Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 64 Ultimate Black Screen With Cursor--Please Help


  • This topic is locked This topic is locked
16 replies to this topic

#1 TonyZ75

TonyZ75

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 26 January 2015 - 09:37 PM

Hi everyone,

 

Ive been an avid reader of Bleeping Computer now it seems I need help from the folks out there who rock this place. :)

 

Recently started experiencing the black screen with cursor. No matter how long it sits, I can never get to the logon screen in normal AND safe mode. I do have a repair disc. No ealier time back-ups work and the auto-fix cannot fix the problem. I can get into BIOS and the HD is set to IDE (Ive been reading around trying different things). I am thinking I should get the FRST64 and grab a log while I await a reply.

 

Some notable things that happened before the BSOD - Windows had two critical updates a couple days prior and AVG 2015 installed the day of. Interestingly enough the day before this happened i noticed a message from Maleware Bytes about I needed to reboot because a rootkit could not be removed. Ever since I rebooted its been BSOD city. Being there was a rootkit message I am thinking I got a bug.

 

Any help would be graciously appreciated!

 

Thank you!!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by SYSTEM on MININT-USKHPCS on 26-01-2015 20:37:36
Running from K:\
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-28] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9936512 2010-07-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QFan Help] => C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe [888960 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ASUSGamerOSD] => C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe [380928 2009-07-30] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2575896 2014-09-03] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKU\DJ ZAM\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\Mcx1-DJZAM-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\DJ ZAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-10-22] (Adobe Systems)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.)
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
S2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] ()
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-23] ()
S2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [63488 2009-12-01] (ASUSTeK COMPUTER INC.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.)
S2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [20480 2011-08-02] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.1.0.9\NSBU.exe [282528 2014-12-10] (Symantec Corporation)
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-07-06] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AODDriver; C:\Program Files\ASUS\GPU Boost Driver\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
S3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
S3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-06] (AVG Technologies)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [192000 2011-08-02] (© Guillemot R&D, 2010. All rights reserved.)
S1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1601000.009\ccSetx64.sys [165080 2014-09-08] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
S1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2012-01-15] (ASUSTeK Computer Inc.)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2007-06-18] (LeapFrog)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [263680 2011-08-02] (© Guillemot R&D, 2010. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [240640 2011-08-02] (© Guillemot R&D, 2011. All rights reserved.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-23] ()
S1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\IPSDefs\20150123.001\IDSvia64.sys [668888 2015-01-13] (Symantec Corporation)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1601000.009\SRTSP64.SYS [914648 2014-12-01] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1601000.009\SRTSPX64.SYS [42200 2014-09-08] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NSBUx64\1601000.009\SYMDS64.SYS [490712 2014-09-08] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NSBUx64\1601000.009\SYMEFA64.SYS [1151704 2014-09-08] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2014-10-15] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1601000.009\Ironx64.SYS [271576 2014-09-08] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1601000.009\SYMNETS.SYS [565464 2014-09-08] (Symantec Corporation)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
S3 wanatw; No ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150123.019\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150123.019\EX64.SYS [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 322E5C178990F116F00E3D923F4E6B1C
C:\Windows\System32\DRIVERS\atikmpag.sys 961A81A84FDD700E361E8294528A37BA
