Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer won't start, black screen and cursor, no response to CTRL-ALT-DEL


  • This topic is locked This topic is locked
9 replies to this topic

#1 devochka1975

devochka1975

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 14 November 2013 - 03:03 AM

Here's the history:

 

Sony Vaio laptop running Windows 7 Home Premium 64-bit, with multiple virus/malware infections. Removed hard drive, attached to desktop computer, ran Malwarebytes, Microsoft Security Essentials and Symantec Endpoint Protection 12.1 on it.  Removed everything these three programs found.

 

Put drive back in laptop, when it boots I get the black screen and cursor.  Won't boot any further.

 

Ran Windows Defender Offline, nothing found.  Ran FRST through the recovery console and generated the following log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by SYSTEM on MININT-CO0QQGG on 12-11-2013 19:13:57
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AS2014] - C:\ProgramData\gXgvXrXn\gXgvXrXn.exe [609928 2013-10-22] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\gXgvXrXn\gXgvXrXn.exe -sm,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.)
HKU\Tatyana\...\Run: [Google Update] - C:\Users\Tatyana\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-31] (Google Inc.)
HKU\Tatyana\...\Run: [Desktop Software] - C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini [1093 2012-05-10] ()
HKU\Tatyana\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Tatyana\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\Tatyana\...\Run: [BrowserSafeguard] - C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [565248 2013-10-01] (BrowserSafeguard)
HKU\Tatyana\...\Run: [GoogleChromeAutoLaunch_32D65B4D01A6925B2DE068C8AF351FC3] - C:\Users\Tatyana\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-08] (Google Inc.)
HKU\Tatyana\...\Run: [AS2014] - C:\ProgramData\gXgvXrXn\gXgvXrXn.exe [609928 2013-10-22] ()
AppInit_DLLs-x32: c:\progra~3\videop~1\261249~1.132\{16cdf~1\videom~1.dll  [ ] ()

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Level Quality Watcher; C:\Windows\Installer\MSID405.tmp [507912 2013-10-17] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
S2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-24] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-12-24] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120120.002\IDSvia64.sys [488568 2011-12-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120120.035\ENG64.SYS [117880 2011-12-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120120.035\EX64.SYS [2048632 2011-12-24] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-31] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 314C17917AC8523EC77A710215012A65
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\Apfiltr.sys D80CB25D90474C731C0D1312A6DE3B13
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys C8679A07267F030704168E45E27C3D43
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys 1D757A7E020C577C4259A755F21B7152
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\BVRPMPR5a64.SYS 9887CA12F407D7FBC7F48F3678F5F0B6
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\CHDRT64.sys 61F989B3E4C097DE52330BA00FCBCB67
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1y60x64.sys 50AD8FC1DC800FF36087994C8F7FDFF2
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 5CCF1BE80930AEB1CDEBF561666325E8
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7A898E4A744621711BE7E7B796C69876
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys F7CE9BE72EDAC499B713ECA6DAE5D26F
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120120.002\IDSvia64.sys 0B97F1A640AD3D159A7B5D2164C42E50
C:\Windows\System32\DRIVERS\igdkmd64.sys EFE5A0AF39A8E179624117C521F1E012
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\system32\drivers\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120120.035\ENG64.SYS 2DBE90210DE76BE6E1653BB20EC70EC2
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120120.035\EX64.SYS 346DA70E203B8E2C850277713DE8F71B
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsPStor.sys 546D7F426776090B90EF5F195B6AE662
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EA5532868BA76923D75BCB2A1448D810
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\SFEP.sys 286D3889E6AB5589646FF8A63CB928AE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS 90EF30C3867BCDE4579C01A6D6E75A7A
C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS C513E8A5E7978DA49077F5484344EE1B
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS 6160145C7A87FC7672E8E3B886888176
C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS 96AEED40D4D3521568B42027687E69E0
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 21A1C2D694C3CF962D31F5E873AB3D6F
C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS BD0D711D8CBFCAA19CA123306EAF53A5
C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS A6ADB3D83023F8DAA0F7B6FDA785D83B
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-12 18:53 - 2013-11-12 18:53 - 00000000 ____D C:\FRST
2013-11-12 18:32 - 2013-11-12 18:32 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-07 10:53 - 2013-11-07 11:12 - 00000118 _____ C:\Users\Tatyana\Desktop\Antivirus Security Pro support.url
2013-11-07 07:57 - 2013-11-07 11:12 - 00001666 _____ C:\Users\Tatyana\Desktop\Antivirus Security Pro.lnk
2013-10-23 23:18 - 2013-10-23 23:18 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\Tific
2013-10-22 21:27 - 2013-10-22 21:53 - 00000000 ____D C:\ProgramData\gXgvXrXn
2013-10-22 21:22 - 2013-10-22 21:22 - 00819176 _____ (Google Inc.) C:\Users\Tatyana\Downloads\ChromeSetup.exe
2013-10-20 19:42 - 2013-10-20 19:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-20 19:32 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-20 19:32 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-20 19:32 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-20 19:32 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-20 19:32 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-20 19:32 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-20 19:32 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-20 19:32 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-20 19:32 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-20 19:32 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-20 19:31 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-20 19:31 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-17 08:03 - 2013-11-10 16:58 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-10-17 08:03 - 2013-10-20 19:56 - 00003352 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-79780606-3074000642-1536530158-1005
2013-10-17 08:03 - 2013-10-20 19:56 - 00003222 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-79780606-3074000642-1536530158-1005
2013-10-17 08:03 - 2013-10-17 08:03 - 00003870 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\RealNetworks
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-10-17 08:02 - 2013-10-17 08:02 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00001224 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-10-17 08:02 - 2013-10-17 08:02 - 00001224 _____ C:\ProgramData\Desktop\RealPlayer.lnk
2013-10-17 08:02 - 2013-10-17 08:02 - 00000000 ____D C:\ProgramData\RealNetworks
2013-10-17 08:02 - 2013-10-17 08:02 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-10-17 08:01 - 2013-10-17 08:03 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\Real
2013-10-17 08:01 - 2013-10-17 08:03 - 00000000 ____D C:\ProgramData\Real
2013-10-17 08:01 - 2013-10-17 08:02 - 00000000 ____D C:\Program Files (x86)\Real

