39 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 18:39 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 18:39 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-15 18:39 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 18:39 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 18:39 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 18:39 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 02:12 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 02:12 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 02:11 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 02:11 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 02:11 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 02:11 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 02:11 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 02:11 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 02:11 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 02:11 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 02:11 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 02:11 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 02:11 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll


==================== 3 Months Modified Files ================================

2012-09-12 14:55 - 2009-11-11 04:05 - 01687453 ____A C:\Windows\WindowsUpdate.log
2012-09-12 14:55 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-12 14:55 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-12 14:54 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-12 14:51 - 2010-07-31 08:00 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-12 14:48 - 2010-07-31 08:00 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-12 14:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-12 14:47 - 2009-07-13 20:51 - 00150978 ____A C:\Windows\setupact.log
2012-09-12 03:41 - 2012-04-02 02:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-12 01:39 - 2009-11-11 04:46 - 00097834 ____A C:\Windows\PFRO.log
2012-09-12 01:17 - 2012-09-11 13:51 - 00002356 ____A C:\Users\Heather Laptop\Desktop\Rkill.txt
2012-09-11 23:00 - 2010-06-26 13:23 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-11 17:33 - 2012-09-11 17:32 - 00016393 ____A C:\Users\Heather Laptop\Desktop\MBRCheck_09.11.12_21.32.01.txt
2012-09-11 17:12 - 2012-09-11 17:11 - 04731392 ____A (AVAST Software) C:\Users\Heather Laptop\Downloads\aswMBR (1).exe
2012-09-11 13:51 - 2012-09-11 13:50 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\Heather Laptop\Downloads\rkill.com
2012-09-11 01:27 - 2012-09-11 01:27 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Heather Laptop\Desktop\tdsskiller.exe
2012-09-11 01:24 - 2012-09-11 01:24 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Heather Laptop\Downloads\tdsskiller.exe
2012-09-10 19:06 - 2012-09-10 19:06 - 00000512 ____A C:\mbrdump.dmp
2012-09-10 19:06 - 2012-09-10 19:05 - 00014293 ____A C:\Users\Heather Laptop\Desktop\MBRCheck_09.10.12_23.05.37.txt
2012-09-10 18:40 - 2012-09-10 18:40 - 00080384 ____A C:\Users\Heather Laptop\Desktop\MBRCheck.exe
2012-09-10 18:40 - 2012-09-10 18:40 - 00014174 ____A C:\Users\Heather Laptop\Desktop\MBRCheck_09.10.12_22.40.22.txt
2012-09-10 18:30 - 2012-09-10 18:29 - 04731392 ____A (AVAST Software) C:\Users\Heather Laptop\Desktop\aswMBR.exe
2012-09-10 18:27 - 2012-09-10 18:27 - 04731392 ____A (AVAST Software) C:\Users\Heather Laptop\Downloads\aswMBR.exe
2012-09-09 13:30 - 2012-09-09 13:30 - 00015853 ____A C:\ComboFix.txt
2012-09-09 12:01 - 2012-09-09 12:00 - 04747716 ____R (Swearware) C:\Users\Heather Laptop\Desktop\ComboFix.exe
2012-09-09 11:58 - 2009-07-13 18:34 - 00000508 ____A C:\Windows\win.ini
2012-09-09 11:56 - 2012-09-09 11:56 - 04747716 ____R (Swearware) C:\Users\Heather Laptop\Downloads\ComboFix.exe
2012-09-09 11:42 - 2012-09-09 11:42 - 00001298 ____A C:\Users\Heather Laptop\Desktop\RKreport[3].txt
2012-09-09 11:39 - 2012-09-09 11:39 - 00004526 ____A C:\Users\Heather Laptop\Desktop\RKreport[2].txt
2012-09-09 11:37 - 2012-09-09 11:37 - 00004839 ____A C:\Users\Heather Laptop\Desktop\RKreport[1].txt
2012-09-09 11:35 - 2012-09-09 11:35 - 01378816 ____A C:\Users\Heather Laptop\Desktop\RogueKiller.exe
2012-09-09 06:58 - 2012-09-09 06:58 - 00001927 ____A C:\Users\Heather Laptop\Downloads\FSS 9-9-12.txt
2012-09-09 06:56 - 2012-09-09 06:55 - 00001927 ____A C:\Users\Heather Laptop\Desktop\FSS.txt
2012-09-09 06:55 - 2012-09-09 06:55 - 00693235 ____A (Farbar) C:\Users\Heather Laptop\Downloads\FSS.exe
2012-09-09 03:32 - 2012-09-08 16:16 - 00000112 ____A C:\Users\All Users\5O3w536v.dat
2012-09-08 16:16 - 2012-09-08 16:16 - 00000001 ____A C:\Users\All Users\yDS0gG50.exe_.b
2012-09-08 16:16 - 2012-09-08 16:16 - 00000001 ____A C:\Users\All Users\yDS0gG50.exe.b
2012-09-08 16:15 - 2012-09-08 16:16 - 00110592 ____A C:\Users\All Users\yDS0gG50.exe
2012-09-08 16:05 - 2012-09-08 14:48 - 00105664 ____A C:\Users\Heather Laptop\Downloads\Extras.Txt
2012-09-08 14:45 - 2012-09-08 14:45 - 00087386 ____A C:\Users\Heather Laptop\Downloads\OTL.Txt
2012-09-08 14:34 - 2012-09-08 14:33 - 00599552 ____A (OldTimer Tools) C:\Users\Heather Laptop\Downloads\OTL.exe
2012-09-03 11:53 - 2010-07-31 08:05 - 00002338 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-22 10:12 - 2012-09-11 20:48 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-11 20:48 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-11 20:48 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-11 20:48 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-19 16:41 - 2009-11-11 04:30 - 00002059 ____A C:\Windows\System32\AutoRunFilter.ini
2012-08-16 02:48 - 2009-07-13 20:45 - 00380056 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-11 05:17 - 2012-03-04 03:33 - 00001107 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-05 05:08 - 2012-08-05 05:08 - 00883568 ____A C:\Windows\Minidump\080512-57548-01.dmp
2012-08-02 09:58 - 2012-09-11 20:48 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-11 20:48 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-29 10:02 - 2012-07-29 10:02 - 00011480 ____A C:\Users\Heather Laptop\Downloads\i won't give up.odt
2012-07-18 17:50 - 2012-07-18 17:50 - 00009391 ____A C:\Users\Heather Laptop\Downloads\Cancel services.odt
2012-07-18 10:15 - 2012-08-15 02:11 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 12:34 - 2012-07-17 12:33 - 06706826 ____A C:\Users\Heather Laptop\Downloads\the_dreaded_stairs.wmv
2012-07-16 17:00 - 2009-07-13 21:08 - 00032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-14 05:57 - 2012-07-14 05:57 - 00878240 ____A C:\Windows\Minidump\071412-20046-01.dmp
2012-07-12 09:17 - 2012-07-12 09:17 - 00068494 ____A C:\Users\Heather Laptop\Downloads\driving danielle.odt
2012-07-10 09:49 - 2012-07-10 09:49 - 00015360 ____A C:\Users\Heather Laptop\Downloads\Maria's_theatre_1995_on (2).wps
2012-07-10 09:48 - 2012-07-10 09:48 - 00015360 ____A C:\Users\Heather Laptop\Downloads\Maria's_theatre_1995_on (1).wps
2012-07-10 09:36 - 2012-07-10 09:36 - 00015360 ____A C:\Users\Heather Laptop\Downloads\Maria's_theatre_1995_on.wps
2012-07-08 13:03 - 2012-07-08 13:03 - 02278957 ____A C:\Users\Heather Laptop\Documents\Goldfish_Funeral.wmv
2012-07-04 14:16 - 2012-08-15 02:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 02:11 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 02:11 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 02:11 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 02:11 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-11 20:48 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-06-28 20:55 - 2012-08-15 18:39 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 18:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 18:39 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 18:39 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 18:39 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 18:39 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 18:39 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 18:39 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 18:39 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 18:39 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 18:39 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 18:39 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 18:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 18:39 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 18:39 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 18:39 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 18:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 18:39 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 18:39 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 18:39 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 18:39 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 18:39 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 18:39 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 18:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 18:39 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 18:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 18:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 18:39 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-18 02:04 - 2012-06-18 02:04 - 00019905 ____A C:\Users\Heather Laptop\Documents\basketballgirls5-6(2).htm


