Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SMART Virus + others, Ran Hitman 3, now wont boot (frst log included)


  • Please log in to reply

#1
bobbobobbo

bobbobobbo

    New Member

  • Member
  • Pip
  • 3 posts
Started with the S.M.A.R.T virus. Making me think my hard drive was failing, etc etc. Finally found it and removed it. Yet now my computer was running slow and the internet was crawling. Many pages were being redirected as well. Ran malwarebytes, ad-aware, avast, no solution. Ran hitman pro, found plenty of infections, went to reboot, now stuck in a reboot loop. BSOD. No simple cure.

Windows 7 x64 Operating system

I have read the many similar threads, I understand the process involved here.

I have successfully ran FRST64.exe and a log has been reported. Attached below.

Thank you!!!

Attached Files

  • Attached File  FRST.txt   22.59KB   210 downloads

Edited by bobbobobbo, 18 July 2012 - 12:35 AM.

  • 0

Advertisements


#2
bobbobobbo

bobbobobbo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I apologize perhaps I should have pasted the log

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 18-07-2012 02:25:33
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-23] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2010-03-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2010-03-14] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2010-03-14] (Intel Corporation)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-06-28] (AVAST Software)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\Bobby\Start Menu\Programs\Startup\RocketDock.lnk
ShortcutTarget: RocketDock.lnk -> C:\Program Files (x86)\RocketDock\RocketDock.exe ()