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Program Files\ASUS\GPU Boost Driver\amd64\AODDriver.sys B934322C68C30DCECA96C0274A51F7B0
C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys 6830DCC0262DCAE2235D8E395C4D4E1D
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys F312FAD7DBD49ED21A194AC71B497832
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys F6BDA026E4157DC4E321CA391E9D9BC6
C:\Windows\SysWow64\drivers\AsUpIO.sys 26D66E32E78D3059715B3A17BC679CD9
C:\Windows\System32\drivers\asusgsb.sys A4398A8914C32F18EC2AB562CBA3CAAF
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys DBB487D09F56C674430AC454FD8BCAB9
C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\System32\drivers\ATKDispLowFilter.sys FB4187C282CB467E5E606913A1FA79A3
C:\Windows\System32\DRIVERS\avgdiska.sys 54FE1CAFA3B3029B282E6A05EA672031
C:\Windows\System32\DRIVERS\avgidsdrivera.sys A3124AC9C0AF30ABD000A7CB5779C101
C:\Windows\System32\DRIVERS\avgidsha.sys 68070AEEE757ACC6EC5BC291B1E8EA1A
C:\Windows\System32\DRIVERS\avgldx64.sys 7C9E8FD2BFCE60BDF9B5944C0BE47C87
C:\Windows\System32\DRIVERS\avgloga.sys 734DCC05A7F327FDCE43A18BA011FD4E
C:\Windows\System32\DRIVERS\avgmfx64.sys B4D589C734D796B5B76E0A0E5DA50397
C:\Windows\System32\DRIVERS\avgrkx64.sys 3CE824D46BA1871713ABF147E6BAD556
C:\Windows\System32\DRIVERS\avgtdia.sys 0BB7ECAC81554D83A66A0B9F961BB9D0
C:\Windows\system32\drivers\avgtpx64.sys 7688C67BDF55500C1FDC8291230C397D
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\BASHDefs\20150106.001\BHDrvx64.sys 5B474BB95B8C7B9D15E82390F9A4FE75
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HDJBulk.sys 7B70ED64ECCD8EE837EDA4245050AB9F
C:\Windows\system32\drivers\NSBUx64\1601000.009\ccSetx64.sys 09A841B941CB375793AA174A60BEAAD5
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 30710AEFCE721CEEE0F35EB6A01C263C
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 47A68B3DBBB34D4FE61DE221A8536627
C:\Windows\System32\DRIVERS\EIO64.sys 343ADA10D948DB29251F2D9C809AF204
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys B9773081AAF65E6D553496BA0CADCBB3
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FlyUsb.sys 6CD6BB45BD3E0EEF6CE496BF52854FF1
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HDJAsioK.sys 606A8AB506D02EB454340DB1FE26C92C
C:\Windows\System32\DRIVERS\HDJMidi.sys 91B8F0F989454A0A21242BB38EA6C408
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hitmanpro37.sys FCE2251FE4464DCAA2F4684F19A8EE9B
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\IPSDefs\20150123.001\IDSvia64.sys 77095B7820F1690A5A9DE26AF6819F20
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys A3BCBD0F710580A07D1B929D787D36CE
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\IOMap64.sys A01C412699B6F21645B2885C2BAE4454
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\jraid.sys 4A8A242FDA43765F4F73ECDE2BA0D62A
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LVPr2M64.sys B3944D06EB4B64D57BD7E5FE89415F58
C:\Windows\System32\DRIVERS\LVPr2M64.sys B3944D06EB4B64D57BD7E5FE89415F58
C:\Windows\System32\DRIVERS\lvrs64.sys 0C85B2B6FB74B36A251792D45E0EF860
C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8
C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579
C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\Windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C
C:\Windows\System32\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF
C:\Windows\SysWOW64\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 19B006B181E3875FD254F7B67ACF1E7C
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 285ACEC1B13A15BA520AAE06BACB9CFF
C:\Windows\System32\DRIVERS\nusb3xhc.sys F6D625FF7B56BB6EA063F0D3A5BBC996
C:\Windows\System32\drivers\nvhda64v.sys 1F07B814C0BB5AABA703ABFF1F31F2E8
C:\Windows\System32\DRIVERS\nvlddmkm.sys FE2909F7DFB12B9A20AD207FE23B7E96
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ser2pl64.sys 052D4299E72FFFCCD9A168ADCDF5C450
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NSBUx64\1601000.009\SRTSP64.SYS 7F242B9CA9297A427E73C7D819DA2F73
C:\Windows\system32\drivers\NSBUx64\1601000.009\SRTSPX64.SYS 896088EAE00305E6BA9B081114B23DAE
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 91310683D7B6B292B746D60734B59322
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NSBUx64\1601000.009\SYMDS64.SYS 3E10ECB0188163B935273D5F8370FD04
C:\Windows\System32\drivers\NSBUx64\1601000.009\SYMEFA64.SYS 642A53193D4767B3B6356E809A20EC7C
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 37DA6EC1E8C88C7D859989E668863712
C:\Windows\system32\drivers\NSBUx64\1601000.009\Ironx64.SYS 7828EABA7736518FAC675F36134B2EDB
C:\Windows\System32\Drivers\NSBUx64\1601000.009\SYMNETS.SYS 52C0A3DDFE46CB238C74B136D522DEA3
C:\Windows\System32\drivers\SynUSB64.sys 512231BA47975F3F1A67B11F271BB49D
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917
C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C
C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20
C:\Windows\System32\DRIVERS\vpcuxd.sys 63F4E10873BEB4124028C6D1A66B0968
C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\drivers\WmBEnum.sys 680A7846370000D20D7E74917D5B7936
C:\Windows\System32\drivers\WmFilter.sys 14C35BA8189C6F65D839163AA285E954
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\WmVirHid.sys 8488DD91A3EE54A8E29F02AD7BB8201E
C:\Windows\System32\drivers\WmXlCore.sys 14802B3A30AA849C97CB968CCC813BF3
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 19:06 - 2015-01-26 20:37 - 00000000 ____D () C:\FRST
2015-01-25 22:40 - 2015-01-25 22:40 - 00000000 _____ () C:\Windows\System32\config\SOFTWARE8cd2c6a4
2015-01-25 22:19 - 2015-01-25 22:19 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2015-01-25 20:47 - 2015-01-25 20:47 - 00000000 __SHD () C:\found.001
2015-01-25 15:47 - 2015-01-25 15:49 - 00024576 _____ () C:\bcdbackup
2015-01-25 15:47 - 2015-01-25 15:49 - 00021504 ___SH () C:\bcdbackup.LOG
2015-01-25 10:34 - 2015-01-25 12:29 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2015-01-24 16:45 - 2015-01-24 16:45 - 00003584 _____ () C:\Users\Mcx1-DJZAM-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-24 16:45 - 2015-01-24 16:45 - 00000000 ____D () C:\Users\Mcx1-DJZAM-PC\AppData\Local\Google
2015-01-14 15:19 - 2015-01-14 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-04 11:03 - 2015-01-04 11:03 - 00003006 _____ () C:\Windows\System32\Tasks\{72A98295-5549-422F-9179-ADE71523BA26}
2015-01-04 11:03 - 2015-01-04 11:03 - 00003006 _____ () C:\Windows\System32\Tasks\{0208F6DA-DF8F-48E7-A769-F095DC2DF25A}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 18:00 - 2011-12-18 17:43 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-26 17:54 - 2011-11-23 23:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-25 22:48 - 2013-12-08 23:30 - 00000000 ____D () C:\NBRT
2015-01-25 19:39 - 2011-12-17 12:21 - 00000177 ____H () C:\dvmexp.idx
2015-01-25 19:28 - 2009-07-13 20:45 - 00003072 _____ () C:\Windows\System32\umstartup.etl
2015-01-25 11:12 - 2011-12-17 12:20 - 00000000 ____D () C:\temp
2015-01-25 08:50 - 2014-05-08 19:14 - 01043514 _____ () C:\Windows\PFRO.log
2015-01-24 21:54 - 2011-10-09 19:43 - 01478980 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 21:42 - 2014-04-19 18:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-24 21:17 - 2012-04-04 08:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 21:04 - 2013-08-30 08:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 21:04 - 2013-08-30 08:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 20:17 - 2012-04-04 08:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 20:17 - 2012-04-04 08:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 20:17 - 2011-10-09 20:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 19:49 - 2013-11-17 15:04 - 02924032 ___SH () C:\Users\DJ ZAM\Desktop\Thumbs.db
2015-01-24 19:30 - 2012-08-24 16:11 - 00000000 ____D () C:\Users\DJ ZAM\Desktop\DropBoxStuff
2015-01-24 19:05 - 2014-10-18 09:42 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-24 18:37 - 2014-10-18 09:39 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-24 10:15 - 2014-04-05 22:35 - 00024473 _____ () C:\Users\DJ ZAM\Desktop\DataZam.xlsx
2015-01-24 09:58 - 2009-07-13 20:45 - 00013760 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 09:58 - 2009-07-13 20:45 - 00013760 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 09:51 - 2013-12-12 19:21 - 00000000 ___RD () C:\Users\DJ ZAM\Google Drive
2015-01-24 09:51 - 2012-03-12 20:32 - 00000000 ___RD () C:\Users\DJ ZAM\Dropbox
2015-01-24 09:51 - 2012-03-12 20:30 - 00000000 ____D () C:\Users\DJ ZAM\AppData\Roaming\Dropbox
2015-01-24 09:49 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 09:48 - 2014-05-08 19:14 - 00020114 _____ () C:\Windows\setupact.log
2015-01-24 03:06 - 2013-08-30 08:56 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-23 16:49 - 2014-04-27 17:33 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-01-18 08:04 - 2011-10-09 19:46 - 00000000 ____D () C:\Windows\AsusInstAll
2015-01-17 21:00 - 2014-04-19 18:09 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 21:00 - 2014-04-19 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 15:47 - 2014-01-01 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-12 11:25 - 2012-01-15 10:13 - 00000000 ____D () C:\Program Files (x86)\Jnes
2015-01-12 11:08 - 2012-01-15 02:32 - 00000000 ____D () C:\Program Files\Stella
2015-01-04 11:36 - 2011-11-11 18:02 - 00000000 ___RD () C:\Users\DJ ZAM\Virtual Machines
2015-01-04 10:47 - 2014-10-14 07:05 - 00000000 ____D () C:\Users\DJ ZAM\Desktop\GAMES
2015-01-04 10:44 - 2014-06-03 19:27 - 00036138 _____ () C:\Windows\DirectX.log
2015-01-04 10:39 - 2013-03-20 16:17 - 00000000 ____D () C:\Users\DJ ZAM\AppData\Local\JDownloader 2.0
2015-01-03 12:39 - 2013-03-24 17:27 - 00000000 ____D () C:\Users\DJ ZAM\AppData\Roaming\abgx360
2014-12-31 03:14 - 2011-10-13 17:17 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-12-29 08:05 - 2013-11-30 15:47 - 00000000 ____D () C:\Users\DJ ZAM\AppData\Roaming\HpUpdate
 
