Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After malware removal, Windows 7 won't boot


  • This topic is locked This topic is locked
37 replies to this topic

#1 AyZin Vin

AyZin Vin

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 18 December 2012 - 07:20 AM

I removed malware from my computer with avast, and when I restarted Windows I just got a black screen and a cursor. I have read other forum posts and got no results. I attached a FRST log, but I don't know what to do next, I don't understand any of this computer stuff. I don't have any fix cds or anything. Please help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 7 days old)
Ran by SYSTEM at 18-12-2012 22:08:04
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I [286720 2010-11-07] (Babylon Ltd.)
HKLM-x32\...\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart [3292784 2011-05-19] (Babylon Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Fxiziqayoqanejob] rundll32.exe "C:\Users\Vincent\AppData\Local\egoresoxiwuv.dll",Startup [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4297136 2012-10-31] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKU\Mcx1-VINCENT-PC\...\RunOnce: [avg_spchecker] "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start [x]
HKU\Mcx1-VINCENT-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-14] (Microsoft Corporation)
HKU\Vincent\...\Run: [Google Update] "C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-28] (Google Inc.)
HKU\Vincent\...\Run: [Ucorol] rundll32.exe "C:\Users\Vincent\AppData\Local\p2gIO10.dll",Startup [x]
HKU\Vincent\...\Run: [Fxiziqayoqanejob] rundll32.exe "C:\Users\Vincent\AppData\Local\egoresoxiwuv.dll",Startup [x]
HKU\Vincent\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [445624 2012-09-12] (Sony)
HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-09-18] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (GamersFirst)

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44808 2012-10-31] (AVAST Software)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-05] ()
2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [x]
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

1 archlp; C:\Windows\SysWow64\Drivers\archlp.sys [10624 2008-01-25] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-31] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-31] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-06-29] (ALWIL Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-31] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-31] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-31] (AVAST Software)
3 hitmanpro35; C:\Windows\System32\Drivers\hitmanpro35.sys [23112 2011-07-04] ()
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-21] (CACE Technologies, Inc.)
3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2012-01-27] (Texas Instruments)
3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-16 14:39 - 2012-12-16 14:47 - 46578626 ____A C:\Users\Vincent\Downloads\Watch Sword Art Online Episode 24 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:39 - 2012-12-16 14:45 - 63178035 ____A C:\Users\Vincent\Downloads\Watch Busou Shinki Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:39 - 2012-12-16 14:43 - 45227668 ____A C:\Users\Vincent\Downloads\Watch Little Busters! Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:38 - 2012-12-16 14:45 - 45795119 ____A C:\Users\Vincent\Downloads\Watch To LOVE-Ru Darkness Episode 10 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:38 - 2012-12-16 14:43 - 33842137 ____A C:\Users\Vincent\Downloads\Watch Say I Love You Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-13 17:33 - 2012-11-09 13:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-13 17:33 - 2012-11-09 12:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-13 17:31 - 2012-11-22 11:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-13 17:30 - 2012-11-12 22:20 - 09055744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 17:30 - 2012-11-12 21:24 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-13 17:30 - 2012-10-27 14:26 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-13 17:30 - 2012-10-27 14:23 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-13 17:30 - 2012-10-27 13:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 17:30 - 2012-10-27 13:49 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 17:29 - 2012-11-12 20:28 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 17:29 - 2012-11-12 19:52 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 17:29 - 2012-10-27 14:26 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-13 17:29 - 2012-10-27 14:26 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-13 17:29 - 2012-10-27 14:24 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 17:29 - 2012-10-27 14:24 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-13 17:29 - 2012-10-27 14:23 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-13 17:29 - 2012-10-27 14:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-13 17:29 - 2012-10-27 13:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 17:29 - 2012-10-27 13:51 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 17:29 - 2012-10-27 13:49 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 17:29 - 2012-10-27 13:49 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 17:29 - 2012-10-27 13:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 17:29 - 2012-10-27 13:49 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 17:29 - 2012-10-27 13:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 17:28 - 2012-11-06 05:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-13 17:28 - 2012-11-06 04:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-13 17:28 - 2012-11-06 04:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-13 17:28 - 2012-11-06 04:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-13 17:27 - 2012-10-05 01:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-13 17:27 - 2012-10-05 01:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-13 17:27 - 2012-10-05 01:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-13 17:27 - 2012-10-04 23:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-13 17:26 - 2012-10-05 01:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-13 17:26 - 2012-10-05 01:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-13 17:26 - 2012-10-05 01:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-13 17:26 - 2012-10-05 01:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-13 17:26 - 2012-10-05 00:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-13 17:26 - 2012-10-05 00:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-13 17:26 - 2012-10-04 22:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-13 17:26 - 2012-10-04 22:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-13 17:26 - 2012-10-04 22:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-13 17:26 - 2012-10-04 22:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-13 17:26 - 2012-10-04 22:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-13 17:26 - 2012-10-04 22:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 17:26 - 2012-10-04 22:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 17:26 - 2012-10-04 22:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-13 17:23 - 2012-11-02 13:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-13 17:23 - 2012-11-02 13:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-13 16:42 - 2012-12-13 16:51 - 00524410 ____A C:\Users\Vincent\Downloads\PKMNBLK2U.dsv
2012-12-11 15:36 - 2012-12-11 15:37 - 05763394 ____A C:\Users\Vincent\Downloads\BigBoiDesignsHD Youtube Templates.zip
2012-12-09 20:53 - 2012-12-09 20:55 - 48748193 ____A C:\Users\Vincent\Downloads\Rooster Teeth · RT Podcast #195.m4a
2012-12-07 17:21 - 2012-12-07 17:24 - 22917150 ____A C:\Users\Vincent\Downloads\Gintama Shinyaku - Best Dub Ever - YouTube.flv
2012-12-03 16:44 - 2012-12-03 04:38 - 00524288 ____A C:\Users\Vincent\Desktop\PKMNBLK2U.sav
2012-12-03 16:43 - 2012-12-03 16:39 - 00524288 ____A C:\Users\Vincent\Desktop\pokesav.sav.bak
2012-12-03 16:39 - 2012-12-03 16:43 - 00524288 ____A C:\Users\Vincent\Desktop\pokesav.sav
2012-12-01 16:51 - 2010-09-26 06:12 - 00421376 ____A C:\Users\Vincent\Desktop\Pokesav Black and White - PSN.exe
2012-12-01 16:31 - 2012-12-01 16:31 - 00000136 ____A C:\Users\Vincent\Desktop\tepig.pkm
2012-12-01 16:26 - 2012-08-16 18:19 - 04441088 ____A () C:\Users\Vincent\Desktop\PokeGen.exe
2012-11-27 17:11 - 2012-11-27 17:20 - 01477804 ____A C:\Users\Vincent\Desktop\pokemon spec.psd


==================== One Month Modified Files and Folders =======

2012-12-18 21:27 - 2012-12-18 21:27 - 00000000 ____D C:\FRST
2012-12-18 18:37 - 2011-08-23 15:35 - 365181467 ____A C:\Windows\MEMORY.DMP
2012-12-18 18:37 - 2011-08-23 15:35 - 00000000 ____D C:\Windows\Minidump
2012-12-18 18:37 - 2011-06-27 15:15 - 00000312 __ASH C:\Windows\Tasks\ZFTRRFDVTI.job
2012-12-18 18:37 - 2009-07-14 13:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-18 18:37 - 2009-07-14 12:51 - 00162148 ____A C:\Windows\setupact.log
2012-12-17 16:54 - 2009-07-14 12:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-17 16:54 - 2009-07-14 12:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-17 16:10 - 2012-10-12 14:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-17 16:08 - 2011-05-28 14:12 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3880377334-3590772397-3860717219-1001UA.job
2012-12-17 15:34 - 2011-06-27 15:15 - 00000294 ___AH C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
2012-12-17 15:33 - 2011-06-27 15:15 - 00000294 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2012-12-17 15:32 - 2011-12-01 12:55 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-12-17 15:31 - 2011-10-07 18:29 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2012-12-17 15:31 - 2011-03-08 09:27 - 00000000 ____D C:\Program Files\Dell Support Center
2012-12-17 15:31 - 2011-03-08 09:27 - 00000000 ____D C:\Program Files (x86)\System Registration
2012-12-17 15:31 - 2011-03-08 09:14 - 00000000 ____D C:\Program Files (x86)\Multimedia Card Reader(9106)
2012-12-17 15:30 - 2012-01-11 15:32 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2012-12-17 15:30 - 2011-12-23 11:15 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-12-17 15:30 - 2011-06-03 14:42 - 00000000 ____D C:\Program Files (x86)\Tunngle
2012-12-17 15:30 - 2011-03-08 09:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-12-16 20:09 - 2011-06-03 14:43 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2012-12-16 20:09 - 2009-07-14 13:10 - 01155571 ____A C:\Windows\WindowsUpdate.log
2012-12-16 20:08 - 2011-10-07 18:28 - 00000000 ____D C:\Users\Vincent\Application Data\BitTorrent
2012-12-16 20:08 - 2011-10-07 18:28 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\BitTorrent
2012-12-16 18:56 - 2011-06-17 16:41 - 02120192 __ASH C:\Users\Vincent\Downloads\Thumbs.db
2012-12-16 15:42 - 2012-02-24 14:29 - 00439771 ____A C:\Windows\SysWOW64\TVersityMediaServer.log
2012-12-16 15:41 - 2011-09-03 07:38 - 00000000 ____D C:\Users\Vincent\Desktop\anime
2012-12-16 15:41 - 2011-05-28 19:59 - 00000000 ____D C:\Users\Vincent\Application Data\vlc
2012-12-16 15:41 - 2011-05-28 19:59 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\vlc
2012-12-16 14:47 - 2012-12-16 14:39 - 46578626 ____A C:\Users\Vincent\Downloads\Watch Sword Art Online Episode 24 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:45 - 2012-12-16 14:39 - 63178035 ____A C:\Users\Vincent\Downloads\Watch Busou Shinki Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:45 - 2012-12-16 14:38 - 45795119 ____A C:\Users\Vincent\Downloads\Watch To LOVE-Ru Darkness Episode 10 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:43 - 2012-12-16 14:39 - 45227668 ____A C:\Users\Vincent\Downloads\Watch Little Busters! Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:43 - 2012-12-16 14:38 - 33842137 ____A C:\Users\Vincent\Downloads\Watch Say I Love You Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:10 - 2011-07-08 15:21 - 00000000 ____D C:\Users\Vincent\Local Settings\LogMeIn Hamachi
2012-12-16 14:10 - 2011-07-08 15:21 - 00000000 ____D C:\Users\Vincent\Local Settings\Application Data\LogMeIn Hamachi
2012-12-16 14:10 - 2011-07-08 15:21 - 00000000 ____D C:\Users\Vincent\AppData\Local\LogMeIn Hamachi
2012-12-16 14:09 - 2011-05-28 14:23 - 00000000 ____D C:\Users\All Users\Babylon
2012-12-16 14:09 - 2011-05-28 14:23 - 00000000 ____D C:\Users\All Users\Application Data\Babylon
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-12-14 13:52 - 2009-07-14 12:45 - 05073416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-13 18:00 - 2011-05-28 16:13 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-13 18:00 - 2011-05-28 16:13 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-12-13 16:51 - 2012-12-13 16:42 - 00524410 ____A C:\Users\Vincent\Downloads\PKMNBLK2U.dsv
2012-12-13 13:08 - 2011-05-28 14:12 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3880377334-3590772397-3860717219-1001Core.job
2012-12-13 12:15 - 2011-05-28 14:13 - 00002503 ____A C:\Users\Vincent\Desktop\Google Chrome.lnk
2012-12-13 12:01 - 2012-01-11 15:32 - 00000280 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2012-12-12 18:08 - 2011-06-17 16:42 - 08762880 __ASH C:\Users\Vincent\Desktop\Thumbs.db
2012-12-12 15:32 - 2012-01-11 15:32 - 00000288 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job
2012-12-11 15:37 - 2012-12-11 15:36 - 05763394 ____A C:\Users\Vincent\Downloads\BigBoiDesignsHD Youtube Templates.zip
2012-12-11 10:34 - 2012-10-31 12:26 - 00002028 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2012-12-11 10:34 - 2012-10-31 12:26 - 00002028 ____A C:\Users\All Users\Desktop\Sony PC Companion 2.1.lnk
2012-12-11 10:34 - 2011-05-28 14:27 - 00192794 ____A C:\Windows\DPINST.LOG
2012-12-11 10:31 - 2011-03-08 09:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-12-09 20:55 - 2012-12-09 20:53 - 48748193 ____A C:\Users\Vincent\Downloads\Rooster Teeth · RT Podcast #195.m4a
2012-12-09 11:30 - 2011-05-28 14:04 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-12-07 17:24 - 2012-12-07 17:21 - 22917150 ____A C:\Users\Vincent\Downloads\Gintama Shinyaku - Best Dub Ever - YouTube.flv
2012-12-03 16:43 - 2012-12-03 16:39 - 00524288 ____A C:\Users\Vincent\Desktop\pokesav.sav
2012-12-03 16:39 - 2012-12-03 16:43 - 00524288 ____A C:\Users\Vincent\Desktop\pokesav.sav.bak
2012-12-03 04:38 - 2012-12-03 16:44 - 00524288 ____A C:\Users\Vincent\Desktop\PKMNBLK2U.sav
2012-12-02 13:36 - 2012-02-26 11:35 - 00003909 ____A C:\Users\All Users\hpzinstall.log
2012-12-02 13:36 - 2012-02-26 11:35 - 00003909 ____A C:\Users\All Users\Application Data\hpzinstall.log
2012-12-02 13:31 - 2011-03-09 01:04 - 01123924 ____A C:\Windows\PFRO.log
2012-12-01 16:31 - 2012-12-01 16:31 - 00000136 ____A C:\Users\Vincent\Desktop\tepig.pkm
2012-12-01 11:53 - 2012-07-29 19:57 - 00000000 ____D C:\Users\Vincent\Desktop\DS
2012-12-01 09:45 - 2012-03-28 13:46 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-11-27 17:20 - 2012-11-27 17:11 - 01477804 ____A C:\Users\Vincent\Desktop\pokemon spec.psd
2012-11-24 18:41 - 2012-05-04 21:14 - 00000000 ____D C:\Users\Vincent\Desktop\Pics
2012-11-22 13:13 - 2012-03-28 13:47 - 00001935 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-11-22 13:13 - 2012-03-28 13:47 - 00001935 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
2012-11-22 12:25 - 2011-03-08 09:32 - 00000000 ____D C:\Users\All Users\Sonic
2012-11-22 12:25 - 2011-03-08 09:32 - 00000000 ____D C:\Users\All Users\Application Data\Sonic
2012-11-22 11:26 - 2012-12-13 17:31 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-19 12:23 - 2009-07-14 13:08 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6103.12 MB
Available physical RAM: 5407.79 MB
Total Pagefile: 6101.27 MB
Available Pagefile: 5408.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:919.13 GB) (Free:463.42 GB) NTFS
3 Drive e: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT32
8 Drive j: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 1928 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 133 MB 31 KB
Partition 2 Primary 12 GB 134 MB
Partition 3 Primary 919 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 133 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 J RECOVERY NTFS Partition 12 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1928 MB 0 B

==================================================================================

Disk: 5
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-01-23 09:14

==================== End Of Log =============================

Attached Files


Edited by Farbar, 18 December 2012 - 04:00 PM.
Opened the log


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:26 PM

Posted 18 December 2012 - 04:06 PM

Hello AyZin Vin,

Welcome to the forum.

Please refrain from doing any fix or making any changes to the system from now on until we are done unless you decide you can do the rest on your own. Thank you.

Please copy and paste the log to your reply instead of attaching them unless it is requested to attach them.

  • Please download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix64 application to the USB drive. You don't need to run the tool. FRST will use the tool automatically.
  • Please download Attached File  fixlist.txt   1.71KB   17 downloads
    Save it to your flash drive.
  • Now please enter System Recovery Options and select "Command Prompt".

    Run FRST64 and press the Fix button just once and wait.

    The tool will make a log on the flashdrive (Fixlog.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.


#3 AyZin Vin

AyZin Vin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 18 December 2012 - 10:05 PM

Here is my FixLog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-19 13:59:23 Run:2
Running from J:\

==============================================

HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Babylon Client Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Fxiziqayoqanejob Value deleted successfully.
HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG9_TRAY Value deleted successfully.
C:\Users\Vincent\AppData\Local\egoresoxiwuv.dll not found.
HKEY_USERS\Mcx1-VINCENT-PC\Software\Microsoft\Windows\CurrentVersion\RunOnce\\avg_spchecker Value deleted successfully.
HKEY_USERS\Mcx1-VINCENT-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
HKEY_USERS\Vincent\Software\Microsoft\Windows\CurrentVersion\Run\\Ucorol Value deleted successfully.
C:\Users\Vincent\AppData\Local\p2gIO10.dll not found.
HKEY_USERS\Vincent\Software\Microsoft\Windows\CurrentVersion\Run\\Fxiziqayoqanejob Value deleted successfully.
C:\Users\Vincent\AppData\Local\egoresoxiwuv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*WerKernelReporting Value deleted successfully.
avg9wd service deleted successfully.
hitmanpro35 service deleted successfully.
C:\Windows\Tasks\ZFTRRFDVTI.job moved successfully.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Users\Vincent\Downloads\Thumbs.db moved successfully.
MBRDUMP.txt is made successfully.

==== End of Fixlog ====

I attached the MBRDump.
Thanks for the fast reply
Attached File  MBRDUMP.txt   512bytes   5 downloads

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:26 PM

Posted 19 December 2012 - 05:42 AM

The MBR is clean.

Please restart the computer and tell me how far the computer goes and at what stage you get the issue.

#5 AyZin Vin

AyZin Vin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 19 December 2012 - 09:11 AM

It is the same as before, after the Windows logo I just get a black screen and a cursor.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:26 PM

Posted 19 December 2012 - 09:22 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4297136 2012-10-31] (AVAST Software)
2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [x]
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
DisableService: avast! Antivirus
DisableService: aswFsBlk
DisableService: aswMonFlt
DisableService: aswRdr
DisableService: aswSnx
DisableService: aswSP
DisableService: aswTdi
cmd: bcdedit /enum all
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Please restart the computer and tell me how far the computer goes and at what stage you get the issue.

Edited by Farbar, 19 December 2012 - 01:43 PM.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:26 PM

Posted 19 December 2012 - 01:44 PM

I just edited the previous post to add a line to the fix script.

#8 AyZin Vin

AyZin Vin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 20 December 2012 - 01:04 AM

still the same as before, after the Windows logo, there is still just a black screen and cursor.
here is the fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-20 16:52:28 Run:3
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\avast Value deleted successfully.
avg9wd service not found.
McAWFwk service deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Antivirus was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswFsBlk was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMonFlt was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswRdr was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswSnx was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswSP was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswTdi was disabled.

========= bcdedit /enum all =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=J:
description Windows Boot Manager
locale en-us
inherit {globalsettings}
default {default}
resumeobject {9001e6a0-49a2-11e0-8baf-782bcb7f760a}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-us
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {9001e6a0-49a2-11e0-8baf-782bcb7f760a}
nx OptIn

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[J:]\Recovery\WindowsRE\Winre.wim,{9001e6a3-49a2-11e0-8baf-782bcb7f760a}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[J:]\Recovery\WindowsRE\Winre.wim,{9001e6a3-49a2-11e0-8baf-782bcb7f760a}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {9001e6a0-49a2-11e0-8baf-782bcb7f760a}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=J:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {9001e6a3-49a2-11e0-8baf-782bcb7f760a}
description Ramdisk Options
ramdisksdidevice partition=J:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

========= End of CMD: =========


==== End of Fixlog ====

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:26 PM

Posted 20 December 2012 - 01:55 AM

Let's try this one:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
testsigning on:
nointegritychecks on:
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart and see if there is any change.

Edited by Farbar, 20 December 2012 - 01:59 AM.


#10 AyZin Vin

AyZin Vin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 20 December 2012 - 02:40 AM

No change still, black screen and the cursor.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-20 18:35:39 Run:4
Running from E:\

==============================================


The operation completed successfully.

The operation completed successfully.

==== End of Fixlog ====

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:26 PM

Posted 20 December 2012 - 05:32 AM

We are going to restore the registry from the backup. But if it restored the system you might get some errors at startup. That will be fixed.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    Last Boot: 2012-01-23 09:14
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options and select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • While still in recovery mode, type the following in the command prompt and press Enter:

    chkdsk c: /f

    This will scan the C drive for errors and it might take some time.
  • After the scan finished restart and see if there is any change.


#12 AyZin Vin

AyZin Vin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 20 December 2012 - 06:09 AM

It seems like it has gotten worse.
it says chkdsk doesn't work for raw drives and when I restarted, I got a blue screen of death after the windows logo.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-20 21:48:03 Run:5
Running from E:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:26 PM

Posted 20 December 2012 - 06:28 AM

The change we made is easily reversible. FRST has a back up of the original hives. But a blue screen of dead is a progress and gives us other options to work on, otherwise the fix was our last fix.

FRST is able to read drive C, so it is not a raw drive. Inability the chkdsk error is weird, and it should not have anything to do with replacing the hives.

Please download and run the latest version of FRST64 and post fresh scan.

#14 AyZin Vin

AyZin Vin
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 20 December 2012 - 06:45 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-12-2012
Ran by SYSTEM at 20-12-2012 22:41:32
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [x]
HKU\Vincent\...\Run: [Google Update] "C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-05-28] (Google Inc.)
HKU\Vincent\...\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [445624 2012-09-12] (Sony)
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (GamersFirst)

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-05] ()
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [x]
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [x]
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [x]
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [x]
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [x]
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
2 SftService; "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE" [x]
2 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [x]
2 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [x]

==================== Drivers (Whitelisted) =====================

1 archlp; C:\Windows\SysWow64\Drivers\archlp.sys [10624 2008-01-25] ()
3 hitmanpro35; C:\Windows\System32\Drivers\hitmanpro35.sys [23112 2011-07-04] ()
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-21] (CACE Technologies, Inc.)
3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [x]
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [x]
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [x]
3 mfeavfk01; [x]
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [x]
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [x]
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [x]
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [x]
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-18 21:27 - 2012-12-18 21:27 - 00000000 ____D C:\FRST
2012-12-16 14:39 - 2012-12-16 14:47 - 46578626 ____A C:\Users\Vincent\Downloads\Watch Sword Art Online Episode 24 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:39 - 2012-12-16 14:45 - 63178035 ____A C:\Users\Vincent\Downloads\Watch Busou Shinki Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:39 - 2012-12-16 14:43 - 45227668 ____A C:\Users\Vincent\Downloads\Watch Little Busters! Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:38 - 2012-12-16 14:45 - 45795119 ____A C:\Users\Vincent\Downloads\Watch To LOVE-Ru Darkness Episode 10 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:38 - 2012-12-16 14:43 - 33842137 ____A C:\Users\Vincent\Downloads\Watch Say I Love You Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-13 17:33 - 2012-11-09 13:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-13 17:33 - 2012-11-09 12:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-13 17:31 - 2012-11-22 11:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-13 17:30 - 2012-11-12 22:20 - 09055744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 17:30 - 2012-11-12 21:24 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-13 17:30 - 2012-10-27 14:26 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-13 17:30 - 2012-10-27 14:23 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-13 17:30 - 2012-10-27 13:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 17:30 - 2012-10-27 13:49 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 17:29 - 2012-11-12 20:28 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 17:29 - 2012-11-12 19:52 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 17:29 - 2012-10-27 14:26 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-13 17:29 - 2012-10-27 14:26 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-13 17:29 - 2012-10-27 14:24 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 17:29 - 2012-10-27 14:24 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-13 17:29 - 2012-10-27 14:23 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-13 17:29 - 2012-10-27 14:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-13 17:29 - 2012-10-27 13:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 17:29 - 2012-10-27 13:51 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 17:29 - 2012-10-27 13:49 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 17:29 - 2012-10-27 13:49 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 17:29 - 2012-10-27 13:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 17:29 - 2012-10-27 13:49 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 17:29 - 2012-10-27 13:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 17:28 - 2012-11-06 05:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-13 17:28 - 2012-11-06 04:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-13 17:28 - 2012-11-06 04:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-13 17:28 - 2012-11-06 04:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-13 17:27 - 2012-10-05 01:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-13 17:27 - 2012-10-05 01:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-13 17:27 - 2012-10-05 01:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-13 17:27 - 2012-10-04 23:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-13 17:26 - 2012-10-05 01:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-13 17:26 - 2012-10-05 01:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-13 17:26 - 2012-10-05 01:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-13 17:26 - 2012-10-05 01:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 01:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-13 17:26 - 2012-10-05 00:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-13 17:26 - 2012-10-05 00:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 17:26 - 2012-10-05 00:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-13 17:26 - 2012-10-04 22:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-13 17:26 - 2012-10-04 22:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-13 17:26 - 2012-10-04 22:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-13 17:26 - 2012-10-04 22:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-13 17:26 - 2012-10-04 22:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-13 17:26 - 2012-10-04 22:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 17:26 - 2012-10-04 22:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 17:26 - 2012-10-04 22:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-13 17:23 - 2012-11-02 13:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-13 17:23 - 2012-11-02 13:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-13 16:42 - 2012-12-13 16:51 - 00524410 ____A C:\Users\Vincent\Downloads\PKMNBLK2U.dsv
2012-12-11 15:36 - 2012-12-11 15:37 - 05763394 ____A C:\Users\Vincent\Downloads\BigBoiDesignsHD Youtube Templates.zip
2012-12-09 20:53 - 2012-12-09 20:55 - 48748193 ____A C:\Users\Vincent\Downloads\Rooster Teeth ∑ RT Podcast #195.m4a
2012-12-07 17:21 - 2012-12-07 17:24 - 22917150 ____A C:\Users\Vincent\Downloads\Gintama Shinyaku - Best Dub Ever - YouTube.flv
2012-12-03 16:44 - 2012-12-03 04:38 - 00524288 ____A C:\Users\Vincent\Desktop\PKMNBLK2U.sav
2012-12-03 16:43 - 2012-12-03 16:39 - 00524288 ____A C:\Users\Vincent\Desktop\pokesav.sav.bak
2012-12-03 16:39 - 2012-12-03 16:43 - 00524288 ____A C:\Users\Vincent\Desktop\pokesav.sav
2012-12-01 16:51 - 2010-09-26 06:12 - 00421376 ____A C:\Users\Vincent\Desktop\Pokesav Black and White - PSN.exe
2012-12-01 16:31 - 2012-12-01 16:31 - 00000136 ____A C:\Users\Vincent\Desktop\tepig.pkm
2012-12-01 16:26 - 2012-08-16 18:19 - 04441088 ____A () C:\Users\Vincent\Desktop\PokeGen.exe
2012-11-27 17:11 - 2012-11-27 17:20 - 01477804 ____A C:\Users\Vincent\Desktop\pokemon spec.psd


==================== One Month Modified Files and Folders =======

2012-12-20 21:48 - 2012-12-20 21:48 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-12-20 18:59 - 2009-07-14 12:45 - 00048904 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-20 18:58 - 2011-08-23 15:35 - 273268635 ____A C:\Windows\MEMORY.DMP
2012-12-20 15:47 - 2009-07-14 13:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 15:47 - 2009-07-14 12:51 - 00162540 ____A C:\Windows\setupact.log
2012-12-18 21:27 - 2012-12-18 21:27 - 00000000 ____D C:\FRST
2012-12-18 18:37 - 2011-08-23 15:35 - 00000000 ____D C:\Windows\Minidump
2012-12-17 16:54 - 2009-07-14 12:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-17 16:54 - 2009-07-14 12:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-17 16:10 - 2012-10-12 14:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-17 16:08 - 2011-05-28 14:12 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3880377334-3590772397-3860717219-1001UA.job
2012-12-17 15:32 - 2011-12-01 12:55 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-12-17 15:31 - 2011-10-07 18:29 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2012-12-17 15:31 - 2011-03-08 09:27 - 00000000 ____D C:\Program Files\Dell Support Center
2012-12-17 15:31 - 2011-03-08 09:27 - 00000000 ____D C:\Program Files (x86)\System Registration
2012-12-17 15:31 - 2011-03-08 09:14 - 00000000 ____D C:\Program Files (x86)\Multimedia Card Reader(9106)
2012-12-17 15:30 - 2012-01-11 15:32 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2012-12-17 15:30 - 2011-12-23 11:15 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-12-17 15:30 - 2011-06-03 14:42 - 00000000 ____D C:\Program Files (x86)\Tunngle
2012-12-17 15:30 - 2011-03-08 09:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-12-16 20:09 - 2011-06-03 14:43 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2012-12-16 20:09 - 2009-07-14 13:10 - 01155571 ____A C:\Windows\WindowsUpdate.log
2012-12-16 20:08 - 2011-10-07 18:28 - 00000000 ____D C:\Users\Vincent\Application Data\BitTorrent
2012-12-16 20:08 - 2011-10-07 18:28 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\BitTorrent
2012-12-16 15:42 - 2012-02-24 14:29 - 00439771 ____A C:\Windows\SysWOW64\TVersityMediaServer.log
2012-12-16 15:41 - 2011-09-03 07:38 - 00000000 ____D C:\Users\Vincent\Desktop\anime
2012-12-16 15:41 - 2011-05-28 19:59 - 00000000 ____D C:\Users\Vincent\Application Data\vlc
2012-12-16 15:41 - 2011-05-28 19:59 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\vlc
2012-12-16 14:47 - 2012-12-16 14:39 - 46578626 ____A C:\Users\Vincent\Downloads\Watch Sword Art Online Episode 24 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:45 - 2012-12-16 14:39 - 63178035 ____A C:\Users\Vincent\Downloads\Watch Busou Shinki Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:45 - 2012-12-16 14:38 - 45795119 ____A C:\Users\Vincent\Downloads\Watch To LOVE-Ru Darkness Episode 10 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:43 - 2012-12-16 14:39 - 45227668 ____A C:\Users\Vincent\Downloads\Watch Little Busters! Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:43 - 2012-12-16 14:38 - 33842137 ____A C:\Users\Vincent\Downloads\Watch Say I Love You Episode 11 Online - English Dubbed-Subbed Episodes.mp4
2012-12-16 14:10 - 2011-07-08 15:21 - 00000000 ____D C:\Users\Vincent\Local Settings\LogMeIn Hamachi
2012-12-16 14:10 - 2011-07-08 15:21 - 00000000 ____D C:\Users\Vincent\Local Settings\Application Data\LogMeIn Hamachi
2012-12-16 14:10 - 2011-07-08 15:21 - 00000000 ____D C:\Users\Vincent\AppData\Local\LogMeIn Hamachi
2012-12-16 14:09 - 2011-05-28 14:23 - 00000000 ____D C:\Users\All Users\Babylon
2012-12-16 14:09 - 2011-05-28 14:23 - 00000000 ____D C:\Users\All Users\Application Data\Babylon
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-12-16 14:08 - 2011-03-08 09:47 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-12-13 18:00 - 2011-05-28 16:13 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-13 18:00 - 2011-05-28 16:13 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-12-13 16:51 - 2012-12-13 16:42 - 00524410 ____A C:\Users\Vincent\Downloads\PKMNBLK2U.dsv
2012-12-13 13:08 - 2011-05-28 14:12 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3880377334-3590772397-3860717219-1001Core.job
2012-12-13 12:15 - 2011-05-28 14:13 - 00002503 ____A C:\Users\Vincent\Desktop\Google Chrome.lnk
2012-12-13 12:01 - 2012-01-11 15:32 - 00000280 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2012-12-12 18:08 - 2011-06-17 16:42 - 08762880 __ASH C:\Users\Vincent\Desktop\Thumbs.db
2012-12-12 15:32 - 2012-01-11 15:32 - 00000288 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job
2012-12-11 15:37 - 2012-12-11 15:36 - 05763394 ____A C:\Users\Vincent\Downloads\BigBoiDesignsHD Youtube Templates.zip
2012-12-11 10:34 - 2012-10-31 12:26 - 00002028 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2012-12-11 10:34 - 2012-10-31 12:26 - 00002028 ____A C:\Users\All Users\Desktop\Sony PC Companion 2.1.lnk
2012-12-11 10:34 - 2011-05-28 14:27 - 00192794 ____A C:\Windows\DPINST.LOG
2012-12-11 10:31 - 2011-03-08 09:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-12-09 20:55 - 2012-12-09 20:53 - 48748193 ____A C:\Users\Vincent\Downloads\Rooster Teeth ∑ RT Podcast #195.m4a
2012-12-09 11:30 - 2011-05-28 14:04 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-12-07 17:24 - 2012-12-07 17:21 - 22917150 ____A C:\Users\Vincent\Downloads\Gintama Shinyaku - Best Dub Ever - YouTube.flv
2012-12-03 16:43 - 2012-12-03 16:39 - 00524288 ____A C:\Users\Vincent\Desktop\pokesav.sav
2012-12-03 16:39 - 2012-12-03 16:43 - 00524288 ____A C:\Users\Vincent\Desktop\pokesav.sav.bak
2012-12-03 04:38 - 2012-12-03 16:44 - 00524288 ____A C:\Users\Vincent\Desktop\PKMNBLK2U.sav
2012-12-02 13:36 - 2012-02-26 11:35 - 00003909 ____A C:\Users\All Users\hpzinstall.log
2012-12-02 13:36 - 2012-02-26 11:35 - 00003909 ____A C:\Users\All Users\Application Data\hpzinstall.log
2012-12-02 13:31 - 2011-03-09 01:04 - 01123924 ____A C:\Windows\PFRO.log
2012-12-01 16:31 - 2012-12-01 16:31 - 00000136 ____A C:\Users\Vincent\Desktop\tepig.pkm
2012-12-01 11:53 - 2012-07-29 19:57 - 00000000 ____D C:\Users\Vincent\Desktop\DS
2012-12-01 09:45 - 2012-03-28 13:46 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-11-27 17:20 - 2012-11-27 17:11 - 01477804 ____A C:\Users\Vincent\Desktop\pokemon spec.psd
2012-11-24 18:41 - 2012-05-04 21:14 - 00000000 ____D C:\Users\Vincent\Desktop\Pics
2012-11-22 13:13 - 2012-03-28 13:47 - 00001935 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-11-22 13:13 - 2012-03-28 13:47 - 00001935 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk
2012-11-22 12:25 - 2011-03-08 09:32 - 00000000 ____D C:\Users\All Users\Sonic
2012-11-22 12:25 - 2011-03-08 09:32 - 00000000 ____D C:\Users\All Users\Application Data\Sonic
2012-11-22 11:26 - 2012-12-13 17:31 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6103.12 MB
Available physical RAM: 5415.41 MB
Total Pagefile: 6101.27 MB
Available Pagefile: 5406.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:919.13 GB) (Free:463.42 GB) NTFS
7 Drive i: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: () (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 1928 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 133 MB 31 KB
Partition 2 Primary 12 GB 134 MB
Partition 3 Primary 919 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 133 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 I RECOVERY NTFS Partition 12 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1928 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-01-23 09:14

==================== End Of Log =============================

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:26 PM

Posted 20 December 2012 - 07:29 AM

The hives were too old, and probably the sofware hive was corrupted. I don't know why the system has not made a recent backup.

We restore the previous hives again.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    Restore From Backup: DEFAULT
    Restore From Backup: SAM
    Restore From Backup: SECURITY
    Restore From Backup: software
    Restore From Backup: system
    DisableService: archlp
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options and select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Restart and see if you get the black screen with cursor again.
  • Then boot to Recovery mode again and try to run chkdsk c: /f from the command prompt without running FRST first.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users