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-06-28] (AVAST Software)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [325200 2010-03-03] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [865824 2010-02-05] (Acer Incorporated)
3 GameConsoleService; "C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe" [238328 2009-10-09] (WildTangent, Inc.)
2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-28] (Lavasoft Limited)
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-06-28] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-06-28] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-06-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958912 2012-06-28] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-06-28] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-06-28] (AVAST Software)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2012-01-16] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
3 prwntdrv; \??\C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athwx.sys [2156968 2011-01-06] (TamoSoft)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-10 22:07 - 2012-07-13 15:26 - 00000000 ____D C:\Windows\Cursors
2012-07-10 18:45 - 2012-07-10 22:18 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-10 18:44 - 2012-07-10 18:46 - 00135673 ____A C:\Users\Bobby\Downloads\HitmanPro36.exe.part
2012-07-08 10:21 - 2012-07-08 10:36 - 00000000 ____D C:\Users\Bobby\Desktop\dad stuff
2012-07-07 22:00 - 2012-07-08 09:10 - 00000258 ____A C:\Windows\setupact.log
2012-07-07 22:00 - 2012-07-07 22:00 - 00000000 ____A C:\Windows\setuperr.log
2012-07-07 20:57 - 2012-07-07 20:58 - 00078844 ____A C:\Users\Bobby\Documents\cc_20120707_235757.reg
2012-07-07 20:55 - 2012-07-07 20:56 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2012-07-07 20:55 - 2012-07-07 20:55 - 00000717 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-07 20:54 - 2012-07-07 20:54 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Bobby\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-07 20:51 - 2012-07-10 16:49 - 00010033 ____A C:\Users\Bobby\Desktop\Book1.xlsx
2012-07-06 09:49 - 2012-07-08 07:57 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-07-04 21:26 - 2012-07-04 21:32 - 00000000 ____D C:\Users\Bobby\Downloads\500.Days.Of.Summer.BDRip.XviD-ARiGOLD
2012-07-04 09:58 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-04 09:58 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-04 09:58 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-04 09:58 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-04 09:58 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-04 09:58 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-04 09:58 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-04 09:58 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-04 09:57 - 2012-07-04 16:27 - 00000000 ___SD C:\ComboFix
2012-07-04 09:53 - 2012-07-04 09:57 - 00000000 ____D C:\Qoobox
2012-07-04 06:37 - 2012-07-04 11:40 - 00000000 ____D C:\Windows\erdnt
2012-07-03 21:54 - 2012-06-28 04:52 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 21:54 - 2012-06-28 04:52 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 21:53 - 2012-07-03 21:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-03 21:53 - 2012-06-28 04:52 - 00958912 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 21:53 - 2012-06-28 04:52 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 21:53 - 2012-06-28 04:52 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 21:53 - 2012-06-28 04:52 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 21:53 - 2012-06-28 04:51 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 21:52 - 2012-07-03 21:52 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-07-03 21:52 - 2012-07-03 21:52 - 00000000 ____D C:\Program Files\AVAST Software
2012-07-03 21:52 - 2012-06-28 04:52 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-03 21:52 - 2012-06-28 04:51 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-06-29 02:33 - 2012-06-29 02:34 - 00000092 ____A C:\Users\Bobby\Desktop\realitysnap.txt