Some content of TEMP:
====================
C:\Users\DJ ZAM\AppData\Local\Temp\AcDeltree.exe
C:\Users\DJ ZAM\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo0r3vu.dll
C:\Users\DJ ZAM\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\DJ ZAM\AppData\Local\Temp\proxy_vole7980632695213302203.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-01-17 16:00:23
Restore point made on: 2015-01-17 16:55:33
Restore point made on: 2015-01-19 17:58:31
Restore point made on: 2015-01-22 15:53:41
Restore point made on: 2015-01-22 16:59:57
Restore point made on: 2015-01-23 17:28:02
Restore point made on: 2015-01-24 19:01:25
Restore point made on: 2015-01-24 21:37:37
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
default                 {default}
displayorder            {default}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Ultimate
locale                  en-US
osdevice                partition=C:
systemroot              \Windows
resumeobject            {4167324d-a4dc-11e4-8907-806e6f6e6963}
 
Windows Boot Loader
-------------------
identifier              {f011bab9-a4ec-11e4-8f97-f41d13946564}
device                  ramdisk=[C:]\Recovery\54728292-f30a-11e0-8ba5-80381fa80df2\Winre.wim,{f011baba-a4ec-11e4-8f97-f41d13946564}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered) 
locale                  
osdevice                ramdisk=[C:]\Recovery\54728292-f30a-11e0-8ba5-80381fa80df2\Winre.wim,{f011baba-a4ec-11e4-8f97-f41d13946564}
systemroot              \windows
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {4167324d-a4dc-11e4-8907-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Ultimate
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
 
Device options
--------------
identifier              {f011baba-a4ec-11e4-8f97-f41d13946564}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\54728292-f30a-11e0-8ba5-80381fa80df2\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 8190.12 MB
Available physical RAM: 7274.46 MB
Total Pagefile: 8188.27 MB
Available Pagefile: 7294.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.5 GB) (Free:426.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive e: (KNOPPIX) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
Drive j: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:268.96 GB) NTFS
Drive k: (WDO_MEDIA64) (Removable) (Total:0.98 GB) (Free:0.98 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 82828282)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CE02883D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 512 byte) (Disk ID: 49E2A461)
Partition 1: (Active) - (Size=1009 MB) - (Type=0C)
 
 
LastRegBack: 2015-01-24 00:28
 
==================== End Of Log ============================

 

UPDATE - Here is a FRST64 log


Edited by hamluis, 28 January 2015 - 03:28 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 TonyZ75

TonyZ75
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 28 January 2015 - 07:26 PM

I see the post was moved to the virus section. All of my old posts are gone.

 

Am I starting from scratch here? :) Well if so, does anyone have any ideas? I am preparing to wipe my computer thought I really REALLY hate to have it come to that. :(

 

Thanks for ANY help you guys can offer!



#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:24 AM

Posted 28 January 2015 - 08:08 PM

Hello TonyZ75,

  •  

     

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Mcx1-DJZAM-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Try and boot the amchine after this fix.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 TonyZ75

TonyZ75
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 28 January 2015 - 09:16 PM

Hi Fireman4it! Thank you so much!

