Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Windows startup repair loop

2K views 5 replies 2 participants last post by  kevinf80 
#1 ·
Hello my friends pc is suck on windows repair here is the log.

Ran by SYSTEM at 18-10-2012 22:11:39
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3178064 2010-01-05] (Dell Inc.)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-12-15] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe" [x]
HKU\ybull27\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\ybull27\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [x]
HKU\ybull27\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\ybull27\...\RunOnce: [JavaInstallRetry] "C:\Users\ybull27\AppData\LocalLow\Sun\Java\JRERunOnce.exe" RUNONCE=1 SPONSORS=0 [912880 2012-10-17] (Sun Microsystems, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-12-22] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\ybull27\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 WDFME; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" [1858048 2010-05-10] ()
2 WDSC; "C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe" [483328 2010-05-10] ()

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 mfeavfk01; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-10-18 22:11 - 2012-10-18 22:11 - 00000000 ___DC C:\FRST
2012-10-18 21:48 - 2012-10-18 21:48 - 00000000 ___DC C:\Windows\System32\config\mybackup
2012-10-17 21:55 - 2012-10-17 21:55 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{62B918DB-B76D-48E8-978D-92A6A37E9FEC}
2012-10-17 21:55 - 2012-10-17 21:55 - 00000000 ___DC C:\Users\ybull27\Local Settings\{62B918DB-B76D-48E8-978D-92A6A37E9FEC}
2012-10-17 21:55 - 2012-10-17 21:55 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{62B918DB-B76D-48E8-978D-92A6A37E9FEC}
2012-10-17 01:16 - 2012-10-17 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{5859510B-5933-48B5-AFB5-BDFE97569963}
2012-10-17 01:16 - 2012-10-17 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{5859510B-5933-48B5-AFB5-BDFE97569963}
2012-10-17 01:16 - 2012-10-17 01:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{5859510B-5933-48B5-AFB5-BDFE97569963}
2012-10-16 13:16 - 2012-10-16 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{C3048A32-3B62-47DB-8E8A-B24842DF48DA}
2012-10-16 13:16 - 2012-10-16 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{C3048A32-3B62-47DB-8E8A-B24842DF48DA}
2012-10-16 13:16 - 2012-10-16 13:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{C3048A32-3B62-47DB-8E8A-B24842DF48DA}
2012-10-16 01:15 - 2012-10-16 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{1A288438-3098-4F36-8457-3FFABEE79CE3}
2012-10-16 01:15 - 2012-10-16 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{1A288438-3098-4F36-8457-3FFABEE79CE3}
2012-10-16 01:15 - 2012-10-16 01:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{1A288438-3098-4F36-8457-3FFABEE79CE3}
2012-10-15 13:15 - 2012-10-15 13:15 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{4DC52F80-9B7C-420C-99B5-67AEA57653A1}
2012-10-15 13:15 - 2012-10-15 13:15 - 00000000 ___DC C:\Users\ybull27\Local Settings\{4DC52F80-9B7C-420C-99B5-67AEA57653A1}
2012-10-15 13:15 - 2012-10-15 13:15 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{4DC52F80-9B7C-420C-99B5-67AEA57653A1}
2012-10-14 13:16 - 2012-10-14 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{6E96F86F-FBD9-4B0A-B98F-5D28E61438BB}
2012-10-14 13:16 - 2012-10-14 13:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{6E96F86F-FBD9-4B0A-B98F-5D28E61438BB}
2012-10-14 13:16 - 2012-10-14 13:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{6E96F86F-FBD9-4B0A-B98F-5D28E61438BB}
2012-10-13 22:42 - 2012-10-13 22:42 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{C0F6B361-0872-4018-8B7D-3AFEA8EB7C63}
2012-10-13 22:42 - 2012-10-13 22:42 - 00000000 ___DC C:\Users\ybull27\Local Settings\{C0F6B361-0872-4018-8B7D-3AFEA8EB7C63}
2012-10-13 22:42 - 2012-10-13 22:42 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{C0F6B361-0872-4018-8B7D-3AFEA8EB7C63}
2012-10-13 18:30 - 2012-10-13 18:30 - 00000000 ___DC C:\Windows\LastGood
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\Public\Desktop\iTunes.lnk
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\All Users\Desktop\iTunes.lnk
2012-10-13 16:41 - 2012-08-21 15:01 - 00033240 ___AC (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-10-13 16:39 - 2012-10-13 16:41 - 00000000 ___DC C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-13 16:39 - 2012-10-13 16:41 - 00000000 ___DC C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-13 16:39 - 2012-10-13 16:41 - 00000000 ___DC C:\Program Files\iTunes
2012-10-13 16:39 - 2012-10-13 16:39 - 00000000 ___DC C:\Program Files\iPod
2012-10-08 01:58 - 2012-10-09 23:00 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{617B938B-83B4-450B-809C-E2C23AF31094}
2012-10-08 01:58 - 2012-10-09 23:00 - 00000000 ___DC C:\Users\ybull27\Local Settings\{617B938B-83B4-450B-809C-E2C23AF31094}
2012-10-08 01:58 - 2012-10-09 23:00 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{617B938B-83B4-450B-809C-E2C23AF31094}
2012-10-06 18:08 - 2012-10-06 18:08 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{90D215AD-92AF-42B9-ACE6-1ACCBCB16770}
2012-10-06 18:08 - 2012-10-06 18:08 - 00000000 ___DC C:\Users\ybull27\Local Settings\{90D215AD-92AF-42B9-ACE6-1ACCBCB16770}
2012-10-06 18:08 - 2012-10-06 18:08 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{90D215AD-92AF-42B9-ACE6-1ACCBCB16770}
2012-10-06 01:16 - 2012-10-06 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{9593F18A-18D3-4BCD-952F-D0435AFBA4E8}
2012-10-06 01:16 - 2012-10-06 01:16 - 00000000 ___DC C:\Users\ybull27\Local Settings\{9593F18A-18D3-4BCD-952F-D0435AFBA4E8}
2012-10-06 01:16 - 2012-10-06 01:16 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{9593F18A-18D3-4BCD-952F-D0435AFBA4E8}
2012-10-05 09:32 - 2012-10-05 09:32 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{0D6C542C-B821-49F2-A3BE-47DFF507D34D}
2012-10-05 09:32 - 2012-10-05 09:32 - 00000000 ___DC C:\Users\ybull27\Local Settings\{0D6C542C-B821-49F2-A3BE-47DFF507D34D}
2012-10-05 09:32 - 2012-10-05 09:32 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{0D6C542C-B821-49F2-A3BE-47DFF507D34D}
2012-10-03 19:17 - 2012-10-03 19:17 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{B3B42FD7-3039-47F8-BBDD-D8E0673BB845}
2012-10-03 19:17 - 2012-10-03 19:17 - 00000000 ___DC C:\Users\ybull27\Local Settings\{B3B42FD7-3039-47F8-BBDD-D8E0673BB845}
2012-10-03 19:17 - 2012-10-03 19:17 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{B3B42FD7-3039-47F8-BBDD-D8E0673BB845}
2012-10-02 14:17 - 2012-10-02 14:18 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{0045057B-12A7-43C0-B821-A49EB2530F73}
2012-10-02 14:17 - 2012-10-02 14:18 - 00000000 ___DC C:\Users\ybull27\Local Settings\{0045057B-12A7-43C0-B821-A49EB2530F73}
2012-10-02 14:17 - 2012-10-02 14:18 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{0045057B-12A7-43C0-B821-A49EB2530F73}
2012-10-02 00:05 - 2012-10-02 00:05 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{E9B1B8B8-06A0-4327-983B-26F80703CC7E}
2012-10-02 00:05 - 2012-10-02 00:05 - 00000000 ___DC C:\Users\ybull27\Local Settings\{E9B1B8B8-06A0-4327-983B-26F80703CC7E}
2012-10-02 00:05 - 2012-10-02 00:05 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{E9B1B8B8-06A0-4327-983B-26F80703CC7E}
2012-09-30 22:34 - 2012-09-30 22:34 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{A7C73CF9-8274-420B-B590-8C2D4ABB8B96}
2012-09-30 22:34 - 2012-09-30 22:34 - 00000000 ___DC C:\Users\ybull27\Local Settings\{A7C73CF9-8274-420B-B590-8C2D4ABB8B96}
2012-09-30 22:34 - 2012-09-30 22:34 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{A7C73CF9-8274-420B-B590-8C2D4ABB8B96}
2012-09-29 20:43 - 2012-09-29 20:43 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{6BD13AB3-05C6-4E87-9D47-E17F859D5B24}
2012-09-29 20:43 - 2012-09-29 20:43 - 00000000 ___DC C:\Users\ybull27\Local Settings\{6BD13AB3-05C6-4E87-9D47-E17F859D5B24}
2012-09-29 20:43 - 2012-09-29 20:43 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{6BD13AB3-05C6-4E87-9D47-E17F859D5B24}
2012-09-28 17:59 - 2012-09-28 17:59 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{3DD13BA4-4FA9-4962-AC9B-ED66D084602E}
2012-09-28 17:59 - 2012-09-28 17:59 - 00000000 ___DC C:\Users\ybull27\Local Settings\{3DD13BA4-4FA9-4962-AC9B-ED66D084602E}
2012-09-28 17:59 - 2012-09-28 17:59 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{3DD13BA4-4FA9-4962-AC9B-ED66D084602E}
2012-09-27 20:29 - 2012-09-27 20:29 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{4DE2A620-F794-43CC-81EA-044055DD95D4}
2012-09-27 20:29 - 2012-09-27 20:29 - 00000000 ___DC C:\Users\ybull27\Local Settings\{4DE2A620-F794-43CC-81EA-044055DD95D4}
2012-09-27 20:29 - 2012-09-27 20:29 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{4DE2A620-F794-43CC-81EA-044055DD95D4}
2012-09-26 17:36 - 2012-09-26 17:36 - 00000000 ___DC C:\Users\ybull27\Local Settings\Application Data\{10519FF1-DF8B-4210-9D6E-0784FA50DFAA}
2012-09-26 17:36 - 2012-09-26 17:36 - 00000000 ___DC C:\Users\ybull27\Local Settings\{10519FF1-DF8B-4210-9D6E-0784FA50DFAA}
2012-09-26 17:36 - 2012-09-26 17:36 - 00000000 ___DC C:\Users\ybull27\AppData\Local\{10519FF1-DF8B-4210-9D6E-0784FA50DFAA}

==================== 3 Months Modified Files ==================

2012-10-17 22:31 - 2011-08-14 12:44 - 00000900 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-17 22:23 - 2012-04-12 19:08 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-17 22:05 - 2011-08-14 12:44 - 00000896 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-14 18:49 - 2009-07-14 00:10 - 01757610 ___AC C:\Windows\WindowsUpdate.log
2012-10-14 18:44 - 2010-08-03 16:48 - 00002760 ___AC C:\Users\ybull27\Application Data\wklnhst.dat
2012-10-14 18:44 - 2010-08-03 16:48 - 00002760 ___AC C:\Users\ybull27\AppData\Roaming\wklnhst.dat
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\Public\Desktop\iTunes.lnk
2012-10-13 16:41 - 2012-10-13 16:41 - 00001568 ___AC C:\Users\All Users\Desktop\iTunes.lnk
2012-10-13 16:24 - 2012-06-16 01:16 - 00006328 ___AC C:\Windows\setupact.log
2012-10-11 19:15 - 2012-08-27 23:11 - 00002340 ___AC C:\Users\Public\Desktop\Google Chrome.lnk
2012-10-11 19:15 - 2012-08-27 23:11 - 00002340 ___AC C:\Users\All Users\Desktop\Google Chrome.lnk
2012-10-10 18:04 - 2009-07-13 23:45 - 00014240 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-10 18:04 - 2009-07-13 23:45 - 00014240 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-09 23:00 - 2012-04-12 19:08 - 00696760 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-09 23:00 - 2011-05-19 13:40 - 00073656 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-26 17:33 - 2009-07-14 00:08 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2012-09-26 17:32 - 2010-05-16 20:27 - 00567412 ___AC C:\Windows\PFRO.log
2012-08-30 20:44 - 2012-01-19 22:59 - 00001976 ___AC C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-08-30 20:44 - 2012-01-19 22:59 - 00001976 ___AC C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-08-21 15:01 - 2012-10-13 16:41 - 00033240 ___AC (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 15:01 - 2010-08-04 19:50 - 00125872 ___AC (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 15:01 - 2010-08-04 19:50 - 00106928 ___AC (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-12 16:43 - 2011-12-24 12:21 - 00001102 ___AC C:\Users\Public\Desktop\Zune.lnk
2012-08-12 16:43 - 2011-12-24 12:21 - 00001102 ___AC C:\Users\All Users\Desktop\Zune.lnk

ZeroAccess:
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000004.@
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\201d3dde

ZeroAccess:
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 5940.51 MB
Available physical RAM: 5250.94 MB
Total Pagefile: 5938.66 MB
Available Pagefile: 5248.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:3.94 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:2.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection.
5 Drive g: () (Removable) (Total:7.82 GB) (Free:7.82 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 527 GB
Disk 1 No Media 0 B 0 B
Disk 2 Online 8028 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 9 GB 101 MB
Partition 3 Primary 58 GB 9 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 9 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 58 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 8027 MB 336 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 8027 MB Healthy

=========================================================

Last Boot: 2012-08-12 21:43

==================== End Of Log =============================

I am trying to help him through my pc please help us he only has a few more days left with me then he goes home where i can't help him. Thanks for all the help =)

CBoe/Wildersteak
 
See less See more
#2 ·
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt that you`ve used already.

Code:
start
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
TDL4: custom:26000022 <===== ATTENTION!
end
Now please enter System Recovery Options as you did to get the log.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Kevin
 
#3 ·
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2012
Ran by SYSTEM at 2012-10-19 12:44:43 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} moved successfully.
C:\Users\ybull27\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} moved successfully.

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====


Thank you for helping us

We turned it on after this and it still had the same loop =(
 
#6 ·
Download the Windows Defender Offline Tool and save to your Desktop.
You will have to select the correct version for your system, either 32 or 64 bit



Double click
to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"



In the new window accept the agreement:



In the new window select your USB Flash Drive, then select "Next"



In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"



In the new window accept the formatting alert by selecting "Next"



Files will be Downloaded:



Files will be processed and created



Flash drive will be formatted and prepared



Files will be added to the Flash Drive and the tool will be created.



The procedure is finished and the Tool created, click on "Finish" to complete.



Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the Esc key to boot into regular windows (If possible?).

If Windows now boots ok navigate to the following file:

"C:\windows\windows defender offline\support\mssWrapper.log" Open with notepad and copy and paste it into a reply.

Kevin
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top