==================== One Month Modified Files and Folders =======

2013-11-12 18:53 - 2013-11-12 18:53 - 00000000 ____D C:\FRST
2013-11-12 18:32 - 2013-11-12 18:32 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-10 19:51 - 2013-03-08 11:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 19:51 - 2011-12-31 01:33 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-79780606-3074000642-1536530158-1005UA.job
2013-11-10 19:51 - 2011-12-24 20:42 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{49FCDBA7-3DB9-4A0F-9DF7-785764D713C5}
2013-11-10 19:51 - 2011-11-22 22:17 - 02038307 _____ C:\Windows\WindowsUpdate.log
2013-11-10 16:58 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-11-10 16:58 - 2013-03-08 11:35 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\File Scout
2013-11-10 16:58 - 2013-03-08 11:35 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-11-10 14:18 - 2013-03-08 11:35 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-11-07 11:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-11-07 11:19 - 2009-07-13 20:45 - 00020928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-07 11:19 - 2009-07-13 20:45 - 00020928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-07 11:17 - 2009-07-13 21:13 - 00775290 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-07 11:12 - 2013-11-07 10:53 - 00000118 _____ C:\Users\Tatyana\Desktop\Antivirus Security Pro support.url
2013-11-07 11:12 - 2013-11-07 07:57 - 00001666 _____ C:\Users\Tatyana\Desktop\Antivirus Security Pro.lnk
2013-11-07 11:12 - 2011-12-24 22:11 - 00000000 ____D C:\Users\Tatyana\AppData\Local\CrashDumps
2013-11-07 11:11 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-07 11:11 - 2009-07-13 20:51 - 00090517 _____ C:\Windows\setupact.log
2013-11-07 10:46 - 2011-12-31 01:33 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-79780606-3074000642-1536530158-1005Core.job
2013-11-07 08:15 - 2012-03-27 10:35 - 00576783 _____ C:\test.xml
2013-10-23 23:18 - 2013-10-23 23:18 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\Tific
2013-10-22 21:53 - 2013-10-22 21:27 - 00000000 ____D C:\ProgramData\gXgvXrXn
2013-10-22 21:22 - 2013-10-22 21:22 - 00819176 _____ (Google Inc.) C:\Users\Tatyana\Downloads\ChromeSetup.exe
2013-10-22 21:18 - 2012-01-02 00:45 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\Skype
2013-10-20 19:56 - 2013-10-17 08:03 - 00003352 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-79780606-3074000642-1536530158-1005
2013-10-20 19:56 - 2013-10-17 08:03 - 00003222 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-79780606-3074000642-1536530158-1005
2013-10-20 19:49 - 2009-07-13 20:45 - 00301392 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-20 19:43 - 2013-03-08 11:32 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-20 19:43 - 2013-03-08 11:32 - 00001931 _____ C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2013-10-20 19:42 - 2013-10-20 19:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 22:54 - 2012-01-02 00:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-17 22:54 - 2012-01-02 00:45 - 00000000 ____D C:\ProgramData\Skype
2013-10-17 08:03 - 2013-10-17 08:03 - 00003870 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\RealNetworks
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-10-17 08:03 - 2013-10-17 08:01 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\Real
2013-10-17 08:03 - 2013-10-17 08:01 - 00000000 ____D C:\ProgramData\Real
2013-10-17 08:02 - 2013-10-17 08:02 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00001224 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-10-17 08:02 - 2013-10-17 08:02 - 00001224 _____ C:\ProgramData\Desktop\RealPlayer.lnk
2013-10-17 08:02 - 2013-10-17 08:02 - 00000000 ____D C:\ProgramData\RealNetworks
2013-10-17 08:02 - 2013-10-17 08:02 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-10-17 08:02 - 2013-10-17 08:01 - 00000000 ____D C:\Program Files (x86)\Real
2013-10-17 08:02 - 2011-05-03 22:56 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-10-17 08:02 - 2011-05-03 22:56 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-10-17 07:35 - 2011-12-31 01:37 - 00002378 _____ C:\Users\Tatyana\Desktop\Google Chrome.lnk

Some content of TEMP:
====================
C:\Users\Tatyana\AppData\Local\Temp\GLF1368.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF13D4.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF1441.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF149D.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF1894.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF33B2.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF394E.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF396D.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF3F95.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF4BB5.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF4D99.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF57DE.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF5DB8.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF5E88.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF627F.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF75DF.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF7C85.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF7D30.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF8368.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLF9D8C.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFA941.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFB5B.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFB85D.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFB9F1.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFBD3B.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFBEA5.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFC0F4.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFC1FD.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFC3F0.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFC892.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFD2E.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFD6D.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFF8C5.EXE
C:\Users\Tatyana\AppData\Local\Temp\GLFFA9A.EXE
C:\Users\Tatyana\AppData\Local\Temp\lowproc.exe
C:\Users\Tatyana\AppData\Local\Temp\newsetup.exe
C:\Users\Tatyana\AppData\Local\Temp\RealPlayer_20130826.exe
C:\Users\Tatyana\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tatyana\AppData\Local\Temp\stubhelper.dll
C:\Users\Tatyana\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Tatyana\AppData\Local\Temp\vcredist_x86.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {54c2ad69-761d-11e0-9121-78843cdf0a15}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {54c2ad69-761d-11e0-9121-78843cdf0a15}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{54c2ad6c-761d-11e0-9121-78843cdf0a15}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{54c2ad6c-761d-11e0-9121-78843cdf0a15}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {54c2ad69-761d-11e0-9121-78843cdf0a15}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {54c2ad6c-761d-11e0-9121-78843cdf0a15}
description             Ramdisk Options
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4043.86 MB
Available physical RAM: 3450.43 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3460.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.34 GB) (Free:406.51 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:10.32 GB) (Free:1.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (WDO_MEDIA64) (Removable) (Total:1.88 GB) (Free:1.55 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A338678A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-10-12 21:42

==================== End Of Log ============================

 

I'm assuming that "C:\ProgramData\gXgvXrXn\gXgvXrXn.exe" is the problem, but I'm not sure how to rid myself of it in the registry.