 

I am working on steps right now, be back shortly.



#5 TonyZ75

TonyZ75
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 28 January 2015 - 09:48 PM

OK - Here is the log.

 

I attempted a normal restart still getting the black screen.

I also attempted a safe mode start and driver loading hang for about 30 seconds at file AtiPcie.sys then goes to black screen with cursor.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by SYSTEM at 2015-01-28 20:47:18 Run:1
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Mcx1-DJZAM-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
*****************

HKU\Mcx1-DJZAM-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.

==== End of Fixlog 20:47:18 ====



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:24 AM

Posted 28 January 2015 - 09:53 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
 

LastRegBack: 2015-01-24 00:28

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

see if it will boot now?


Edited by fireman4it, 28 January 2015 - 09:54 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 TonyZ75

TonyZ75
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 28 January 2015 - 10:03 PM

OK

 

Normal restart - Same results

 

Safe Mode restart - Same results

 

I had ran scans and tried a few other methods after I posted the original log in the first post. Would you like me to rescan and post full FRST64 log again so its up to date?

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by SYSTEM at 2015-01-28 21:02:30 Run:2
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2015-01-24 00:28
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog 21:02:41 ====



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:24 AM

Posted 28 January 2015 - 10:06 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

RestoreQuarantine:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

now see if it will boot.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 TonyZ75

TonyZ75
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 28 January 2015 - 10:13 PM

OK

 

Normal Start - No Change

Safe Mode Start - No Change

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by SYSTEM at 2015-01-28 21:12:46 Run:3
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
RestoreQuarantine:
*****************

RestoreQuarantine:=> Restoring from Quarantine completed.

==== End of Fixlog 21:12:46 ====



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:24 AM

Posted 28 January 2015 - 10:15 PM

Please post a new FRST.txt. The problem is you may have deleted files you need to boot the machine.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 TonyZ75