2012-06-28 23:06 - 2012-06-28 23:16 - 00000000 ____D C:\Users\Bobby\Downloads\Being.Flynn.2012.LiMiTED.DVDRip.XviD-DEPRiVED
2012-06-28 23:06 - 2012-06-28 23:12 - 00000000 ____D C:\Users\Bobby\Downloads\God.Bless.America.2011.LIMITED.DVDRip.XviD-AMIABLE
2012-06-28 22:38 - 2012-06-28 22:39 - 00000116 ____A C:\Users\Bobby\Desktop\bike.txt
2012-06-27 15:14 - 2012-07-10 17:26 - 00000319 ____A C:\Users\Bobby\Desktop\eating plan.txt
2012-06-26 22:19 - 2012-06-26 22:19 - 00000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2012-06-25 00:19 - 2012-06-25 00:19 - 00000000 ____D C:\Users\Bobby\Downloads\CamStudioCodec-1.4-w32
2012-06-25 00:19 - 2010-10-23 21:56 - 00049664 ____A (CamStudio Group) C:\Windows\System32\CamCodec.dll
2012-06-25 00:18 - 2012-06-25 00:18 - 04472121 ____A (CamStudio Open Source Dev Team ) C:\Users\Bobby\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe
2012-06-25 00:18 - 2012-06-25 00:18 - 00034510 ____A C:\Users\Bobby\Downloads\CamStudioCodec-1.4-w32.zip
2012-06-25 00:17 - 2012-06-25 00:17 - 20786971 ____A (Audacity Team ) C:\Users\Bobby\Downloads\audacity-win-2.0.exe
2012-06-21 22:28 - 2012-06-21 22:28 - 00003690 ____A C:\Users\Bobby\.jmf-resource
2012-06-21 22:25 - 2012-06-21 22:25 - 00000000 ____D C:\Users\Bobby\Downloads\krut_full_windows_0_9_3
2012-06-21 22:24 - 2012-06-21 22:24 - 00000000 ____D C:\Windows\SysWOW64\CSIDL_PERSONAL
2012-06-21 22:23 - 2012-06-21 22:25 - 00000000 ____D C:\Users\Bobby\AppData\Local\uTIPu
2012-06-21 22:22 - 2012-06-21 22:41 - 00000000 ____D C:\Program Files (x86)\uTIPu
2012-06-21 22:18 - 2012-06-21 22:18 - 04994545 ____A C:\Users\Bobby\Downloads\krut_full_windows_0_9_3.zip
2012-06-21 22:17 - 2012-06-21 22:46 - 00000000 ____D C:\Program Files (x86)\UltraVNC Addons
2012-06-21 22:01 - 2012-06-25 00:19 - 00000000 ____D C:\Program Files (x86)\CamStudio 2.6b
2012-06-21 08:13 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 08:13 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 08:13 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 08:13 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 08:13 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 08:13 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 08:13 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 08:12 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 08:12 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 19:55 - 2012-06-20 19:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2012-06-19 15:06 - 2012-06-19 15:06 - 00000000 ____D C:\Users\Bobby\AppData\Roaming\Thunderbird
2012-06-19 15:06 - 2012-06-19 15:06 - 00000000 ____D C:\Users\Bobby\AppData\Local\Thunderbird
2012-06-19 15:04 - 2012-06-19 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-06-18 20:08 - 2012-06-21 22:46 - 00000000 ____D C:\Users\Bobby\Downloads\The Vow 2012 R5 LiNE XViD - INSPiRAL
2012-06-18 20:08 - 2012-06-18 20:09 - 733956096 ____A C:\Users\Bobby\Downloads\25th Hour (2002).avi
2012-06-18 15:48 - 2012-06-18 15:49 - 18506296 ____A (Mozilla) C:\Users\Test\Downloads\Thunderbird Setup 13.0.1.exe
2012-06-18 15:41 - 2012-06-18 15:41 - 00007864 ____A C:\Users\Test\Desktop\Book1.xlsx
2012-06-18 14:19 - 2012-06-18 14:19 - 00115936 ____A C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-18 14:19 - 2012-06-18 14:19 - 00000000 ____D C:\Users\Test\AppData\Roaming\Mozilla
2012-06-18 14:19 - 2012-06-18 14:19 - 00000000 ____D C:\Users\Test\AppData\Roaming\Intel Corporation
2012-06-18 14:19 - 2012-06-18 14:19 - 00000000 ____D C:\Users\Test\AppData\Local\Mozilla
2012-06-18 14:18 - 2012-06-27 00:19 - 00000000 ____D C:\Users\Test\AppData\Roaming\ExpressFiles
2012-06-18 14:18 - 2012-06-18 14:18 - 00000000 ____D C:\Users\Test\AppData\Roaming\Macromedia
2012-06-18 14:17 - 2012-07-13 15:26 - 00000000 ____D C:\users\Test
2012-06-18 14:17 - 2012-06-18 14:17 - 00000020 ___SH C:\Users\Test\ntuser.ini
2012-06-18 14:17 - 2010-08-26 00:03 - 00000000 ____D C:\Users\Test\AppData\Local\Microsoft Help
2012-06-18 13:57 - 2012-06-18 13:57 - 18506296 ____A (Mozilla) C:\Users\Bobby\Downloads\Thunderbird Setup 13.0.1.exe