 

Any help is greatly appreciated!

 

Thanks!



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 14 November 2013 - 03:57 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM\...\Run: [AS2014] - C:\ProgramData\gXgvXrXn\gXgvXrXn.exe [609928 2013-10-22] ()
    HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\gXgvXrXn\gXgvXrXn.exe -sm,
    HKU\Tatyana\...\Run: [BrowserSafeguard] - C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [565248 2013-10-01] (BrowserSafeguard)
    HKU\Tatyana\...\Run: [AS2014] - C:\ProgramData\gXgvXrXn\gXgvXrXn.exe [609928 2013-10-22] ()
    AppInit_DLLs-x32: c:\progra~3\videop~1\261249~1.132\{16cdf~1\videom~1.dll  [ ] ()
    
    S2 Level Quality Watcher; C:\Windows\Installer\MSID405.tmp [507912 2013-10-17] ()
    S2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]
    
    C:\Users\Tatyana\Desktop\Antivirus Security Pro support.url
    C:\Users\Tatyana\Desktop\Antivirus Security Pro.lnk
    C:\Program Files (x86)\Browsersafeguard
    C:\ProgramData\gXgvXrXn
    c:\progra~3\videop~1
    C:\Windows\Installer\MSID405.tmp
    C:\ProgramData\IBUpdaterService
    C:\Program Files (x86)\ScorpionSaver
    C:\Users\Tatyana\AppData\Roaming\File Scout
    C:\Program Files (x86)\Yontoo

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Try to boot into windows now!

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 devochka1975

devochka1975
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 14 November 2013 - 07:58 PM

Here is Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01
Ran by SYSTEM at 2013-11-14 16:53:54 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [AS2014] - C:\ProgramData\gXgvXrXn\gXgvXrXn.exe [609928 2013-10-22] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\gXgvXrXn\gXgvXrXn.exe -sm,
HKU\Tatyana\...\Run: [BrowserSafeguard] - C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [565248 2013-10-01] (BrowserSafeguard)
HKU\Tatyana\...\Run: [AS2014] - C:\ProgramData\gXgvXrXn\gXgvXrXn.exe [609928 2013-10-22] ()
AppInit_DLLs-x32: c:\progra~3\videop~1\261249~1.132\{16cdf~1\videom~1.dll  [ ] ()

S2 Level Quality Watcher; C:\Windows\Installer\MSID405.tmp [507912 2013-10-17] ()
S2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]

C:\Users\Tatyana\Desktop\Antivirus Security Pro support.url
C:\Users\Tatyana\Desktop\Antivirus Security Pro.lnk
C:\Program Files (x86)\Browsersafeguard
C:\ProgramData\gXgvXrXn
c:\progra~3\videop~1
C:\Windows\Installer\MSID405.tmp
C:\ProgramData\IBUpdaterService
C:\Program Files (x86)\ScorpionSaver
C:\Users\Tatyana\AppData\Roaming\File Scout
C:\Program Files (x86)\Yontoo
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\Tatyana\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard => Value deleted successfully.
HKU\Tatyana\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
Level Quality Watcher => Service not found.
IBUpdaterService => Service deleted successfully.
C:\Users\Tatyana\Desktop\Antivirus Security Pro support.url => Moved successfully.
C:\Users\Tatyana\Desktop\Antivirus Security Pro.lnk => Moved successfully.
C:\Program Files (x86)\Browsersafeguard => Moved successfully.
"C:\ProgramData\gXgvXrXn" => File/Directory not found.
c:\progra~3\videop~1 => Moved successfully.
C:\Windows\Installer\MSID405.tmp => Moved successfully.
C:\ProgramData\IBUpdaterService => Moved successfully.
C:\Program Files (x86)\ScorpionSaver => Moved successfully.
C:\Users\Tatyana\AppData\Roaming\File Scout => Moved successfully.
"C:\Program Files (x86)\Yontoo" => File/Directory not found.

==== End of Fixlog ====

 

The computer is still stuck at the black screen with cursor when attempting either a safe boot or normal boot.

 

Thanks again for your help!



#4 devochka1975

devochka1975
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 14 November 2013 - 08:16 PM

After attempting to boot and getting the same problem, I booted to the recovery partition again and re-ran FRST.   Here is the updated log from after the fix:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by SYSTEM on MININT-8K44F5U on 14-11-2013 17:11:50
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKU\Tatyana\...\Run: [Google Update] - C:\Users\Tatyana\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-31] (Google Inc.)
HKU\Tatyana\...\Run: [Desktop Software] - C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini [1093 2012-05-10] ()
HKU\Tatyana\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Tatyana\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\Tatyana\...\Run: [GoogleChromeAutoLaunch_32D65B4D01A6925B2DE068C8AF351FC3] - C:\Users\Tatyana\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-08] (Google Inc.)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-24] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-12-24] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120120.002\IDSvia64.sys [488568 2011-12-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120120.035\ENG64.SYS [117880 2011-12-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120120.035\EX64.SYS [2048632 2011-12-24] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-31] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 314C17917AC8523EC77A710215012A65
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\Apfiltr.sys D80CB25D90474C731C0D1312A6DE3B13
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys C8679A07267F030704168E45E27C3D43
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys 1D757A7E020C577C4259A755F21B7152
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\BVRPMPR5a64.SYS 9887CA12F407D7FBC7F48F3678F5F0B6
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\CHDRT64.sys 61F989B3E4C097DE52330BA00FCBCB67
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1y60x64.sys 50AD8FC1DC800FF36087994C8F7FDFF2
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 5CCF1BE80930AEB1CDEBF561666325E8
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7A898E4A744621711BE7E7B796C69876
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys F7CE9BE72EDAC499B713ECA6DAE5D26F
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120120.002\IDSvia64.sys 0B97F1A640AD3D159A7B5D2164C42E50
C:\Windows\System32\DRIVERS\igdkmd64.sys EFE5A0AF39A8E179624117C521F1E012
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\system32\drivers\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120120.035\ENG64.SYS 2DBE90210DE76BE6E1653BB20EC70EC2
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120120.035\EX64.SYS 346DA70E203B8E2C850277713DE8F71B
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsPStor.sys 546D7F426776090B90EF5F195B6AE662
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EA5532868BA76923D75BCB2A1448D810
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\SFEP.sys 286D3889E6AB5589646FF8A63CB928AE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS 90EF30C3867BCDE4579C01A6D6E75A7A
C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS C513E8A5E7978DA49077F5484344EE1B
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS 6160145C7A87FC7672E8E3B886888176
C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS 96AEED40D4D3521568B42027687E69E0
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 21A1C2D694C3CF962D31F5E873AB3D6F
C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS BD0D711D8CBFCAA19CA123306EAF53A5
C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS A6ADB3D83023F8DAA0F7B6FDA785D83B
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 01:39 - 2013-11-14 01:39 - 00000000 ____D C:\Registry
2013-11-14 00:37 - 2011-02-24 21:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\System32\explorer.exe
2013-11-12 18:53 - 2013-11-12 18:53 - 00000000 ____D C:\FRST
2013-11-12 18:32 - 2013-11-12 18:32 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-23 23:18 - 2013-10-23 23:18 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\Tific
2013-10-22 21:22 - 2013-10-22 21:22 - 00819176 _____ (Google Inc.) C:\Users\Tatyana\Downloads\ChromeSetup.exe
2013-10-20 19:42 - 2013-10-20 19:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-20 19:32 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-20 19:32 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-20 19:32 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-20 19:32 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-20 19:32 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-20 19:32 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-20 19:32 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-20 19:32 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-20 19:32 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-20 19:32 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-20 19:32 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-20 19:32 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-20 19:31 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-20 19:31 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-17 08:03 - 2013-11-10 16:58 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-10-17 08:03 - 2013-10-20 19:56 - 00003352 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-79780606-3074000642-1536530158-1005
2013-10-17 08:03 - 2013-10-20 19:56 - 00003222 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-79780606-3074000642-1536530158-1005
2013-10-17 08:03 - 2013-10-17 08:03 - 00003870 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\RealNetworks
2013-10-17 08:02 - 2013-10-17 08:02 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00001224 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-10-17 08:02 - 2013-10-17 08:02 - 00001224 _____ C:\ProgramData\Desktop\RealPlayer.lnk
2013-10-17 08:02 - 2013-10-17 08:02 - 00000000 ____D C:\ProgramData\RealNetworks
2013-10-17 08:02 - 2013-10-17 08:02 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-10-17 08:01 - 2013-10-17 08:03 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\Real
2013-10-17 08:01 - 2013-10-17 08:03 - 00000000 ____D C:\ProgramData\Real
2013-10-17 08:01 - 2013-10-17 08:02 - 00000000 ____D C:\Program Files (x86)\Real

==================== One Month Modified Files and Folders =======

2013-11-14 01:39 - 2013-11-14 01:39 - 00000000 ____D C:\Registry
2013-11-13 23:42 - 2010-11-20 19:47 - 00014994 _____ C:\Windows\PFRO.log
2013-11-12 18:53 - 2013-11-12 18:53 - 00000000 ____D C:\FRST
2013-11-12 18:32 - 2013-11-12 18:32 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-10 19:51 - 2013-03-08 11:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 19:51 - 2011-12-31 01:33 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-79780606-3074000642-1536530158-1005UA.job
2013-11-10 19:51 - 2011-12-24 20:42 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{49FCDBA7-3DB9-4A0F-9DF7-785764D713C5}
2013-11-10 19:51 - 2011-11-22 22:17 - 02038307 _____ C:\Windows\WindowsUpdate.log
2013-11-10 16:58 - 2013-10-17 08:03 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-11-07 11:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-11-07 11:19 - 2009-07-13 20:45 - 00020928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-07 11:19 - 2009-07-13 20:45 - 00020928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-07 11:17 - 2009-07-13 21:13 - 00775290 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-07 11:12 - 2011-12-24 22:11 - 00000000 ____D C:\Users\Tatyana\AppData\Local\CrashDumps
2013-11-07 11:11 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-07 11:11 - 2009-07-13 20:51 - 00090517 _____ C:\Windows\setupact.log
2013-11-07 10:46 - 2011-12-31 01:33 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-79780606-3074000642-1536530158-1005Core.job
2013-11-07 08:15 - 2012-03-27 10:35 - 00576783 _____ C:\test.xml
2013-10-23 23:18 - 2013-10-23 23:18 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\Tific
2013-10-22 21:22 - 2013-10-22 21:22 - 00819176 _____ (Google Inc.) C:\Users\Tatyana\Downloads\ChromeSetup.exe
2013-10-22 21:18 - 2012-01-02 00:45 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\Skype
2013-10-20 19:56 - 2013-10-17 08:03 - 00003352 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-79780606-3074000642-1536530158-1005
2013-10-20 19:56 - 2013-10-17 08:03 - 00003222 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-79780606-3074000642-1536530158-1005
2013-10-20 19:49 - 2009-07-13 20:45 - 00301392 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-20 19:43 - 2013-03-08 11:32 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-20 19:43 - 2013-03-08 11:32 - 00001931 _____ C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2013-10-20 19:42 - 2013-10-20 19:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 22:54 - 2012-01-02 00:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-17 22:54 - 2012-01-02 00:45 - 00000000 ____D C:\ProgramData\Skype
2013-10-17 08:03 - 2013-10-17 08:03 - 00003870 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2013-10-17 08:03 - 2013-10-17 08:03 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\RealNetworks
2013-10-17 08:03 - 2013-10-17 08:01 - 00000000 ____D C:\Users\Tatyana\AppData\Roaming\Real
2013-10-17 08:03 - 2013-10-17 08:01 - 00000000 ____D C:\ProgramData\Real
2013-10-17 08:02 - 2013-10-17 08:02 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-10-17 08:02 - 2013-10-17 08:02 - 00001224 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-10-17 08:02 - 2013-10-17 08:02 - 00001224 _____ C:\ProgramData\Desktop\RealPlayer.lnk
2013-10-17 08:02 - 2013-10-17 08:02 - 00000000 ____D C:\ProgramData\RealNetworks
2013-10-17 08:02 - 2013-10-17 08:02 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-10-17 08:02 - 2013-10-17 08:01 - 00000000 ____D C:\Program Files (x86)\Real
2013-10-17 08:02 - 2011-05-03 22:56 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-10-17 08:02 - 2011-05-03 22:56 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-10-17 07:35 - 2011-12-31 01:37 - 00002378 _____ C:\Users\Tatyana\Desktop\Google Chrome.lnk