TonyZ75
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 28 January 2015 - 10:23 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by SYSTEM on MININT-6VNRJJN on 28-01-2015 21:25:45
Running from J:\
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-28] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9936512 2010-07-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QFan Help] => C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe [888960 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ASUSGamerOSD] => C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe [380928 2009-07-30] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2575896 2014-09-03] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-10-22] (Adobe Systems)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.)
S4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2010-05-21] ()
S2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] ()
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-23] ()
S2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [63488 2009-12-01] (ASUSTeK COMPUTER INC.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.)
S2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [20480 2011-08-02] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.1.0.9\NSBU.exe [282528 2014-12-10] (Symantec Corporation)
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-07-06] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files\ASUS\GPU Boost Driver\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
S3 AODDriver2; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-05-21] (Advanced Micro Devices)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
S3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-06] (AVG Technologies)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [192000 2011-08-02] (© Guillemot R&D, 2010. All rights reserved.)
S1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1601000.009\ccSetx64.sys [165080 2014-09-08] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
S1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2012-01-15] (ASUSTeK Computer Inc.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2007-06-18] (LeapFrog)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [263680 2011-08-02] (© Guillemot R&D, 2010. All rights reserved.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [240640 2011-08-02] (© Guillemot R&D, 2011. All rights reserved.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-23] ()
S1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\IPSDefs\20150123.001\IDSvia64.sys [668888 2015-01-13] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1601000.009\SRTSP64.SYS [914648 2014-12-01] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1601000.009\SRTSPX64.SYS [42200 2014-09-08] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NSBUx64\1601000.009\SYMDS64.SYS [490712 2014-09-08] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NSBUx64\1601000.009\SYMEFA64.SYS [1151704 2014-09-08] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2014-10-15] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1601000.009\Ironx64.SYS [271576 2014-09-08] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1601000.009\SYMNETS.SYS [565464 2014-09-08] (Symantec Corporation)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
S3 wanatw; No ImagePath
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150123.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150123.003\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 21:02 - 2015-01-28 21:02 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2015-01-28 10:51 - 2015-01-28 10:51 - 00000069 _____ () C:\Program Files (x86)\.directory
2015-01-27 21:45 - 2015-01-27 21:52 - 00000000 ____D () C:\MOUNT
2015-01-26 19:06 - 2015-01-28 21:25 - 00000000 ____D () C:\FRST
2015-01-25 22:40 - 2015-01-25 22:40 - 00000000 _____ () C:\Windows\System32\config\SOFTWARE8cd2c6a4
2015-01-25 22:19 - 2015-01-25 22:19 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2015-01-25 20:47 - 2015-01-25 20:47 - 00000000 __SHD () C:\found.001
2015-01-25 15:47 - 2015-01-27 22:25 - 00024576 _____ () C:\bcdbackup
2015-01-25 15:47 - 2015-01-27 22:25 - 00021504 ___SH () C:\bcdbackup.LOG
2015-01-25 10:34 - 2015-01-28 12:43 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2015-01-24 16:45 - 2015-01-24 16:45 - 00003584 _____ () C:\Users\Mcx1-DJZAM-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-24 16:45 - 2015-01-24 16:45 - 00000000 ____D () C:\Users\Mcx1-DJZAM-PC\AppData\Local\Google
2015-01-14 15:19 - 2015-01-14 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-04 11:03 - 2015-01-04 11:03 - 00003006 _____ () C:\Windows\System32\Tasks\{72A98295-5549-422F-9179-ADE71523BA26}
2015-01-04 11:03 - 2015-01-04 11:03 - 00003006 _____ () C:\Windows\System32\Tasks\{0208F6DA-DF8F-48E7-A769-F095DC2DF25A}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 19:17 - 2014-05-08 19:14 - 02438872 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-01-28 19:16 - 2011-10-09 19:43 - 00000000 ____D () C:\users\DJ ZAM
2015-01-28 19:15 - 2011-11-23 23:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-28 12:03 - 2012-12-16 16:21 - 00000000 ____D () C:\Users\DJ ZAM\Desktop\EMULATORS
2015-01-28 11:21 - 2011-10-17 18:27 - 00000000 ____D () C:\Users\DJ ZAM\Desktop\XBOX-BURNING
2015-01-28 11:16 - 2011-12-26 21:18 - 00000000 ____D () C:\Program Files (x86)\Fisher-Price
2015-01-28 10:52 - 2011-12-22 16:15 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2015-01-28 10:51 - 2012-12-17 16:36 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-27 20:56 - 2009-07-13 18:34 - 119799808 _____ () C:\Windows\System32\config\software.old
2015-01-27 20:41 - 2009-07-13 18:34 - 57671680 _____ () C:\Windows\System32\config\system.old
2015-01-27 18:32 - 2009-07-13 18:34 - 00524288 _____ () C:\Windows\System32\config\default.old
2015-01-27 18:32 - 2009-07-13 18:34 - 00028672 _____ () C:\Windows\System32\config\security.old
2015-01-27 17:46 - 2011-12-17 12:21 - 00000177 ____H () C:\dvmexp.idx
2015-01-27 17:41 - 2011-12-18 17:43 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-26 19:37 - 2009-07-13 18:34 - 00065536 _____ () C:\Windows\System32\config\sam.old
2015-01-25 22:48 - 2013-12-08 23:30 - 00000000 ____D () C:\NBRT
2015-01-25 19:28 - 2009-07-13 20:45 - 00003072 _____ () C:\Windows\System32\umstartup.etl
2015-01-25 11:12 - 2011-12-17 12:20 - 00000000 ____D () C:\temp
2015-01-25 08:50 - 2014-05-08 19:14 - 01043514 _____ () C:\Windows\PFRO.log
2015-01-24 21:54 - 2011-10-09 19:43 - 01478980 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 21:42 - 2014-04-19 18:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-24 21:17 - 2012-04-04 08:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 21:04 - 2013-08-30 08:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 21:04 - 2013-08-30 08:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 20:17 - 2012-04-04 08:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 20:17 - 2012-04-04 08:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 20:17 - 2011-10-09 20:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 19:05 - 2014-10-18 09:42 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-24 18:37 - 2014-10-18 09:39 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-24 09:58 - 2009-07-13 20:45 - 00013760 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 09:58 - 2009-07-13 20:45 - 00013760 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 09:49 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 09:48 - 2014-05-08 19:14 - 00020114 _____ () C:\Windows\setupact.log
2015-01-24 03:06 - 2013-08-30 08:56 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-23 16:49 - 2014-04-27 17:33 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-01-18 08:04 - 2011-10-09 19:46 - 00000000 ____D () C:\Windows\AsusInstAll
2015-01-17 21:00 - 2014-04-19 18:09 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 21:00 - 2014-04-19 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 15:47 - 2014-01-01 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-12 11:25 - 2012-01-15 10:13 - 00000000 ____D () C:\Program Files (x86)\Jnes
2015-01-12 11:08 - 2012-01-15 02:32 - 00000000 ____D () C:\Program Files\Stella
2015-01-04 10:44 - 2014-06-03 19:27 - 00036138 _____ () C:\Windows\DirectX.log
2014-12-31 03:14 - 2011-10-13 17:17 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-01-17 16:00:23
Restore point made on: 2015-01-17 16:55:33
Restore point made on: 2015-01-19 17:58:31
Restore point made on: 2015-01-22 15:53:41
Restore point made on: 2015-01-22 16:59:57
Restore point made on: 2015-01-23 17:28:02
Restore point made on: 2015-01-24 19:01:25
Restore point made on: 2015-01-24 21:37:37