============ 3 Months Modified Files ========================

2012-07-10 18:46 - 2012-07-10 18:44 - 00135673 ____A C:\Users\Bobby\Downloads\HitmanPro36.exe.part
2012-07-10 17:58 - 2012-02-20 19:15 - 00007388 ____A C:\aaw7boot.log
2012-07-10 17:26 - 2012-06-27 15:14 - 00000319 ____A C:\Users\Bobby\Desktop\eating plan.txt
2012-07-10 16:49 - 2012-07-07 20:51 - 00010033 ____A C:\Users\Bobby\Desktop\Book1.xlsx
2012-07-08 10:16 - 2010-08-21 03:42 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-08 09:17 - 2010-05-13 14:01 - 01403628 ____A C:\Windows\WindowsUpdate.log
2012-07-08 09:10 - 2012-07-07 22:00 - 00000258 ____A C:\Windows\setupact.log
2012-07-08 08:22 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-08 08:22 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-08 07:58 - 2010-08-21 03:42 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-08 07:57 - 2012-07-06 09:49 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-07-08 07:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-07 22:00 - 2012-07-07 22:00 - 00000000 ____A C:\Windows\setuperr.log
2012-07-07 20:58 - 2012-07-07 20:57 - 00078844 ____A C:\Users\Bobby\Documents\cc_20120707_235757.reg
2012-07-07 20:55 - 2012-07-07 20:55 - 00000717 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-07 20:54 - 2012-07-07 20:54 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Bobby\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-07 19:58 - 2009-07-13 21:13 - 00792118 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-04 22:16 - 2012-01-19 23:08 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-07-04 22:16 - 2012-01-19 23:08 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-07-03 21:53 - 2012-07-03 21:53 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-01 20:43 - 2012-06-14 00:06 - 00012047 ____A C:\Users\Bobby\Desktop\NOW.xlsx
2012-06-29 02:34 - 2012-06-29 02:33 - 00000092 ____A C:\Users\Bobby\Desktop\realitysnap.txt
2012-06-28 22:39 - 2012-06-28 22:38 - 00000116 ____A C:\Users\Bobby\Desktop\bike.txt
2012-06-28 04:52 - 2012-07-03 21:54 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-06-28 04:52 - 2012-07-03 21:54 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-28 04:52 - 2012-07-03 21:53 - 00958912 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-06-28 04:52 - 2012-07-03 21:53 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-06-28 04:52 - 2012-07-03 21:53 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-06-28 04:52 - 2012-07-03 21:53 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-06-28 04:52 - 2012-07-03 21:52 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-28 04:51 - 2012-07-03 21:53 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-28 04:51 - 2012-07-03 21:52 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-06-25 00:18 - 2012-06-25 00:18 - 04472121 ____A (CamStudio Open Source Dev Team ) C:\Users\Bobby\Downloads\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe
2012-06-25 00:18 - 2012-06-25 00:18 - 00034510 ____A C:\Users\Bobby\Downloads\CamStudioCodec-1.4-w32.zip
2012-06-25 00:17 - 2012-06-25 00:17 - 20786971 ____A (Audacity Team ) C:\Users\Bobby\Downloads\audacity-win-2.0.exe
2012-06-21 22:28 - 2012-06-21 22:28 - 00003690 ____A C:\Users\Bobby\.jmf-resource
2012-06-21 22:18 - 2012-06-21 22:18 - 04994545 ____A C:\Users\Bobby\Downloads\krut_full_windows_0_9_3.zip
2012-06-20 19:55 - 2012-06-20 19:55 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2012-06-18 20:09 - 2012-06-18 20:08 - 733956096 ____A C:\Users\Bobby\Downloads\25th Hour (2002).avi
2012-06-18 15:49 - 2012-06-18 15:48 - 18506296 ____A (Mozilla) C:\Users\Test\Downloads\Thunderbird Setup 13.0.1.exe
2012-06-18 15:41 - 2012-06-18 15:41 - 00007864 ____A C:\Users\Test\Desktop\Book1.xlsx
2012-06-18 14:19 - 2012-06-18 14:19 - 00115936 ____A C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-18 14:17 - 2012-06-18 14:17 - 00000020 ___SH C:\Users\Test\ntuser.ini
2012-06-18 13:57 - 2012-06-18 13:57 - 18506296 ____A (Mozilla) C:\Users\Bobby\Downloads\Thunderbird Setup 13.0.1.exe
2012-06-14 23:43 - 2012-06-14 23:19 - 1724041765 ____A C:\Users\Bobby\Downloads\Aziz Ansari - Dangerously Delicious.mov
2012-06-13 18:32 - 2009-07-13 20:45 - 00432056 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-06 22:29 - 2012-06-06 22:29 - 00011851 ____A C:\Users\Bobby\Documents\Copy of NOW.xlsx
2012-06-06 19:50 - 2011-03-22 23:17 - 00786334 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-06 19:29 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-06-06 17:24 - 2012-06-06 17:22 - 41623552 ____A C:\Users\Bobby\Downloads\PC recovery iso.iso
2012-06-02 14:19 - 2012-06-21 08:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 08:13 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 08:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 08:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 08:13 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 08:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 08:13 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 08:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-21 08:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-28 22:11 - 2012-01-17 13:55 - 00016432 ____A C:\Windows\System32\lsdelete.exe
2012-05-17 14:36 - 2012-06-06 17:17 - 02468520 ____A C:\Windows\SysWOW64\BootMan.exe
2012-05-15 08:13 - 2012-06-06 17:17 - 03316736 ____A C:\Windows\System32\BootMan.exe
2012-04-26 17:03 - 2010-08-30 20:11 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe


ZeroAccess:
C:\Users\Bobby\AppData\Local\11e30dbc
C:\Users\Bobby\AppData\Local\11e30dbc\@
C:\Users\Bobby\AppData\Local\11e30dbc\loader.tlb

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 30%
Total physical RAM: 1977.98 MB
Available physical RAM: 1374.48 MB
Total Pagefile: 1977.98 MB
Available Pagefile: 1363.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (eMachines) (Fixed) (Total:136.94 GB) (Free:18.78 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:0.57 GB) NTFS
4 Drive g: (ADATA UFD) (Removable) (Total:7.52 GB) (Free:7.17 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 8 MB
Disk 1 Online 7718 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 31 KB
Partition 2 Primary 101 MB 12 GB
Partition 3 Primary 136 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 101 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C eMachines NTFS Partition 136 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7717 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G ADATA UFD FAT32 Removable 7717 MB Healthy

==================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-07-07 21:27

======================= End Of Log ==========================
  • 0

#3
bobbobobbo

bobbobobbo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Solved.


The fix:

start
TDL4: custom:26000022 <===== ATTENTION!
end

Solved my boot issue. I am now able to boot into windows.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP