Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Volsnap.sys issue - Need help


  • This topic is locked This topic is locked
46 replies to this topic

#1 Oddyssey

Oddyssey

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 13 January 2012 - 11:03 PM

So, my ASUS laptop took a crap and I need some help, I'm on a few deadlines and really need to get it back up and running, hopefully without having to wipe everything and start from scratch.

Here's what I know:

Running Vista 64bit

went to reboot and got the following:

Windows Boot Manager
File: \Windows\system32\drivers\volsnap.sys
Status: 0xc00000e9
Windows failed to load because a critical system driver is missing, or corrupt

I've tried to go into safe mode, Last known good configuration, all those options, but it won't let me. It just keeps taking me back to the same black error screen.

I tried using a restore disk, tried the automatic repair option twice and got the following:

Root cause found: System volume on disk is corrupt

I took the hdd out (checked all the connections that I could get to and reseated the hdd and memory, but that didn't help) and hooked it up to a USB case and hooked it up to my son's laptop (only other running computer atm) which is running Windows 7.

I am able to access all the information from this 2nd laptop and have been able to copy/paste my info, so I'm backed up.

Then I tried to boot my son's laptop from my hdd and got the same black Windows boot manager screen with the same error message.

I've now downloaded a volsnap.sys file to try and replace the one in the drivers folder. I had issues with "permissions" but finally got that all figured out. Now, when I try to replace or delete or rename the old volsnap.sys file, the laptop just freezes and I get "Not responding" and end up having to close the program and/or restart the laptop and try again only to freeze up again.

Any suggestions? I'm at my wits end and my brain has melted. I just don't know why it keeps "not responding" anytime I try to do anything in that folder. Currently, I have the old volsnap.sys file there as well as a volsnap (2).sys file, since that's the closest I've gotten to getting the new downloaded volsnap.sys file into the drivers folder. But, again, I can't delete the old one, nor can I rename it. It just ends up freezing up again. Have I missed something? Do I need to try something else? Help please! And thanks in advance.

Edited by Oddyssey, 13 January 2012 - 11:04 PM.


BC AdBot (Login to Remove)

 


#2 Oddyssey

Oddyssey
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 14 January 2012 - 10:41 AM

Update:

I booted my son's laptop into safemode and was finally able to delete the old volsnap.sys file and rename the new one to volsnap.sys and tried to reboot into my hdd and now I'm getting:

Windows Boot Manager
File: \Windows\system32\drivers\volsnap.sys
Status: 0xc0000359
Windows failed to load because a critical system driver is missing, or corrupt

So, now what? I've tried looking up 0xc0000359 and what I've read doesn't make any sense why I would get that this time around. I'm not upgrading the Vista hdd... but maybe because I have it hooked up to a Windows 7?

Any thoughts/suggestions?

Edited by Oddyssey, 14 January 2012 - 10:59 AM.


#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:33 PM

Posted 14 January 2012 - 12:31 PM

Does it still boot to safe mode or not at all?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#4 Oddyssey

Oddyssey
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 14 January 2012 - 04:34 PM

Not at all... hasn't since this whole issue started. I can get to that screen to choose safe mode, but then it just takes me to the black screen with those error messages.

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,841 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:33 PM

Posted 14 January 2012 - 06:18 PM

Lets give it a try. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 PM

Posted 14 January 2012 - 07:21 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Oddyssey

Oddyssey
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 17 January 2012 - 11:45 AM

Sorry it's taken me a while to get back with a reply, "Life" kind of got in the way... "Got kids?" LOL

Anyway, Here's the file:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by owner at 2012-01-17 11:35:04
Running from H:\
Service Pack 2 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKU\Daniel\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Daniel\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\Guest\...\Run: [PlayNC Launcher] [x]
HKU\Guest\...\Run: [NCsoft Launcher] C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe /Minimized [38184 2009-10-29] (NCSoft)
HKU\Guest\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Guest\...\Run: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2009-12-15] (Google Inc.)
HKU\Guest\...\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent [x]
HKU\Jypsie Visions\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Jypsie Visions\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\Rickey\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Rickey\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x x] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-17 11:33 - 2012-01-17 11:35 - 0000000 ____D C:\FRST
2012-01-14 23:07 - 2012-01-14 23:07 - 0008662 ____N C:\bootex.log
2012-01-14 22:02 - 2012-01-14 16:47 - 1501801 ____A C:\ErrorRepair_file.exe
2012-01-14 21:41 - 2008-01-19 03:11 - 0271416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-01-14 10:24 - 2012-01-14 10:24 - 0000046 __ASH C:\Windows\System32\Drivers\desktop.ini
2012-01-11 14:44 - 2011-11-25 11:25 - 0451072 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-01-11 14:44 - 2011-11-18 15:55 - 1585152 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-11 14:44 - 2011-11-18 15:55 - 1167984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-11 14:44 - 2011-11-18 13:07 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-11 14:44 - 2011-11-18 12:47 - 0066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-11 14:44 - 2011-10-25 11:13 - 1570816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-11 14:44 - 2011-10-25 11:13 - 0352256 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-11 14:44 - 2011-10-25 10:58 - 1314816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-11 14:44 - 2011-10-25 10:58 - 0497152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-11 14:44 - 2011-10-18 01:50 - 0817664 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-01-11 14:44 - 2011-10-18 01:18 - 0726528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-01-11 14:44 - 2011-10-14 12:31 - 0211968 ____A (Microsoft Corporation) C:\Windows\System32\winmm.dll
2012-01-11 14:44 - 2011-10-14 12:27 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\mcicda.dll
2012-01-11 14:44 - 2011-10-14 12:27 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\mciwave.dll
2012-01-11 14:44 - 2011-10-14 12:27 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\mciseq.dll
2012-01-11 14:44 - 2011-10-14 11:03 - 0189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2012-01-11 14:44 - 2011-10-14 11:00 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll
2012-01-09 20:27 - 2012-01-09 20:27 - 0358223 ____A C:\Users\owner\Documents\App4FS&MedSignon.docx
2012-01-09 13:26 - 2012-01-09 13:26 - 0000162 ___AH C:\Users\owner\Documents\~$4.docx
2012-01-09 13:25 - 2012-01-09 13:25 - 0025086 ____A C:\Users\owner\Documents\4.docx
2012-01-07 22:48 - 2012-01-07 22:48 - 0000000 ____D C:\Users\owner\Documents\Baby Hatman 2
2012-01-07 22:47 - 2012-01-07 22:47 - 0082944 ____A C:\Users\owner\Documents\Merry Christmas 2011.pub
2012-01-05 18:04 - 2012-01-05 18:04 - 0195072 ____A C:\Users\owner\Documents\Thank you Santa.pub
2012-01-03 12:35 - 2012-01-03 12:35 - 0022006 ____A C:\Users\owner\Documents\40 Bags in 40 Days.docx
2012-01-03 12:34 - 2012-01-03 12:34 - 0023260 ____A C:\Users\owner\Documents\Areas to clean in house.docx
2012-01-03 12:27 - 2012-01-03 12:27 - 0000537 ____A C:\Windows\KB893803v2.log
2011-12-31 01:37 - 2011-12-31 01:37 - 0026533 ____A C:\Users\owner\Documents\Job Position HTML 5 Web Designer outline.docx
2011-12-24 22:03 - 2012-01-15 00:24 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-12-24 22:03 - 2012-01-12 13:08 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-12-23 07:42 - 2012-01-07 22:52 - 0061246 ____A C:\Windows\PFRO.log
2011-12-23 07:41 - 2012-01-12 03:53 - 0000391 ____A C:\Windows\TMFilter.log
2011-12-21 00:50 - 2011-12-21 00:50 - 0000133 ____A C:\Users\owner\Documents\Fels Naptha Coupon Phone Number.txt

============ 3 Months Modified Files and Folders =============

2012-01-17 11:35 - 2012-01-17 11:33 - 0000000 ____D C:\FRST
2012-01-17 11:31 - 2006-11-02 07:46 - 0848174 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-17 11:30 - 2009-02-24 07:44 - 2909494 ____A C:\Windows\ntbtlog.txt
2012-01-15 00:24 - 2011-12-24 22:03 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-15 00:24 - 2010-12-23 11:03 - 0000436 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{9EC142E0-EEC1-4F12-9E75-F7A3A0A2B248}.job
2012-01-15 00:21 - 2010-12-15 06:47 - 0000434 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{4FA80CD4-3BB1-4F24-A9B1-46415AC8D822}.job
2012-01-15 00:21 - 2006-11-02 10:22 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-15 00:21 - 2006-11-02 10:22 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-15 00:20 - 2009-01-29 13:22 - 0098111 ____A C:\Users\All Users\nvModes.001
2012-01-15 00:20 - 2009-01-29 13:22 - 0098111 ____A C:\ProgramData\nvModes.001
2012-01-15 00:20 - 2006-11-02 10:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-15 00:06 - 2010-01-11 14:23 - 0000000 ____D C:\Program Files (x86)\RegEditX
2012-01-14 23:49 - 2006-11-02 08:33 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-01-14 23:07 - 2012-01-14 23:07 - 0008662 ____N C:\bootex.log
2012-01-14 22:26 - 2008-12-09 17:20 - 1814371 ____A C:\Windows\WindowsUpdate.log
2012-01-14 20:55 - 2009-03-06 19:40 - 0000000 ___RD C:\Users\owner\Desktop\From Small Dell Laptop
2012-01-14 16:47 - 2012-01-14 22:02 - 1501801 ____A C:\ErrorRepair_file.exe
2012-01-14 10:24 - 2012-01-14 10:24 - 0000046 __ASH C:\Windows\System32\Drivers\desktop.ini
2012-01-14 10:09 - 2011-04-12 09:35 - 0000000 ____D C:\Users\owner\Desktop\New Temp Pics Folder
2012-01-13 19:50 - 2006-11-02 08:32 - 0000000 __SHD C:\$Recycle.Bin
2012-01-13 10:00 - 2011-10-30 14:14 - 0001918 ____A C:\Users\owner\Desktop\WriteWay.lnk
2012-01-12 13:34 - 2009-02-20 14:28 - 0000761 ____A C:\Windows\System32\Drivers\etc\tmvsthfud.bin
2012-01-12 13:34 - 2009-02-20 14:28 - 0000761 ____A C:\Windows\System32\Drivers\etc\tmvsthfss.bin
2012-01-12 13:34 - 2006-11-02 10:42 - 0032568 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-12 13:33 - 2010-04-24 13:23 - 0000000 ____D C:\Users\owner\Documents\Cub Scouts
2012-01-12 13:08 - 2011-12-24 22:03 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-12 13:04 - 2009-12-15 19:32 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744571196-950336405-3538959345-1000UA.job
2012-01-12 13:04 - 2008-12-09 19:12 - 0098111 ____A C:\Users\All Users\nvModes.dat
2012-01-12 13:04 - 2008-12-09 19:12 - 0098111 ____A C:\ProgramData\nvModes.dat
2012-01-12 12:44 - 2009-12-15 19:32 - 0000000 ____D C:\Users\owner\AppData\Local\Deployment
2012-01-12 11:57 - 2010-02-22 13:29 - 0000000 ____D C:\Users\owner\Documents\Recipes
2012-01-12 10:59 - 2009-12-15 19:32 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744571196-950336405-3538959345-1000Core.job
2012-01-12 07:07 - 2009-03-04 06:39 - 0000000 ____D C:\Users\owner\Documents\B&BPDfromBOA
2012-01-12 07:01 - 2009-03-19 12:19 - 0000000 ____D C:\Users\owner\Documents\Orders & Confirmations
2012-01-12 06:47 - 2009-01-29 13:23 - 0045056 ____A C:\Windows\System32\acovcnt.exe
2012-01-12 03:53 - 2011-12-23 07:41 - 0000391 ____A C:\Windows\TMFilter.log
2012-01-12 03:52 - 2009-01-29 13:22 - 0000000 ____D C:\users\owner
2012-01-12 03:22 - 2006-11-02 07:35 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-01-12 03:18 - 2009-06-06 12:43 - 0843580 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-11 07:52 - 2009-07-17 17:00 - 0000438 ___AH C:\Windows\Tasks\Norton Security Scan for owner.job
2012-01-09 20:27 - 2012-01-09 20:27 - 0358223 ____A C:\Users\owner\Documents\App4FS&MedSignon.docx
2012-01-09 13:26 - 2012-01-09 13:26 - 0000162 ___AH C:\Users\owner\Documents\~$4.docx
2012-01-09 13:25 - 2012-01-09 13:25 - 0025086 ____A C:\Users\owner\Documents\4.docx
2012-01-08 14:39 - 2009-02-24 07:45 - 0000000 ____D C:\World of Warcraft
2012-01-08 03:00 - 2011-05-22 13:08 - 0000462 ____A C:\Windows\Tasks\FixCleaner Scan.job
2012-01-07 22:52 - 2011-12-23 07:42 - 0061246 ____A C:\Windows\PFRO.log
2012-01-07 22:48 - 2012-01-07 22:48 - 0000000 ____D C:\Users\owner\Documents\Baby Hatman 2
2012-01-07 22:47 - 2012-01-07 22:47 - 0082944 ____A C:\Users\owner\Documents\Merry Christmas 2011.pub
2012-01-07 03:02 - 2009-12-15 19:35 - 0002049 ____A C:\Users\owner\Desktop\Google Chrome.lnk
2012-01-05 18:04 - 2012-01-05 18:04 - 0195072 ____A C:\Users\owner\Documents\Thank you Santa.pub
2012-01-03 12:50 - 2010-10-30 23:37 - 0059822 ____A C:\Users\owner\Desktop\Budget.xlsx
2012-01-03 12:35 - 2012-01-03 12:35 - 0022006 ____A C:\Users\owner\Documents\40 Bags in 40 Days.docx
2012-01-03 12:34 - 2012-01-03 12:34 - 0023260 ____A C:\Users\owner\Documents\Areas to clean in house.docx
2012-01-03 12:28 - 2011-07-29 22:02 - 0000000 ____D C:\Users\owner\AppData\Roaming\Origin
2012-01-03 12:27 - 2012-01-03 12:27 - 0000537 ____A C:\Windows\KB893803v2.log
2012-01-03 12:27 - 2011-07-29 22:01 - 0000825 ____A C:\Users\Public\Desktop\Origin.lnk
2012-01-03 12:27 - 2011-07-29 22:01 - 0000000 ____D C:\Program Files (x86)\Origin
2011-12-31 01:37 - 2011-12-31 01:37 - 0026533 ____A C:\Users\owner\Documents\Job Position HTML 5 Web Designer outline.docx
2011-12-24 22:04 - 2009-01-29 13:25 - 0000000 ____D C:\Users\owner\AppData\LocalLow
2011-12-24 22:04 - 2008-09-19 06:07 - 0000000 ____D C:\Program Files (x86)\Google
2011-12-24 22:02 - 2009-02-22 03:24 - 0000000 ____D C:\Users\owner\Desktop\dls&setups
2011-12-23 07:50 - 2011-05-02 08:25 - 0000000 ____D C:\Users\owner\Desktop\misc crap
2011-12-23 07:23 - 2011-05-12 10:20 - 0000000 ____D C:\Users\owner\Documents\Crochet Patterns
2011-12-22 16:14 - 2011-06-14 09:33 - 0000312 ____A C:\Users\owner\Desktop\Curse Client.appref-ms
2011-12-22 13:04 - 2010-04-04 12:26 - 0000000 ____D C:\Users\owner\Documents\Addresses
2011-12-21 00:50 - 2011-12-21 00:50 - 0000133 ____A C:\Users\owner\Documents\Fels Naptha Coupon Phone Number.txt
2011-12-17 20:59 - 2010-11-03 07:55 - 0000000 ____D C:\Users\owner\Documents\Crafts
2011-12-16 02:43 - 2011-10-04 08:17 - 0000000 ____D C:\Users\owner\Documents\Garden
2011-12-15 17:16 - 2006-11-02 08:33 - 0000000 ____D C:\Windows\rescache
2011-12-15 17:00 - 2006-11-02 10:21 - 0618592 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-15 15:13 - 2011-12-15 15:13 - 0000000 ____D C:\Users\owner\Documents\Hatman Family
2011-12-15 14:50 - 2010-01-02 15:07 - 0000000 ____D C:\Users\owner\Documents\Baby Hatman
2011-12-15 14:47 - 2011-08-27 20:48 - 0000105 ____A C:\Users\owner\Documents\Jeremiahs Guest List for Thank Yous.txt
2011-12-15 14:36 - 2008-09-19 06:18 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-15 14:36 - 2008-09-19 06:18 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-13 10:13 - 2011-12-13 10:13 - 0268518 ____A C:\Users\owner\Documents\Kids Candy Land Gingerbread House.docx
2011-12-13 10:10 - 2011-12-13 10:10 - 0774908 ____A C:\Users\owner\Documents\Discount for HolyClothing expires Dec 19th 2011.docx
2011-12-10 05:09 - 2011-12-10 05:09 - 0000000 ____D C:\Users\owner\Documents\Brochure Templates
2011-12-10 05:04 - 2011-12-10 05:04 - 0050301 ____A C:\Users\owner\Documents\Brochure Template.docx
2011-12-10 04:07 - 2011-06-21 13:46 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-10 04:06 - 2011-12-10 04:06 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-08 18:22 - 2009-11-25 15:40 - 0000000 ____D C:\Users\owner\Documents\Nathan
2011-12-07 12:39 - 2009-02-22 01:06 - 0051712 ____A C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-07 12:37 - 2011-12-07 12:37 - 0000000 ____A C:\Users\owner\Start Menu\Programs\Startup\CurseClientStartup.ccip
2011-12-07 12:37 - 2011-12-07 12:37 - 0000000 ____A C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
2011-12-06 18:06 - 2010-06-02 08:21 - 0031879 ____A C:\Users\owner\Documents\resume_kellieh.docx
2011-11-29 19:45 - 2009-06-07 19:23 - 0000000 ____D C:\Users\owner\Documents\Writing
2011-11-26 01:01 - 2009-12-28 13:39 - 0000000 ____D C:\Windows\pss
2011-11-26 00:45 - 2011-11-26 00:45 - 0000000 ____D C:\Users\owner\AppData\Local\{CB324588-3047-43DF-B988-4809A836C2BC}
2011-11-26 00:45 - 2011-11-26 00:45 - 0000000 ____D C:\Users\owner\AppData\Local\{93778B19-9CBB-4FD5-B481-C84542B2B190}
2011-11-26 00:44 - 2009-06-02 20:13 - 0000000 ____D C:\Users\owner\Tracing
2011-11-25 21:05 - 2011-03-07 18:31 - 0000000 ____D C:\Users\owner\Documents\DIY & Home Stuff
2011-11-25 11:25 - 2012-01-11 14:44 - 0451072 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-11-23 08:57 - 2011-12-14 18:06 - 2764800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-22 16:18 - 2011-11-22 16:18 - 7268154 ____A C:\Users\owner\Desktop\EN_2010_10___09210_000_000.pdf
2011-11-22 16:10 - 2011-11-22 16:10 - 7268154 ____A C:\Users\owner\Documents\ENSIGN_2010_10_TEMPLES.pdf
2011-11-18 15:55 - 2012-01-11 14:44 - 1585152 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-18 15:55 - 2012-01-11 14:44 - 1167984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-18 13:07 - 2012-01-11 14:44 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-18 12:47 - 2012-01-11 14:44 - 0066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-16 10:08 - 2009-07-29 21:01 - 0000000 ____D C:\Users\owner\Desktop\How Tos
2011-11-12 16:58 - 2011-11-12 09:37 - 0000000 ____D C:\Users\owner\Documents\Clothes-Patterns-and-Stuff
2011-11-10 17:43 - 2011-11-10 17:43 - 0000000 ____D C:\Users\owner\AppData\Local\{3AE27199-28E5-464F-A9F4-106D01B2B598}
2011-11-10 17:43 - 2011-11-10 17:42 - 0000000 ____D C:\Users\owner\AppData\Local\{39D9AA58-EB06-4053-9BCE-60736BD5E8AE}
2011-11-10 03:24 - 2006-11-02 08:33 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-09 16:43 - 2011-11-09 16:43 - 0000000 ____D C:\Users\owner\AppData\Local\{DC5D15F8-F169-45D5-9AE9-5B36F0F46C81}
2011-11-09 16:43 - 2011-11-09 16:43 - 0000000 ____D C:\Users\owner\AppData\Local\{68C02C8F-D0C6-4FA9-A083-385979618CF2}
2011-11-09 09:52 - 2011-11-09 09:52 - 0000000 ____D C:\Users\owner\AppData\Local\{185145C4-D944-4B9B-8E93-FA9D2684500C}
2011-11-08 09:58 - 2011-12-14 18:07 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-08 09:42 - 2011-12-14 18:07 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-07 15:43 - 2011-11-07 15:43 - 0000000 ____D C:\Users\owner\AppData\Local\{DE520663-CDD6-4D2A-BBF9-E998BD100839}
2011-11-07 15:43 - 2011-11-07 15:43 - 0000000 ____D C:\Users\owner\AppData\Local\{68202093-6D6A-4C26-8AE7-8A361C0FE6BB}
2011-11-05 14:47 - 2011-11-05 14:47 - 0009187 ____A C:\Users\owner\Documents\Meal Plan BLD.xlsx
2011-11-04 22:30 - 2011-11-04 22:29 - 0000000 ____D C:\Users\owner\AppData\Local\{C32824E2-785A-4D79-AC8E-11C284B37B4E}
2011-11-04 22:29 - 2011-11-04 22:29 - 0000000 ____D C:\Users\owner\AppData\Local\{AD96C504-542F-4774-84AE-4F49A22E5053}
2011-11-04 18:37 - 2011-11-04 18:37 - 0000000 ____D C:\Users\owner\AppData\Local\{E2DEBB60-4E10-4F09-B1F6-3648BD9772F3}
2011-11-03 14:44 - 2011-11-03 14:44 - 0000000 ____D C:\Users\owner\AppData\Local\{12E42633-814B-4C45-8DB0-1DE6735B48BC}
2011-11-03 14:44 - 2011-11-03 14:43 - 0000000 ____D C:\Users\owner\AppData\Local\{DCBAA57C-8A9B-48F6-8426-D702699B2E78}
2011-11-03 14:37 - 2011-11-03 14:37 - 0000000 ____D C:\Users\owner\AppData\Local\{624A006B-38BF-4677-8606-ABAF5A330075}
2011-11-03 14:37 - 2011-11-03 14:37 - 0000000 ____D C:\Users\owner\AppData\Local\{12BD8BC8-238C-4B80-8555-2976268457F0}
2011-11-03 08:52 - 2011-11-03 08:52 - 0000000 ____D C:\Users\owner\AppData\Local\{2944519A-8AB7-451E-BB85-CC437413CF0A}
2011-11-03 01:55 - 2011-12-14 18:06 - 1488384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 01:55 - 2011-12-14 18:06 - 1147392 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 01:54 - 2011-12-14 18:06 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 01:53 - 2011-12-14 18:06 - 0243712 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-11-03 01:51 - 2011-12-14 18:06 - 1062912 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-11-03 01:50 - 2011-12-14 18:06 - 9292288 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 01:50 - 2011-12-14 18:06 - 0710656 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-11-03 01:50 - 2011-12-14 18:06 - 0096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 01:50 - 2011-12-14 18:06 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-11-03 01:50 - 2011-12-14 18:06 - 0056832 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-11-03 01:50 - 2011-12-14 18:06 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 01:49 - 2011-12-14 18:06 - 2350592 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 01:49 - 2011-12-14 18:06 - 1538560 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 01:49 - 2011-12-14 18:06 - 12476928 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 01:49 - 2011-12-14 18:06 - 0459776 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-11-03 01:49 - 2011-12-14 18:06 - 0252416 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-11-03 01:49 - 2011-12-14 18:06 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-03 01:49 - 2011-12-14 18:06 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-11-03 01:49 - 2011-12-14 18:06 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-11-03 01:49 - 2011-12-14 18:06 - 0072192 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-11-03 01:22 - 2011-12-14 18:06 - 0916992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-03 01:21 - 2011-12-14 18:06 - 1212416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-03 01:21 - 2011-12-14 18:06 - 0105984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-03 01:20 - 2011-12-14 18:06 - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-11-03 01:18 - 2011-12-14 18:06 - 5978112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-03 01:18 - 2011-12-14 18:06 - 0611840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-11-03 01:18 - 2011-12-14 18:06 - 0602112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-11-03 01:18 - 2011-12-14 18:06 - 0066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-03 01:18 - 2011-12-14 18:06 - 0055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-11-03 01:17 - 2011-12-14 18:06 - 2000384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-03 01:17 - 2011-12-14 18:06 - 1469440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-11-03 01:17 - 2011-12-14 18:06 - 11081728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-03 01:17 - 2011-12-14 18:06 - 0387584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-11-03 01:17 - 2011-12-14 18:06 - 0184320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-11-03 01:17 - 2011-12-14 18:06 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-11-03 01:17 - 2011-12-14 18:06 - 0109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-11-03 01:17 - 2011-12-14 18:06 - 0071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-11-03 01:17 - 2011-12-14 18:06 - 0055808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-11-03 01:17 - 2011-12-14 18:06 - 0043520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-11-03 01:17 - 2011-12-14 18:06 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-03 00:54 - 2011-12-14 18:06 - 0479232 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-11-03 00:22 - 2011-12-14 18:06 - 0385024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-11-03 00:11 - 2011-12-14 18:06 - 0162816 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-11-03 00:11 - 2011-12-14 18:06 - 0070656 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-11-03 00:11 - 2011-12-14 18:06 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-11-03 00:10 - 2011-12-14 18:06 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-02 23:45 - 2011-12-14 18:06 - 0174080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-11-02 23:45 - 2011-12-14 18:06 - 0133632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-11-02 23:44 - 2011-12-14 18:06 - 0013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-11-02 23:43 - 2011-12-14 18:06 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-02 21:31 - 2011-01-06 10:07 - 0000000 ____D C:\Program Files (x86)\TrojanHunter 5.3
2011-11-01 12:50 - 2011-11-01 12:49 - 0000000 ____D C:\Users\owner\AppData\Local\{FF352319-E27F-42DC-966F-1ACEF2CB1173}
2011-11-01 12:49 - 2011-11-01 12:49 - 0000000 ____D C:\Users\owner\AppData\Local\{CC720240-AAB5-41E8-B7D2-7D418F7AC167}
2011-11-01 08:42 - 2011-11-01 08:42 - 0000000 ____D C:\Users\owner\AppData\Local\{E7782642-6C69-4041-BE5A-A5F1D1816BEC}
2011-10-30 14:15 - 2011-10-30 14:13 - 0000000 ____D C:\Users\Public\Documents\WriteWay
2011-10-30 14:14 - 2011-10-30 14:14 - 0001669 ____A C:\Users\Public\Desktop\WriteWay.lnk
2011-10-30 14:14 - 2011-10-30 14:12 - 0023509 ____A C:\Windows\WriteWay Setup Log.txt
2011-10-30 14:13 - 2011-10-30 14:13 - 0000000 ____D C:\Windows\WriteWay
2011-10-30 02:45 - 2011-10-30 02:45 - 0000000 ____D C:\Users\All Users\WindowsSearch
2011-10-30 02:45 - 2011-10-30 02:45 - 0000000 ____D C:\ProgramData\WindowsSearch
2011-10-28 08:33 - 2011-10-28 08:33 - 0000000 ____D C:\Users\owner\AppData\Local\{60F0EB8F-5BDF-4581-AED7-EAF7E2B66851}
2011-10-28 08:33 - 2011-10-28 08:33 - 0000000 ____D C:\Users\owner\AppData\Local\{0067F122-EA70-4E97-80C0-E3250E1BD221}
2011-10-27 21:10 - 2011-10-27 21:10 - 0013757 ____A C:\Users\owner\Documents\List for my Halloween Trunk or Treat idea.docx
2011-10-27 13:43 - 2011-10-27 13:43 - 0090030 ____A C:\Users\owner\Documents\eggs.jpg
2011-10-26 17:23 - 2010-12-03 17:11 - 0000000 ____D C:\Users\owner\Documents\Travel
2011-10-26 11:00 - 2009-11-17 06:47 - 0000000 ____D C:\Users\owner\Documents\Quotes
2011-10-25 15:17 - 2009-02-22 17:31 - 0000000 ____D C:\Users\owner\AppData\Local\Adobe
2011-10-25 11:13 - 2012-01-11 14:44 - 1570816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2011-10-25 11:13 - 2012-01-11 14:44 - 0352256 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2011-10-25 11:09 - 2011-12-14 18:07 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-25 10:58 - 2012-01-11 14:44 - 1314816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2011-10-25 10:58 - 2012-01-11 14:44 - 0497152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2011-10-24 14:51 - 2009-01-29 13:23 - 0205528 ____A C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4094.29 MB
Available physical RAM: 3472.02 MB
Total Pagefile: 8363.86 MB
Available Pagefile: 7871.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (Vista64) (Fixed) (Total:287.35 GB) (Free:58.54 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
5 Drive h: () (Removable) (Total:0.23 GB) (Free:0.14 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 238 MB 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 11 GB 32 KB
Partition 2 Primary 287 GB 11 GB

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Vista64 NTFS Partition 287 GB Healthy System (partition with boot components)

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 238 MB 52 KB

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H FAT Removable 238 MB Healthy

==========================================================

Last Boot: 2012-01-17 11:35

======================= End Of Log ==========================

#8 Oddyssey

Oddyssey
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 17 January 2012 - 11:47 AM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.


So, does that mean that I'm infected?? I thought the HDD just crapped out on me? I don't mind having the topic moved, I'm just wondering why it was moved to where it is now. I didn't think it was a virus or something that caused the issue, but if it is, then maybe it can be fixed?? Just curious.

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,841 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:33 PM

Posted 17 January 2012 - 02:39 PM

Seems that your registry became corrupted. Lets restore the backup.

Download the enclosed file.

Save it in the USB drive. Insert the USB drive into the ailing computer and run FRST once again, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt). Please post it in your next reply.

If successful, run FRST once again and click on the Scan button. Once finished, post also the new FRST.txt that will be saved in the flash drive, in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Oddyssey

Oddyssey
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 30 January 2012 - 06:55 AM

Sorry I took so long again to get back to you guys... since I commandeered borrowed my son's computer indefinitely temporarily, I've been working off of that. I finally got a moment to get my laptop worked on again.

So, here goes... and thanks again for all the help!

First, the Fix Log:


Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.2)
Ran by SYSTEM at 2012-01-30 06:42:13 R:1
Running from G:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Now for the Frst Log again:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by SYSTEM at 2012-01-30 06:43:42
Running from G:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [991504 2009-10-20] (Trend Micro Inc.)
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16330272 2009-07-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-09-14] (Google)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8105984 2008-09-02] (ASUS)
HKLM-x32\...\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [266240 2008-03-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe [2705976 2008-08-20] (ASUSTek.)
HKLM-x32\...\Run: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.3\THGuard.exe" [1070360 2010-10-23] (Mischel Internet Security)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1047208 2011-08-31] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [449608 2011-08-31] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe Version Cue CS2] C:\My Program Files\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
HKU\Daniel\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Daniel\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-09] (Microsoft Corporation)
HKU\Guest\...\Run: [PlayNC Launcher] [x]
HKU\Guest\...\Run: [NCsoft Launcher] C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe /Minimized [38184 2009-10-29] (NCSoft)
HKU\Guest\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Guest\...\Run: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2009-12-15] (Google Inc.)
HKU\Guest\...\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent [x]
HKU\Jypsie Visions\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Jypsie Visions\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-09] (Microsoft Corporation)
HKU\owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\owner\...\Run: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2009-12-15] (Google Inc.)
HKU\owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\Rickey\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Rickey\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Lsa: [Notification Packages] scecli
C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2009-02-22] (Adobe Systems)
2 Adobe Version Cue CS2; "C:\My Program Files\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service [163840 2005-04-04] (Adobe Systems Incorporated)
2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
2 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [72704 2009-02-22] (Autodesk)
3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-09-14] (Google)
3 hpqcxs08; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.)
2 hpqddsvc; C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [366152 2011-08-31] (Malwarebytes Corporation)
2 mi-raysat_3dsmax8; "C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe" [65536 2005-09-21] ()
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
2 SfCtlCom; "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe" [833944 2010-10-07] (Trend Micro Inc.)
2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
2 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [565512 2009-03-03] (Trend Micro Inc.)
2 TmProxy; "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe" [900360 2009-09-03] (Trend Micro Inc.)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306416 2010-11-11] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8251120 2010-11-11] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467696 2010-11-11] (Microsoft Corporation)
2 maya70docserver; "C:\Program Files (x86)\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files (x86)\Alias\Maya7.0\docs\Wrapper.conf" [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [34872 2007-08-10] (Windows ® Codename Longhorn DDK provider)
2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-02] ()
2 Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.)
3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [59392 2007-12-18] (ITE Tech. Inc. )
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [17464 2008-06-02] ( )
0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [16440 2008-05-29] (Windows ® Codename Longhorn DDK provider)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25416 2011-08-31] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2006-10-27] ()
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [124928 2009-04-10] ()
3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror.sys [4608 2010-01-18] (Windows ® Win 7 DDK provider)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [188416 2008-12-23] (Realtek Corporation )
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1878440 2008-04-01] ()
2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [96784 2009-03-03] (Trend Micro Inc.)
2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
2 ATKGFNEXSrv32; [x]
2 DS1410D; [x]
3 dump_wmimmc; [x]
3 IpInIp; [x]
3 msiserver; C:\Windows\System32\msiexec /V [x]
3 npggsvc; C:\Windows\system32\GameMon.des -service [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 NwlnkFlt; [x]
3 NwlnkFwd; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-30 06:42 - 2012-01-30 06:42 - 0000000 ____D C:\Windows\System32\config\HiveBackup
2012-01-17 08:33 - 2012-01-17 08:35 - 0000000 ____D C:\FRST
2012-01-14 20:07 - 2012-01-14 20:07 - 0008662 ____N C:\bootex.log
2012-01-14 19:02 - 2012-01-14 13:47 - 1501801 ____A C:\ErrorRepair_file.exe
2012-01-14 18:41 - 2008-01-19 00:11 - 0271416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2012-01-14 07:24 - 2012-01-14 07:24 - 0000046 __ASH C:\Windows\System32\Drivers\desktop.ini
2012-01-11 11:44 - 2011-11-25 08:25 - 0451072 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-01-11 11:44 - 2011-11-18 12:55 - 1585152 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-11 11:44 - 2011-11-18 12:55 - 1167984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-11 11:44 - 2011-11-18 10:07 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-11 11:44 - 2011-11-18 09:47 - 0066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-11 11:44 - 2011-10-25 08:13 - 1570816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-11 11:44 - 2011-10-25 08:13 - 0352256 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-11 11:44 - 2011-10-25 07:58 - 1314816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-11 11:44 - 2011-10-25 07:58 - 0497152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-11 11:44 - 2011-10-17 22:50 - 0817664 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-01-11 11:44 - 2011-10-17 22:18 - 0726528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-01-11 11:44 - 2011-10-14 09:31 - 0211968 ____A (Microsoft Corporation) C:\Windows\System32\winmm.dll
2012-01-11 11:44 - 2011-10-14 09:27 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\mcicda.dll
2012-01-11 11:44 - 2011-10-14 09:27 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\mciwave.dll
2012-01-11 11:44 - 2011-10-14 09:27 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\mciseq.dll
2012-01-11 11:44 - 2011-10-14 08:03 - 0189952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2012-01-11 11:44 - 2011-10-14 08:00 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll
2012-01-09 17:27 - 2012-01-09 17:27 - 0358223 ____A C:\Users\owner\Documents\App4FS&MedSignon.docx
2012-01-09 10:26 - 2012-01-09 10:26 - 0000162 ___AH C:\Users\owner\Documents\~$4.docx
2012-01-09 10:25 - 2012-01-09 10:25 - 0025086 ____A C:\Users\owner\Documents\4.docx
2012-01-07 19:48 - 2012-01-07 19:48 - 0000000 ____D C:\Users\owner\Documents\Baby Hatman 2
2012-01-07 19:47 - 2012-01-07 19:47 - 0082944 ____A C:\Users\owner\Documents\Merry Christmas 2011.pub
2012-01-05 15:04 - 2012-01-05 15:04 - 0195072 ____A C:\Users\owner\Documents\Thank you Santa.pub
2012-01-03 09:35 - 2012-01-03 09:35 - 0022006 ____A C:\Users\owner\Documents\40 Bags in 40 Days.docx
2012-01-03 09:34 - 2012-01-03 09:34 - 0023260 ____A C:\Users\owner\Documents\Areas to clean in house.docx
2012-01-03 09:27 - 2012-01-03 09:27 - 0000537 ____A C:\Windows\KB893803v2.log

============ 3 Months Modified Files and Folders =============

2012-01-30 06:42 - 2012-01-30 06:42 - 0000000 ____D C:\Windows\System32\config\HiveBackup
2012-01-17 08:35 - 2012-01-17 08:33 - 0000000 ____D C:\FRST
2012-01-17 08:31 - 2006-11-02 04:46 - 0848174 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-17 08:30 - 2009-02-24 04:44 - 2909494 ____A C:\Windows\ntbtlog.txt
2012-01-14 21:24 - 2011-12-24 19:03 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-14 21:24 - 2010-12-23 08:03 - 0000436 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{9EC142E0-EEC1-4F12-9E75-F7A3A0A2B248}.job
2012-01-14 21:21 - 2010-12-15 03:47 - 0000434 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{4FA80CD4-3BB1-4F24-A9B1-46415AC8D822}.job
2012-01-14 21:21 - 2006-11-02 07:22 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-14 21:21 - 2006-11-02 07:22 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-14 21:20 - 2009-01-29 10:22 - 0098111 ____A C:\Users\All Users\nvModes.001
2012-01-14 21:20 - 2009-01-29 10:22 - 0098111 ____A C:\ProgramData\nvModes.001
2012-01-14 21:20 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-14 21:06 - 2010-01-11 11:23 - 0000000 ____D C:\Program Files (x86)\RegEditX
2012-01-14 20:50 - 2011-04-11 12:49 - 0000000 ____D C:\Windows\Minidump
2012-01-14 20:49 - 2006-11-02 05:33 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-01-14 20:07 - 2012-01-14 20:07 - 0008662 ____N C:\bootex.log
2012-01-14 19:26 - 2008-12-09 14:20 - 1814371 ____A C:\Windows\WindowsUpdate.log
2012-01-14 17:55 - 2009-03-06 16:40 - 0000000 ___RD C:\Users\owner\Desktop\From Small Dell Laptop
2012-01-14 13:47 - 2012-01-14 19:02 - 1501801 ____A C:\ErrorRepair_file.exe
2012-01-14 07:24 - 2012-01-14 07:24 - 0000046 __ASH C:\Windows\System32\Drivers\desktop.ini
2012-01-14 07:09 - 2011-04-12 06:35 - 0000000 ____D C:\Users\owner\Desktop\New Temp Pics Folder
2012-01-13 16:50 - 2006-11-02 05:32 - 0000000 __SHD C:\$Recycle.Bin
2012-01-13 07:00 - 2011-10-30 11:14 - 0001918 ____A C:\Users\owner\Desktop\WriteWay.lnk
2012-01-12 10:34 - 2009-02-20 11:28 - 0000761 ____A C:\Windows\System32\Drivers\etc\tmvsthfud.bin
2012-01-12 10:34 - 2009-02-20 11:28 - 0000761 ____A C:\Windows\System32\Drivers\etc\tmvsthfss.bin
2012-01-12 10:34 - 2006-11-02 07:42 - 0032568 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-12 10:33 - 2010-04-24 10:23 - 0000000 ____D C:\Users\owner\Documents\Cub Scouts
2012-01-12 10:08 - 2011-12-24 19:03 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-12 10:04 - 2009-12-15 16:32 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744571196-950336405-3538959345-1000UA.job
2012-01-12 10:04 - 2008-12-09 16:12 - 0098111 ____A C:\Users\All Users\nvModes.dat
2012-01-12 10:04 - 2008-12-09 16:12 - 0098111 ____A C:\ProgramData\nvModes.dat
2012-01-12 09:44 - 2009-12-15 16:32 - 0000000 ____D C:\Users\owner\AppData\Local\Deployment
2012-01-12 08:57 - 2010-02-22 10:29 - 0000000 ____D C:\Users\owner\Documents\Recipes
2012-01-12 07:59 - 2009-12-15 16:32 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1744571196-950336405-3538959345-1000Core.job
2012-01-12 04:07 - 2009-03-04 03:39 - 0000000 ____D C:\Users\owner\Documents\Bills & Banking Paid from BOA
2012-01-12 04:01 - 2009-03-19 09:19 - 0000000 ____D C:\Users\owner\Documents\Orders & Confirmations
2012-01-12 03:47 - 2009-01-29 10:23 - 0045056 ____A C:\Windows\System32\acovcnt.exe
2012-01-12 00:53 - 2011-12-23 04:41 - 0000391 ____A C:\Windows\TMFilter.log
2012-01-12 00:52 - 2009-01-29 10:22 - 0000000 ____D C:\users\owner
2012-01-12 00:22 - 2006-11-02 04:35 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-01-12 00:18 - 2009-06-06 09:43 - 0843580 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-11 04:52 - 2009-07-17 14:00 - 0000438 ___AH C:\Windows\Tasks\Norton Security Scan for owner.job
2012-01-09 17:27 - 2012-01-09 17:27 - 0358223 ____A C:\Users\owner\Documents\App4FS&MedSignon.docx
2012-01-09 10:26 - 2012-01-09 10:26 - 0000162 ___AH C:\Users\owner\Documents\~$4.docx
2012-01-09 10:25 - 2012-01-09 10:25 - 0025086 ____A C:\Users\owner\Documents\4.docx
2012-01-08 11:39 - 2009-02-24 04:45 - 0000000 ____D C:\World of Warcraft
2012-01-08 00:00 - 2011-05-22 10:08 - 0000462 ____A C:\Windows\Tasks\FixCleaner Scan.job
2012-01-07 19:52 - 2011-12-23 04:42 - 0061246 ____A C:\Windows\PFRO.log
2012-01-07 19:48 - 2012-01-07 19:48 - 0000000 ____D C:\Users\owner\Documents\Baby Hatman 2
2012-01-07 19:47 - 2012-01-07 19:47 - 0082944 ____A C:\Users\owner\Documents\Merry Christmas 2011.pub
2012-01-07 00:02 - 2009-12-15 16:35 - 0002049 ____A C:\Users\owner\Desktop\Google Chrome.lnk
2012-01-05 15:04 - 2012-01-05 15:04 - 0195072 ____A C:\Users\owner\Documents\Thank you Santa.pub
2012-01-03 09:50 - 2010-10-30 20:37 - 0059822 ____A C:\Users\owner\Desktop\Budget.xlsx
2012-01-03 09:35 - 2012-01-03 09:35 - 0022006 ____A C:\Users\owner\Documents\40 Bags in 40 Days.docx
2012-01-03 09:34 - 2012-01-03 09:34 - 0023260 ____A C:\Users\owner\Documents\Areas to clean in house.docx
2012-01-03 09:28 - 2011-07-29 19:02 - 0000000 ____D C:\Users\owner\AppData\Roaming\Origin
2012-01-03 09:27 - 2012-01-03 09:27 - 0000537 ____A C:\Windows\KB893803v2.log
2012-01-03 09:27 - 2011-07-29 19:01 - 0000825 ____A C:\Users\Public\Desktop\Origin.lnk
2012-01-03 09:27 - 2011-07-29 19:01 - 0000000 ____D C:\Program Files (x86)\Origin
2011-12-30 22:37 - 2011-12-30 22:37 - 0026533 ____A C:\Users\owner\Documents\Job Position HTML 5 Web Designer outline.docx
2011-12-24 19:04 - 2009-01-29 10:25 - 0000000 ____D C:\Users\owner\AppData\LocalLow
2011-12-24 19:04 - 2008-09-19 03:07 - 0000000 ____D C:\Program Files (x86)\Google
2011-12-24 19:02 - 2009-02-22 00:24 - 0000000 ____D C:\Users\owner\Desktop\dls&setups
2011-12-23 04:50 - 2011-05-02 05:25 - 0000000 ____D C:\Users\owner\Desktop\misc crap
2011-12-23 04:23 - 2011-05-12 07:20 - 0000000 ____D C:\Users\owner\Documents\Crochet Patterns
2011-12-22 13:14 - 2011-06-14 06:33 - 0000312 ____A C:\Users\owner\Desktop\Curse Client.appref-ms
2011-12-22 10:04 - 2010-04-04 09:26 - 0000000 ____D C:\Users\owner\Documents\Addresses
2011-12-20 21:50 - 2011-12-20 21:50 - 0000133 ____A C:\Users\owner\Documents\Fels Naptha Coupon Phone Number.txt
2011-12-17 17:59 - 2010-11-03 04:55 - 0000000 ____D C:\Users\owner\Documents\Crafts
2011-12-15 23:43 - 2011-10-04 05:17 - 0000000 ____D C:\Users\owner\Documents\Garden
2011-12-15 14:16 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache
2011-12-15 14:00 - 2006-11-02 07:21 - 0618592 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-15 12:13 - 2011-12-15 12:13 - 0000000 ____D C:\Users\owner\Documents\Hatman Family
2011-12-15 11:50 - 2010-01-02 12:07 - 0000000 ____D C:\Users\owner\Documents\Baby Hatman
2011-12-15 11:47 - 2011-08-27 17:48 - 0000105 ____A C:\Users\owner\Documents\Jeremiahs Guest List for Thank Yous.txt
2011-12-15 11:36 - 2008-09-19 03:18 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-15 11:36 - 2008-09-19 03:18 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-13 07:13 - 2011-12-13 07:13 - 0268518 ____A C:\Users\owner\Documents\Kids Candy Land Gingerbread House.docx
2011-12-13 07:10 - 2011-12-13 07:10 - 0774908 ____A C:\Users\owner\Documents\Discount for HolyClothing expires Dec 19th 2011.docx
2011-12-10 02:09 - 2011-12-10 02:09 - 0000000 ____D C:\Users\owner\Documents\Brochure Templates
2011-12-10 02:04 - 2011-12-10 02:04 - 0050301 ____A C:\Users\owner\Documents\Brochure Template.docx
2011-12-10 01:07 - 2011-06-21 10:46 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-10 01:06 - 2011-12-10 01:06 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-08 15:22 - 2009-11-25 12:40 - 0000000 ____D C:\Users\owner\Documents\Nathan
2011-12-07 09:39 - 2009-02-21 22:06 - 0051712 ____A C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-07 09:37 - 2011-12-07 09:37 - 0000000 ____A C:\Users\owner\Start Menu\Programs\Startup\CurseClientStartup.ccip
2011-12-07 09:37 - 2011-12-07 09:37 - 0000000 ____A C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
2011-12-06 15:06 - 2010-06-02 05:21 - 0031879 ____A C:\Users\owner\Documents\resume_kelliehatman.docx
2011-11-29 16:45 - 2009-06-07 16:23 - 0000000 ____D C:\Users\owner\Documents\Writing
2011-11-25 22:01 - 2009-12-28 10:39 - 0000000 ____D C:\Windows\pss
2011-11-25 21:45 - 2011-11-25 21:45 - 0000000 ____D C:\Users\owner\AppData\Local\{CB324588-3047-43DF-B988-4809A836C2BC}
2011-11-25 21:45 - 2011-11-25 21:45 - 0000000 ____D C:\Users\owner\AppData\Local\{93778B19-9CBB-4FD5-B481-C84542B2B190}
2011-11-25 21:44 - 2009-06-02 17:13 - 0000000 ____D C:\Users\owner\Tracing
2011-11-25 18:05 - 2011-03-07 15:31 - 0000000 ____D C:\Users\owner\Documents\DIY & Home Stuff
2011-11-25 08:25 - 2012-01-11 11:44 - 0451072 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-11-23 05:57 - 2011-12-14 15:06 - 2764800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-22 13:18 - 2011-11-22 13:18 - 7268154 ____A C:\Users\owner\Desktop\EN_2010_10___09210_000_000.pdf
2011-11-22 13:10 - 2011-11-22 13:10 - 7268154 ____A C:\Users\owner\Documents\ENSIGN_2010_10_TEMPLES.pdf
2011-11-18 12:55 - 2012-01-11 11:44 - 1585152 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-18 12:55 - 2012-01-11 11:44 - 1167984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-18 10:07 - 2012-01-11 11:44 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-18 09:47 - 2012-01-11 11:44 - 0066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-16 07:08 - 2009-07-29 18:01 - 0000000 ____D C:\Users\owner\Desktop\How Tos
2011-11-12 13:58 - 2011-11-12 06:37 - 0000000 ____D C:\Users\owner\Documents\Clothes-Patterns-and-Stuff
2011-11-10 14:43 - 2011-11-10 14:43 - 0000000 ____D C:\Users\owner\AppData\Local\{3AE27199-28E5-464F-A9F4-106D01B2B598}
2011-11-10 14:43 - 2011-11-10 14:42 - 0000000 ____D C:\Users\owner\AppData\Local\{39D9AA58-EB06-4053-9BCE-60736BD5E8AE}
2011-11-10 00:24 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-09 13:43 - 2011-11-09 13:43 - 0000000 ____D C:\Users\owner\AppData\Local\{DC5D15F8-F169-45D5-9AE9-5B36F0F46C81}
2011-11-09 13:43 - 2011-11-09 13:43 - 0000000 ____D C:\Users\owner\AppData\Local\{68C02C8F-D0C6-4FA9-A083-385979618CF2}
2011-11-09 06:52 - 2011-11-09 06:52 - 0000000 ____D C:\Users\owner\AppData\Local\{185145C4-D944-4B9B-8E93-FA9D2684500C}
2011-11-08 06:58 - 2011-12-14 15:07 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-08 06:42 - 2011-12-14 15:07 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-07 12:43 - 2011-11-07 12:43 - 0000000 ____D C:\Users\owner\AppData\Local\{DE520663-CDD6-4D2A-BBF9-E998BD100839}
2011-11-07 12:43 - 2011-11-07 12:43 - 0000000 ____D C:\Users\owner\AppData\Local\{68202093-6D6A-4C26-8AE7-8A361C0FE6BB}
2011-11-05 11:47 - 2011-11-05 11:47 - 0009187 ____A C:\Users\owner\Documents\Meal Plan BLD.xlsx
2011-11-04 19:30 - 2011-11-04 19:29 - 0000000 ____D C:\Users\owner\AppData\Local\{C32824E2-785A-4D79-AC8E-11C284B37B4E}
2011-11-04 19:29 - 2011-11-04 19:29 - 0000000 ____D C:\Users\owner\AppData\Local\{AD96C504-542F-4774-84AE-4F49A22E5053}
2011-11-04 15:37 - 2011-11-04 15:37 - 0000000 ____D C:\Users\owner\AppData\Local\{E2DEBB60-4E10-4F09-B1F6-3648BD9772F3}
2011-11-03 11:44 - 2011-11-03 11:44 - 0000000 ____D C:\Users\owner\AppData\Local\{12E42633-814B-4C45-8DB0-1DE6735B48BC}
2011-11-03 11:44 - 2011-11-03 11:43 - 0000000 ____D C:\Users\owner\AppData\Local\{DCBAA57C-8A9B-48F6-8426-D702699B2E78}
2011-11-03 11:37 - 2011-11-03 11:37 - 0000000 ____D C:\Users\owner\AppData\Local\{624A006B-38BF-4677-8606-ABAF5A330075}
2011-11-03 11:37 - 2011-11-03 11:37 - 0000000 ____D C:\Users\owner\AppData\Local\{12BD8BC8-238C-4B80-8555-2976268457F0}
2011-11-03 05:52 - 2011-11-03 05:52 - 0000000 ____D C:\Users\owner\AppData\Local\{2944519A-8AB7-451E-BB85-CC437413CF0A}
2011-11-02 22:55 - 2011-12-14 15:06 - 1488384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-02 22:55 - 2011-12-14 15:06 - 1147392 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-02 22:54 - 2011-12-14 15:06 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-02 22:53 - 2011-12-14 15:06 - 0243712 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-11-02 22:51 - 2011-12-14 15:06 - 1062912 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-11-02 22:50 - 2011-12-14 15:06 - 9292288 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-02 22:50 - 2011-12-14 15:06 - 0710656 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-11-02 22:50 - 2011-12-14 15:06 - 0096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-02 22:50 - 2011-12-14 15:06 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-11-02 22:50 - 2011-12-14 15:06 - 0056832 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-11-02 22:50 - 2011-12-14 15:06 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-02 22:49 - 2011-12-14 15:06 - 2350592 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-02 22:49 - 2011-12-14 15:06 - 1538560 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-02 22:49 - 2011-12-14 15:06 - 12476928 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-02 22:49 - 2011-12-14 15:06 - 0459776 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-11-02 22:49 - 2011-12-14 15:06 - 0252416 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-11-02 22:49 - 2011-12-14 15:06 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-02 22:49 - 2011-12-14 15:06 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-11-02 22:49 - 2011-12-14 15:06 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-11-02 22:49 - 2011-12-14 15:06 - 0072192 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-11-02 22:22 - 2011-12-14 15:06 - 0916992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-02 22:21 - 2011-12-14 15:06 - 1212416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-02 22:21 - 2011-12-14 15:06 - 0105984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-02 22:20 - 2011-12-14 15:06 - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-11-02 22:18 - 2011-12-14 15:06 - 5978112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-02 22:18 - 2011-12-14 15:06 - 0611840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-11-02 22:18 - 2011-12-14 15:06 - 0602112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-11-02 22:18 - 2011-12-14 15:06 - 0066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-02 22:18 - 2011-12-14 15:06 - 0055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-11-02 22:17 - 2011-12-14 15:06 - 2000384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-02 22:17 - 2011-12-14 15:06 - 1469440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-11-02 22:17 - 2011-12-14 15:06 - 11081728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-02 22:17 - 2011-12-14 15:06 - 0387584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-11-02 22:17 - 2011-12-14 15:06 - 0184320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-11-02 22:17 - 2011-12-14 15:06 - 0164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-11-02 22:17 - 2011-12-14 15:06 - 0109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-11-02 22:17 - 2011-12-14 15:06 - 0071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-11-02 22:17 - 2011-12-14 15:06 - 0055808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-11-02 22:17 - 2011-12-14 15:06 - 0043520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-11-02 22:17 - 2011-12-14 15:06 - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-02 21:54 - 2011-12-14 15:06 - 0479232 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-11-02 21:22 - 2011-12-14 15:06 - 0385024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-11-02 21:11 - 2011-12-14 15:06 - 0162816 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-11-02 21:11 - 2011-12-14 15:06 - 0070656 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-11-02 21:11 - 2011-12-14 15:06 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-11-02 21:10 - 2011-12-14 15:06 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-02 20:45 - 2011-12-14 15:06 - 0174080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-11-02 20:45 - 2011-12-14 15:06 - 0133632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-11-02 20:44 - 2011-12-14 15:06 - 0013312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-11-02 20:43 - 2011-12-14 15:06 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-02 18:31 - 2011-01-06 07:07 - 0000000 ____D C:\Program Files (x86)\TrojanHunter 5.3

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4094.29 MB
Available physical RAM: 3474.37 MB
Total Pagefile: 3799.55 MB
Available Pagefile: 3450.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Vista64) (Fixed) (Total:287.35 GB) (Free:58.32 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (CD_ROM) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS
5 Drive g: () (Removable) (Total:0.23 GB) (Free:0.14 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 238 MB 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 11 GB 32 KB
Partition 2 Primary 287 GB 11 GB

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Vista64 NTFS Partition 287 GB Healthy

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 238 MB 52 KB

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 238 MB Healthy

==========================================================

Last Boot: 2012-01-17 08:35

======================= End Of Log ==========================

Still not able to boot into Windows regularly. After I ran the Frst and Fix per your instructions, it automatically tried to boot up. I let it go and it took me to the screen to enter my password, which I did, but now it's just sitting there with the Windows splash screen "thinking" like it's trying to load up, but not getting past that into my desktop.

Edited by Oddyssey, 30 January 2012 - 07:06 AM.


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,841 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:33 PM

Posted 30 January 2012 - 10:05 AM

Can you boot in Safe Mode?

Tap on F8 during startup to enter the Advanced Menu. Select Safe Mode.

Let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Oddyssey

Oddyssey
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 30 January 2012 - 06:46 PM

Yes, ridiculously slowly, but yes, it does boot up in safe mode... I was even able to get safe mode with networking to boot up.

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,841 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:33 PM

Posted 30 January 2012 - 07:50 PM

Perhaps is due to a program or driver. Perform a clean boot.

Boot in Safe Mode.

Click on the Start button, type Msconfig on the search box and press Enter. The Configuration Utility will be displayed. Select the Startup Tab and deselect all items therein. Select the Services tab. Put a check mark to hide Microsoft services, then deselect the all of the remainder services. Click on Apply, then on OK (Close), restart when prompted.

Let me know if that speed things up.

Edited by JSntgRvr, 30 January 2012 - 07:51 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 Oddyssey

Oddyssey
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 30 January 2012 - 09:08 PM

Yes, it helped a little, but still seemed a bit slow to actually get to the login screen where I put my password.

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,841 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:33 PM

Posted 30 January 2012 - 10:50 PM

Lets scan the computer.

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Edited by JSntgRvr, 30 January 2012 - 10:52 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users