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-11 17:53:50
Restore point made on: 2012-09-11 23:00:32

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4061.05 MB
Available physical RAM: 3363.96 MB
Total Pagefile: 4059.25 MB
Available Pagefile: 3361.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:12.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:208.91 GB) (Free:178.98 GB) NTFS
3 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:0.48 GB) (Free:0.29 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 15 MB
Disk 1 Online 489 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB
Partition 2 Primary 74 GB 14 GB
Partition 0 Extended 208 GB 89 GB
Partition 3 Logical 208 GB 89 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 74 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 208 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 488 MB Healthy

==================================================================================

Last Boot: 2012-09-06 03:25

==================== End Of Log =============================
  • 0

#69
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello heathermb769,

We need to have a look at that MBR dump file.

C:\mbrdump.dmp

Please upload the file here using the Attach This File button in the reply panel.
  • 0

#70
heathermb769

heathermb769

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
(Sorry if this is stupid question) how do I find that file?

Do I reboot my laptop now,or leave it in repair mode?

Thanks!

Edited by heathermb769, 12 September 2012 - 06:43 PM.

  • 0

Advertisements


#71
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Reboot to normal mode and reply to this thread. Click in the panel under Attachments. You will see that below the answer window when replying. Enter the file path C:\mbrdump.dmp and click the Attach This File button. :)
  • 0

#72
heathermb769

heathermb769

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
C:\mbrdump.dmp
  • 0

#73
heathermb769

heathermb769

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
I received the error message that "You aren't permitted to upload this kind of file"

I must be the problem child of the year....

So, now what?
  • 0

#74
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Try Zipping the file before uploading:

How To Zip a file or folder:

  • Select the file or folder you want to compress
  • Right click and choose Send to
  • Slide Right and choose Compressed (zipped) folder
  • Allow the file or folder to compress
  • You should now see an icon with the same name plus a Zip (it may even have a zipper on the folder)
  • This is the compressed file that you may upload here

  • 0

#75
heathermb769

heathermb769

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Ok. Let's try that ;-) Shazaam! That worked too!

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP