Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows will not start -- black screen with white mouse cursor only


  • This topic is locked This topic is locked
3 replies to this topic

#1 anhunt

anhunt

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 14 March 2013 - 11:40 AM

Hello, my problem started when I realized that my email account was hacked and sending out random messages to my contacts. From there, I ran MalwareBytes. It found like 18 files and deleted them. After that, windows would not start in normal mode.

 

From Bleeping Computer I downloaded the Farbar recovery scan tool used it and then ran it again to fix. Computer worked fine until I tried to download Norton Security. Now I back to the same black screen.

 

What should I do now?

 

Here is the Farbar log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01
Ran by SYSTEM at 13-03-2013 23:14:05
Running from G:\
Windows 7 Home Premium  Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe [155752 2010-11-12] (Acer Corp.)
HKLM\...\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe na [438376 2010-11-30] (Acer Corp.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12858984 2011-09-19] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [25600 2010-09-14] (Creative Technology Ltd.)
HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\YouCam\YCMMirage.exe" [136488 2011-05-11] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\YouCam\YouCamTray.exe" /s [165160 2011-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe na [438376 2010-11-30] (Acer Corp.)
HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [TouchMovieService] "C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe" [124136 2011-03-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [626792 2011-08-04] ()
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [MoneyStartUp10.0] "C:\Program Files (x86)\Microsoft Money\System\Activation.exe" [241714 2001-07-25] (Microsoft Corporation)
HKLM-x32\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-27] (LG Electronics)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot [296096 2012-10-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [1683456 2013-02-14] (Bandoo Media Inc)
HKLM-x32\...\Run: [SMessaging] C:\Users\cheyenn\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)
HKU\cheyenn\...\Run: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\ClientMessenger.exe" [x]
HKU\cheyenn\...\Run: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [x]
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [154144 2010-07-29] ()
HKU\HUNT3\...\Run: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe [2219008 2012-05-02] (Jackpot Rewards)
HKU\HUNT3\...\Run: [DAEMON Tools Lite] "C:\Users\HUNT3\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKU\HUNT3\...\RunOnce: [Application Restart #0] C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"  [383488 2009-07-13] (Microsoft Corporation)
HKU\HUNT3\...\RunOnce: [Application Restart #1] C:\Program Files (x86)\Internet Explorer\iexplore.exe -restart /WERRESTART [757280 2013-01-08] (Microsoft Corporation)
HKU\HUNT3\...\Policies\system: [LogonHoursAction] 2
HKU\HUNT3\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\RunOnce: [N360] "C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\70512b0b\20.1.0.24\InstStub.exe" /RELAUNCH /RUNONCE /NOPROMPT /PRODID N360 [883928 2013-03-13] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.16.12.1
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL,C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Tcpip\..\Interfaces\{A6C02C5A-5B01-4B0B-A2E4-B922C0E0359A}: [NameServer]75.75.75.75,75.75.76.76
Startup: C:\ProgramData\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
ShortcutTarget: StrongVaultApp.exe.lnk -> C:\Users\cheyenn\AppData\Local\Strongvault\StrongVaultApp.exe ()

==================== Services (Whitelisted) ===================

2 DefaultTabUpdate; "C:\Users\HUNT3\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [107520 2012-09-20] ()
3 GSService; "C:\Windows\SysWOW64\GSService.exe" [252928 2012-05-31] ()
2 IDVaultSvc; "C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" [67112 2013-02-21] (White Sky, Inc.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe" [244904 2010-02-24] ()
2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [508776 2011-10-01] ()
3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [219496 2011-10-01] ()

==================== Drivers (Whitelisted) =====================

1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [45968 2013-03-13] (Zemana Ltd.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-09-25] (DT Soft Ltd)
3 ITECIRfilter; C:\Windows\System32\Drivers\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25784 2013-02-13] (Zemana Ltd.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 rtsuvc; C:\Windows\System32\Drivers\rtsuvc.sys [8204904 2011-07-05] (Realtek Semiconductor Corp.)
4 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys [x]
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120829.001\IDSvia64.sys [x]
4 SRTSPX; C:\Windows\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS [x]
4 SymDS; C:\Windows\System32\drivers\NAVx64\1309010.00E\SYMDS64.SYS [x]
4 SymEFA; C:\Windows\System32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS [x]
4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-13 18:53 - 2013-03-13 18:53 - 00000000 ____D C:\Users\HUNT3\Documents\Symantec
2013-03-13 18:53 - 2013-03-13 18:53 - 00000000 ____D C:\ProgramData\PCSettings
2013-03-13 18:44 - 2013-03-13 18:46 - 00000000 ____D C:\Users\HUNT3\AppData\Local\ID Vault
2013-03-13 18:44 - 2013-03-13 18:44 - 00000000 ____D C:\Users\HUNT3\AppData\Local\White_Sky,_Inc
2013-03-13 18:44 - 2013-03-13 18:44 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-03-13 18:44 - 2013-03-13 18:44 - 00000000 ____D C:\ID Vault
2013-03-13 18:43 - 2013-03-13 18:49 - 00000000 ____D C:\Users\HUNT3\AppData\Roaming\ID Vault
2013-03-13 18:43 - 2013-03-13 18:44 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-03-13 18:43 - 2013-03-13 18:43 - 00045968 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\AntiLog64.sys
2013-03-13 18:43 - 2013-03-13 18:43 - 00002272 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2013-03-13 18:43 - 2013-03-13 18:43 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2013-03-13 18:43 - 2013-03-13 18:43 - 00000000 ____D C:\Users\HUNT3\AppData\Local\Zemana
2013-03-13 18:43 - 2013-03-13 18:43 - 00000000 ____D C:\ProgramData\White Sky, Inc
2013-03-13 18:43 - 2013-03-13 18:43 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-03-13 18:43 - 2013-02-13 13:05 - 07520056 ____A (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
2013-03-13 18:43 - 2013-02-13 13:05 - 00025784 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\KeyCrypt64.sys
2013-03-13 18:27 - 2013-03-13 18:28 - 00000632 _RASH C:\Users\HUNT3\ntuser.pol
2013-03-12 22:29 - 2013-03-12 22:29 - 00034047 ____A C:\FRST.txt
2013-03-11 16:53 - 2013-03-11 16:53 - 00138820 ____A C:\mbrfix.zip
2013-03-11 16:41 - 2013-03-11 16:41 - 01466771 ____A (Farbar) C:\FRST64.exe
2013-03-11 16:38 - 2013-03-11 16:38 - 01466771 ____A (Farbar) C:\Users\HUNT3\Downloads\FRST64.exe
2013-03-11 16:37 - 2013-03-11 17:14 - 00000000 ____D C:\FRST
2013-03-10 16:38 - 2013-03-10 16:38 - 00000000 ____D C:\Program Files (x86)\Strongvault Online Backup
2013-03-10 16:10 - 2013-03-10 16:10 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-10 16:10 - 2013-03-10 16:10 - 00000000 ____D C:\Users\HUNT3\AppData\Roaming\Malwarebytes
2013-03-10 16:10 - 2013-03-10 16:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-10 16:10 - 2013-03-10 16:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-10 16:10 - 2012-12-14 12:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-03-08 16:57 - 2013-03-08 16:57 - 00000000 ____D C:\ProgramData\Browser Manager
2013-03-08 14:20 - 2013-03-08 14:20 - 00000000 ____D C:\ProgramData\EA Core
2013-03-08 14:09 - 2013-03-08 14:09 - 00000000 ____D C:\Users\cheyenn\AppData\Local\Savings Explorer
2013-03-08 14:09 - 2013-03-08 14:09 - 00000000 ____D C:\Program Files (x86)\Media Player Classic - Home Cinema
2013-03-08 14:08 - 2013-03-10 17:03 - 00000000 ____D C:\Program Files (x86)\Savings Explorer
2013-03-08 14:08 - 2013-03-10 16:38 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-03-08 14:08 - 2013-03-10 16:38 - 00000000 __SHD C:\AI_RecycleBin
2013-03-08 14:08 - 2013-03-10 16:38 - 00000000 ____D C:\Users\cheyenn\AppData\Local\Strongvault
2013-03-08 14:08 - 2013-03-10 16:38 - 00000000 ____D C:\ProgramData\Strongvault Online Backup
2013-03-08 14:08 - 2013-03-10 16:05 - 00000000 ____D C:\Users\cheyenn\AppData\Local\Strongvault Online Backup
2013-03-08 14:08 - 2013-03-08 14:08 - 00000000 ____D C:\Users\cheyenn\AppData\Roaming\Claro
2013-03-08 14:08 - 2013-03-08 14:08 - 00000000 ____D C:\Users\cheyenn\AppData\Local\Updater21058
2013-03-08 14:07 - 2013-03-08 14:07 - 00460304 ____A C:\Users\cheyenn\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-03-08 14:07 - 2013-03-08 14:07 - 00000000 ____D C:\Users\cheyenn\AppData\Roaming\Babylon
2013-03-08 14:07 - 2013-03-08 14:07 - 00000000 ____D C:\ProgramData\Babylon
2013-03-08 13:58 - 2013-03-08 13:59 - 00000000 ____D C:\Users\cheyenn\AppData\Local\Torch
2013-03-08 13:57 - 2013-03-08 13:58 - 00000000 ____D C:\Users\cheyenn\AppData\Local\iLivid
2013-03-08 13:57 - 2013-03-08 13:57 - 01304960 ____A (Bandoo Media Inc) C:\Users\cheyenn\Downloads\iLividSetup.exe
2013-03-08 13:57 - 2013-03-08 13:57 - 00000000 ____D C:\ProgramData\Wincert
2013-03-08 13:57 - 2013-03-08 13:57 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
2013-03-08 13:10 - 2013-03-13 18:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-01 13:21 - 2013-03-01 13:21 - 00000000 ____D C:\Users\cheyenn\AppData\Local\{7B837189-D534-4D06-991C-77BB807C9751}
2013-02-26 14:32 - 2013-01-13 13:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 13:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 13:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 13:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-26 14:32 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-26 14:32 - 2013-01-13 13:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 12:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 12:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 12:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-26 14:32 - 2013-01-13 12:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-02-26 14:32 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-26 14:32 - 2013-01-13 12:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 12:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 12:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-26 14:32 - 2013-01-13 12:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-02-26 14:32 - 2013-01-13 12:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-02-26 14:32 - 2013-01-13 12:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-02-26 14:32 - 2013-01-13 12:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-02-26 14:32 - 2013-01-13 12:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-02-26 14:32 - 2013-01-13 11:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-02-26 14:32 - 2013-01-13 11:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-02-26 14:32 - 2013-01-13 11:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-02-26 14:32 - 2013-01-13 11:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-02-26 14:32 - 2013-01-13 11:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-02-26 14:32 - 2013-01-13 11:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-02-26 14:32 - 2013-01-13 11:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-26 14:32 - 2013-01-13 11:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-02-26 14:32 - 2013-01-13 11:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-02-26 14:32 - 2013-01-13 11:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-02-26 14:32 - 2013-01-13 11:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-26 14:32 - 2013-01-13 11:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-02-26 14:32 - 2013-01-13 11:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-26 14:32 - 2013-01-13 11:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-02-26 14:32 - 2013-01-13 11:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-26 14:32 - 2013-01-13 11:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-26 14:32 - 2013-01-13 11:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-02-26 14:32 - 2013-01-13 11:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-26 14:32 - 2013-01-13 11:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-02-26 14:32 - 2013-01-13 11:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-26 14:32 - 2013-01-13 11:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-02-26 14:32 - 2013-01-13 11:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-02-26 14:32 - 2013-01-13 10:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-02-26 14:32 - 2013-01-13 10:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-26 14:32 - 2013-01-13 10:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-02-26 14:32 - 2013-01-13 09:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-02-26 14:32 - 2013-01-13 09:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-02-26 14:32 - 2013-01-03 22:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-02-26 14:32 - 2013-01-03 22:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-02-25 13:04 - 2013-02-27 13:31 - 00803840 ____A C:\Users\cheyenn\Documents\El proyecto espanol.pub
2013-02-24 21:06 - 2013-02-24 21:06 - 00000000 ____D C:\ProgramData\38162
2013-02-17 06:17 - 2013-02-17 06:17 - 00002102 ____A C:\WildTangent Games App - gateway.lnk
2013-02-17 06:16 - 2013-02-17 06:16 - 00000000 ____D C:\Users\cheyenn\AppData\Roaming\WildTangent
2013-02-14 14:25 - 2013-02-14 14:31 - 00000000 ____D C:\Users\cheyenn\AppData\Local\SecondLife
2013-02-14 14:25 - 2013-02-14 14:26 - 00000000 ____D C:\Users\cheyenn\AppData\Roaming\SecondLife
2013-02-14 14:24 - 2013-02-14 14:25 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer
2013-02-14 14:23 - 2013-02-14 14:23 - 00700144 ____A C:\Users\cheyenn\Downloads\Second_Life_Setup.exe
2013-02-12 15:29 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-12 15:29 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-12 15:29 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-12 15:29 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-12 15:29 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-12 15:29 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-12 15:29 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-12 15:29 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-12 15:29 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-12 15:29 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-12 15:29 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-12 15:29 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-12 15:29 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-12 15:29 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-12 15:29 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-12 15:29 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-12 15:29 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-12 15:29 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-12 15:29 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-12 15:29 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-12 15:29 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-12 15:29 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-12 15:29 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-12 15:29 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-12 15:29 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-12 15:29 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-12 15:29 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-12 15:29 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-12 15:29 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-12 15:29 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-12 15:29 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-12 15:29 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-12 15:03 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-12 15:03 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-12 15:03 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-12 15:03 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-12 15:03 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-12 15:03 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-12 15:03 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-12 15:03 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-12 15:03 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-12 15:03 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-12 15:03 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-12 15:03 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS


==================== One Month Modified Files and Folders =======

2013-03-13 18:55 - 2012-04-05 21:40 - 01426398 ____A C:\Windows\WindowsUpdate.log
2013-03-13 18:55 - 2010-11-20 19:47 - 01128870 ____A C:\Windows\PFRO.log
2013-03-13 18:53 - 2013-03-13 18:53 - 00000000 ____D C:\Users\HUNT3\Documents\Symantec
2013-03-13 18:53 - 2013-03-13 18:53 - 00000000 ____D C:\ProgramData\PCSettings
2013-03-13 18:53 - 2011-12-21 20:41 - 00000000 ____D C:\ProgramData\Norton
2013-03-13 18:49 - 2013-03-13 18:43 - 00000000 ____D C:\Users\HUNT3\AppData\Roaming\ID Vault
2013-03-13 18:49 - 2012-07-15 08:01 - 00001370 ____A C:\Users\HUNT3\Desktop\Norton Installation Files.lnk
2013-03-13 18:49 - 2012-07-15 08:01 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-03-13 18:46 - 2013-03-13 18:44 - 00000000 ____D C:\Users\HUNT3\AppData\Local\ID Vault
2013-03-13 18:44 - 2013-03-13 18:44 - 00000000 ____D C:\Users\HUNT3\AppData\Local\White_Sky,_Inc
2013-03-13 18:44 - 2013-03-13 18:44 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-03-13 18:44 - 2013-03-13 18:44 - 00000000 ____D C:\ID Vault
2013-03-13 18:44 - 2013-03-13 18:43 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-03-13 18:44 - 2012-06-15 10:41 - 00000000 ____D C:\Users\HUNT3\AppData\Local\CrashDumps
2013-03-13 18:43 - 2013-03-13 18:43 - 00045968 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\AntiLog64.sys
2013-03-13 18:43 - 2013-03-13 18:43 - 00002272 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2013-03-13 18:43 - 2013-03-13 18:43 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2013-03-13 18:43 - 2013-03-13 18:43 - 00000000 ____D C:\Users\HUNT3\AppData\Local\Zemana
2013-03-13 18:43 - 2013-03-13 18:43 - 00000000 ____D C:\ProgramData\White Sky, Inc
2013-03-13 18:43 - 2013-03-13 18:43 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-03-13 18:43 - 2013-03-08 13:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-13 18:38 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-13 18:38 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-13 18:28 - 2013-03-13 18:27 - 00000632 _RASH C:\Users\HUNT3\ntuser.pol
2013-03-13 18:28 - 2012-06-14 18:22 - 00000000 ____D C:\users\HUNT3
2013-03-13 18:27 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-03-13 18:03 - 2012-06-22 12:18 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-13 18:03 - 2012-06-22 12:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-13 18:03 - 2011-12-21 20:40 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-13 17:12 - 2009-07-13 21:13 - 00005372 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-13 17:06 - 2012-07-13 19:14 - 00002413 ____A C:\Windows\SysWOW64\lgAxconfig.ini
2013-03-13 17:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-13 17:04 - 2009-07-13 20:51 - 00065504 ____A C:\Windows\setupact.log
2013-03-12 22:29 - 2013-03-12 22:29 - 00034047 ____A C:\FRST.txt
2013-03-11 17:14 - 2013-03-11 16:37 - 00000000 ____D C:\FRST
2013-03-11 16:53 - 2013-03-11 16:53 - 00138820 ____A C:\mbrfix.zip
2013-03-11 16:41 - 2013-03-11 16:41 - 01466771 ____A (Farbar) C:\FRST64.exe
2013-03-11 16:38 - 2013-03-11 16:38 - 01466771 ____A (Farbar) C:\Users\HUNT3\Downloads\FRST64.exe
2013-03-10 17:03 - 2013-03-08 14:08 - 00000000 ____D C:\Program Files (x86)\Savings Explorer
2013-03-10 16:38 - 2013-03-10 16:38 - 00000000 ____D C:\Program Files (x86)\Strongvault Online Backup
2013-03-10 16:38 - 2013-03-08 14:08 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-03-10 16:38 - 2013-03-08 14:08 - 00000000 __SHD C:\AI_RecycleBin
2013-03-10 16:38 - 2013-03-08 14:08 - 00000000 ____D C:\Users\cheyenn\AppData\Local\Strongvault
2013-03-10 16:38 - 2013-03-08 14:08 - 00000000 ____D C:\ProgramData\Strongvault Online Backup
2013-03-10 16:10 - 2013-03-10 16:10 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-10 16:10 - 2013-03-10 16:10 - 00000000 ____D C:\Users\HUNT3\AppData\Roaming\Malwarebytes
2013-03-10 16:10 - 2013-03-10 16:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-10 16:10 - 2013-03-10 16:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-10 16:05 - 2013-03-08 14:08 - 00000000 ____D C:\Users\cheyenn\AppData\Local\Strongvault Online Backup
2013-03-10 14:06 - 2012-12-30 10:30 - 00000000 ____D C:\Users\cheyenn\AppData\Local\CrashDumps
2013-03-08 17:15 - 2012-09-23 15:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-08 16:57 - 2013-03-08 16:57 - 00000000 ____D C:\ProgramData\Browser Manager
2013-03-08 14:20 - 2013-03-08 14:20 - 00000000 ____D C:\ProgramData\EA Core
2013-03-08 14:19 - 2012-12-30 08:45 - 00000000 ____D C:\Program Files (x86)\Origin
2013-03-08 14:09 - 2013-03-08 14:09 - 00000000 ____D C:\Users\cheyenn\AppData\Local\Savings Explorer
2013-03-08 14:09 - 2013-03-08 14:09 - 00000000 ____D C:\Program Files (x86)\Media Player Classic - Home Cinema
2013-03-08 14:08 - 2013-03-08 14:08 - 00000000 ____D C:\Users\cheyenn\AppData\Roaming\Claro
2013-03-08 14:08 - 2013-03-08 14:08 - 00000000 ____D C:\Users\cheyenn\AppData\Local\Updater21058
2013-03-08 14:07 - 2013-03-08 14:07 - 00460304 ____A C:\Users\cheyenn\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2013-03-08 14:07 - 2013-03-08 14:07 - 00000000 ____D C:\Users\cheyenn\AppData\Roaming\Babylon
2013-03-08 14:07 - 2013-03-08 14:07 - 00000000 ____D C:\ProgramData\Babylon
2013-03-08 13:59 - 2013-03-08 13:58 - 00000000 ____D C:\Users\cheyenn\AppData\Local\Torch
2013-03-08 13:58 - 2013-03-08 13:57 - 00000000 ____D C:\Users\cheyenn\AppData\Local\iLivid
2013-03-08 13:57 - 2013-03-08 13:57 - 01304960 ____A (Bandoo Media Inc) C:\Users\cheyenn\Downloads\iLividSetup.exe
2013-03-08 13:57 - 2013-03-08 13:57 - 00000000 ____D C:\ProgramData\Wincert
2013-03-08 13:57 - 2013-03-08 13:57 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
2013-03-06 18:26 - 2013-01-02 09:13 - 00000000 ____D C:\Users\cheyenn\Documents\Youcam
2013-03-01 13:21 - 2013-03-01 13:21 - 00000000 ____D C:\Users\cheyenn\AppData\Local\{7B837189-D534-4D06-991C-77BB807C9751}
2013-02-27 13:31 - 2013-02-25 13:04 - 00803840 ____A C:\Users\cheyenn\Documents\El proyecto espanol.pub
2013-02-27 12:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-02-27 12:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-02-27 12:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-02-27 12:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-02-24 21:06 - 2013-02-24 21:06 - 00000000 ____D C:\ProgramData\38162
2013-02-17 18:18 - 2012-06-25 16:04 - 02351104 ____A C:\Users\HUNT3\Documents\My Money.mny
2013-02-17 06:17 - 2013-02-17 06:17 - 00002102 ____A C:\WildTangent Games App - gateway.lnk
2013-02-17 06:16 - 2013-02-17 06:16 - 00000000 ____D C:\Users\cheyenn\AppData\Roaming\WildTangent
2013-02-17 06:16 - 2011-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-02-14 14:31 - 2013-02-14 14:25 - 00000000 ____D C:\Users\cheyenn\AppData\Local\SecondLife
2013-02-14 14:26 - 2013-02-14 14:25 - 00000000 ____D C:\Users\cheyenn\AppData\Roaming\SecondLife
2013-02-14 14:25 - 2013-02-14 14:24 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer
2013-02-14 14:23 - 2013-02-14 14:23 - 00700144 ____A C:\Users\cheyenn\Downloads\Second_Life_Setup.exe
2013-02-13 13:05 - 2013-03-13 18:43 - 07520056 ____A (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
2013-02-13 13:05 - 2013-03-13 18:43 - 00025784 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\KeyCrypt64.sys
2013-02-12 15:41 - 2009-07-13 20:45 - 00416688 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-12 15:33 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-03-13 18:32:22

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4000.29 MB
Available physical RAM: 3349.64 MB
Total Pagefile: 3998.49 MB
Available Pagefile: 3340.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Gateway) (Fixed) (Total:445.66 GB) (Free:346.58 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:20 GB) (Free:4.62 GB) NTFS
4 Drive g: (CONNECT) (Removable) (Total:0.93 GB) (Free:0.88 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B        
  Disk 1    Online          957 MB      0 B        

Partitions of Disk 0:
===============

Disk ID: 3710AC22

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery            20 GB  1024 KB
  Partition 2    Primary            100 MB    20 GB
  Partition 3    Primary            445 GB    20 GB

==================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   PQSERVICE    NTFS   Partition     20 GB  Healthy    Hidden 

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM RESE  NTFS   Partition    100 MB  Healthy           

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   Gateway      NTFS   Partition    445 GB  Healthy           

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            953 MB  4032 KB

==================================================================================

Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   CONNECT      FAT    Removable    953 MB  Healthy           

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 3710AC22

Partition 1:
=========
Hex: 0020210027FEFFFF0008000000008002
Active: NO
Type: 27
Size: 20 GB

Partition 2:
=========
Hex: 80FEFFFF07FEFFFF0008800200200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF002883023030B537
Active: NO
Type: 07 (NTFS)
Size: 446 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 00010C0F060FA0F3801F000080C81D00
Active: NO
Type: 06
Size: 953 MB


Last Boot: 2012-10-21 16:43

==================== End Of Log =============================


Edited by hamluis, 15 March 2013 - 08:34 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:03 AM

Posted 18 March 2013 - 07:10 PM

Greetings anhunt and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.

and then ran it again to fix

Can you tell me what "fix" you did with Farbar's Recovery Scan Tool? And currently can you boot into Safe Mode?

Edited by Oh My, 18 March 2013 - 07:12 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:03 AM

Posted 21 March 2013 - 08:35 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:03 AM

Posted 23 March 2013 - 09:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users