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2011-12-25 10:31] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {54c2ad69-761d-11e0-9121-78843cdf0a15}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {54c2ad69-761d-11e0-9121-78843cdf0a15}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{54c2ad6c-761d-11e0-9121-78843cdf0a15}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{54c2ad6c-761d-11e0-9121-78843cdf0a15}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {54c2ad69-761d-11e0-9121-78843cdf0a15}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {54c2ad6c-761d-11e0-9121-78843cdf0a15}
description             Ramdisk Options
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4043.86 MB
Available physical RAM: 3420.52 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3430.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.34 GB) (Free:407.6 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:10.32 GB) (Free:1.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (WDO_MEDIA64) (Removable) (Total:1.88 GB) (Free:1.53 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A338678A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-10-12 21:42

==================== End Of Log ============================



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 15 November 2013 - 03:50 AM

Kaspersky Windows Unlocker

  • Download Kaspersky Rescue Disk (iso)
  • Burn it to a cd or dvd, if you need a program to burn an ISO...use Active@ ISO Burner
  • Configure your computer to boot from CD/DVD
  • Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
  • Once you have the cd/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • Click on the Start button located in the left bottom corner of the screen
  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Metropolitan Police Virus Note: If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter

krd5.jpg


  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility
  • Click on My Update Center tab and press Start to download the latest update
  • Next, select the Object Scan tab
  • Put a check next to C:\ and any other local drives
  • Then click Start Objects Scan
  • Quarantine any malware found
  • Restart your computer and see if it boots up normally.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 devochka1975

devochka1975
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 16 November 2013 - 04:12 PM

Downloaded and ran Kaspersky Rescue disc.  The WindowsUnlocker was not on the menu, so I ran it from the terminal.  It found and removed several "suspicious" registry entries related to Google Chrome and Google Updater.

 

I updated the antivirus definitions and ran a full scan.  Nothing found.

 

Tried rebooting, still stuck at black screen with white cursor.  CTRL-ALT-DEL still non-functional.

 

Any additional suggestions?

 

Thanks again for your help!



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 18 November 2013 - 03:25 AM

Please try to fix your profile following this MS article:

http://windows.microsoft.com/en-us/windows-vista/fix-a-corrupted-user-profile

 

Tell me if that worked for you.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 devochka1975

devochka1975
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 19 November 2013 - 03:48 AM

Please try to fix your profile following this MS article:

http://windows.microsoft.com/en-us/windows-vista/fix-a-corrupted-user-profile

 

Tell me if that worked for you.

 

I cannot login to the computer to create a user account.  Any suggestions on how to do this from the recovery console or from another computer (I can take the drive out of the laptop and plug it into my desktop via a USB to SATA adapter)?

 

Thanks!



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 19 November 2013 - 04:23 AM

I need to knwo what the tools on the other computer removed fromn this system.

Please post up the log files.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 21 November 2013 - 09:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users