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 7934.12 MB
Available physical RAM: 7075.13 MB
Total Pagefile: 7932.27 MB
Available Pagefile: 7069.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.5 GB) (Free:569.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive j: (NBRT) (Removable) (Total:1.9 GB) (Free:1.9 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 82828282)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2015-01-24 00:28

==================== End Of Log ============================



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:24 AM

Posted 28 January 2015 - 10:28 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
 

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-07-06] (AVG Secure Search)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-06] (AVG Technologies)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-23] ()
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
S3 wanatw; No ImagePath
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150123.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150123.003\EX64.SYS [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2575896 2014-09-03] ()
2015-01-04 11:03 - 2015-01-04 11:03 - 00003006 _____ () C:\Windows\System32\Tasks\{72A98295-5549-422F-9179-ADE71523BA26}
2015-01-04 11:03 - 2015-01-04 11:03 - 00003006 _____ () C:\Windows\System32\Tasks\{0208F6DA-DF8F-48E7-A769-F095DC2DF25A}
2015-01-27 17:46 - 2011-12-17 12:21 - 00000177 ____H () C:\dvmexp.idx

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

see if it will boot now?


Edited by fireman4it, 28 January 2015 - 10:28 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 TonyZ75

TonyZ75
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 28 January 2015 - 10:39 PM

OK

 

Normal Start - No Change

Safe Start - No Change

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by SYSTEM at 2015-01-28 21:38:37 Run:4
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-07-06] (AVG Secure Search)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-06] (AVG Technologies)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-23] ()
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
S3 wanatw; No ImagePath
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150123.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150123.003\EX64.SYS [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2575896 2014-09-03] ()
2015-01-04 11:03 - 2015-01-04 11:03 - 00003006 _____ () C:\Windows\System32\Tasks\{72A98295-5549-422F-9179-ADE71523BA26}
2015-01-04 11:03 - 2015-01-04 11:03 - 00003006 _____ () C:\Windows\System32\Tasks\{0208F6DA-DF8F-48E7-A769-F095DC2DF25A}
2015-01-27 17:46 - 2011-12-17 12:21 - 00000177 ____H () C:\dvmexp.idx
*****************

AVGIDSAgent => Service deleted successfully.
avgwd => Service deleted successfully.
vToolbarUpdater3.1.0 => Service deleted successfully.
Avgdiska => Service deleted successfully.
AVGIDSDriver => Service deleted successfully.
AVGIDSHA => Service deleted successfully.
Avgldx64 => Service deleted successfully.
Avgloga => Service deleted successfully.
Avgmfx64 => Service deleted successfully.
Avgrkx64 => Service deleted successfully.
Avgtdia => Service deleted successfully.
avgtp => Service deleted successfully.
hitmanpro37 => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
wanatw => Service deleted successfully.
EraserUtilRebootDrv => Service deleted successfully.
NAVENG => Service deleted successfully.
NAVEX15 => Service deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
C:\Windows\System32\Tasks\{72A98295-5549-422F-9179-ADE71523BA26} => Moved successfully.
C:\Windows\System32\Tasks\{0208F6DA-DF8F-48E7-A769-F095DC2DF25A} => Moved successfully.
C:\dvmexp.idx => Moved successfully.

==== End of Fixlog 21:38:38 ====



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:24 AM

Posted 28 January 2015 - 10:45 PM

You must have removed a critical file with malwarebytes. You may need to reinstall the operating system


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 TonyZ75

TonyZ75
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 28 January 2015 - 10:49 PM

Drat.

 

Well, are we out of ideas? If so, I guess I will start preparing to reinstall.

 

I really appreciate your help! Thank you so much!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users