Jump to content

Thor351

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thor351
    Ok, so far so good. I have restored my computer however I haven't turn on my wifi connection yet. I will copy Malwarebytes from this laptop over to the other and run it first. The restore point completed and the system booted up normally.
  2. Thor351
    I noticed in the report I had several restore points i was unaware of. I am going to try a restore point from an earlier date and see what happens, I'll post the results.
  3. Thor351
    Hello I am new here. I have a nasty Ransomware on my win7 laptop. it has made safe mode unusable by changing the background color to black with black text. I was able to download Malwarebytes and install it blind (following the steps on another computer) I can run the scan but after 11 items found it has a popup that I can't read (black on black). So I read a thread here from the 10th and someone else couldn't start in safe mode. I downloaded FRST64 and ran it and here is the report: (I didn't proceed with the fix for the other user as it stated it was custom made for that user) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012 Ran by SYSTEM at 18-11-2012 08:01:56 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet003 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [] [x] HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup [17412200 2010-05-05] (NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10134560 2010-03-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [896032 2010-03-22] (Realtek Semiconductor) HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x] HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x] HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [x] HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [x] HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x] HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [x] HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [x] HKLM\...\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [x] HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [x] HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x] HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2010-02-22] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x] HKLM-x32\...\Run: [sVRemote] c:\Program Files\SVRemote\RemoteSvr.exe [20480 2007-09-17] () HKLM-x32\...\Run: [WinDVR SchSvr] "C:\Program Files (x86)\Common Files\InterVideo\SchSvr\SchSvr.exe" [106496 2004-09-08] (InterVideo Inc.) HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [NWEReboot] [x] HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2004-12-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] () HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-23] () HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1111432 2012-10-16] (Spigot, Inc.) HKU\Cameron\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-28] (Google Inc.) HKU\Cameron\...\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 [307200 2004-11-22] (Adobe Systems Incorporated) HKU\Cameron\...\Run: [Akamai NetSession Interface] "C:\Users\Cameron\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.) HKU\Cameron\...\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [1483264 2010-12-21] (Nokia) HKU\Cameron\...\Policies\system: [DisableTaskMgr] 1 HKU\UpdatusUser\...\Run: [] [x] HKU\UpdatusUser\...\RunOnce: [sysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe [x] HKU\UpdatusUser\...\RunOnce: [avg_spchecker] "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start [406856 2011-05-09] () HKLM\...\Winlogon: [shell] explorer.exe, C:\ProgramData\Msyitwgeawcb [x ] () Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 AppInit_DLLs: avgrssta.dll Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinTV Recording Status..lnk ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy Software Installer.lnk ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy Software Installer.lnk ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®) ==================== Services (Whitelisted) =================== 3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [69632 2010-12-30] (Adobe Systems) 2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll [4539712 2012-11-12] (Akamai Technologies, Inc.) 2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] () 4 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] () 2 avg9emc; "C:\Program Files (x86)\AVG\AVG9\avgemc.exe" [921952 2010-07-29] (AVG Technologies CZ, s.r.o.) 2 avg9wd; "C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" [308136 2010-07-29] (AVG Technologies CZ, s.r.o.) 2 avgfws9; "C:\Program Files (x86)\AVG\AVG9\avgfws9.exe" [2331544 2010-11-24] (AVG Technologies CZ, s.r.o.) 4 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent [5897808 2010-07-29] (AVG Technologies CZ, s.r.o.) 2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works) 2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () 2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation) 2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] () 2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2007-02-12] (Syntek America Inc.) 2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] () ==================== Drivers (Whitelisted) ===================== 3 Adwstrac; C:\Windows\system32\drivers\BtHidMgr.sys [49680 2007-03-05] (IVT Corporation.) 1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [29976 2010-07-29] (AVG Technologies CZ, s.r.o.) 3 AVGIDSDriverw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [132688 2010-07-29] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSErHrw7a; C:\Windows\System32\Drivers\AVGIDSwa.sys [27216 2010-07-29] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilterw7a; \??\C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [35920 2010-07-29] (AVG Technologies CZ, s.r.o. ) 1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [269904 2010-07-29] (AVG Technologies CZ, s.r.o.) 1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [35664 2011-09-13] (AVG Technologies CZ, s.r.o.) 0 AvgRkx64; C:\Windows\System32\Drivers\AvgRkx64.sys [56008 2010-07-29] (AVG Technologies CZ, s.r.o.) 1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.) 1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies) 3 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [38160 2007-05-11] (IVT Corporation.) 3 BlueletAudio; C:\Windows\SysWow64\Drivers\BlueletAudio.sys [38160 2007-05-11] (IVT Corporation.) 3 BlueletSCOAudio; C:\Windows\System32\Drivers\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.) 3 BlueletSCOAudio; C:\Windows\SysWow64\Drivers\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.) 3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.) 3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [44688 2007-05-09] (IVT Corporation.) 3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) 0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.) 0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.) 0 BTHidMgr; C:\Windows\SysWow64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.) 3 hcw72ADFilter; C:\Windows\System32\Drivers\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.) 3 hcw72ATV; C:\Windows\System32\Drivers\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.) 3 hcw72DTV; C:\Windows\System32\Drivers\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation) 3 MODEMCSA; C:\Windows\System32\Drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation) 3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [632704 2007-06-28] (Syntek) 3 TridVid; C:\Windows\System32\Drivers\TridVid.sys [159232 2007-04-09] (Trident Multimedia Technologies Co.,Ltd) 3 TridVidx64; C:\Windows\System32\Drivers\TridVidx64.sys [207488 2007-07-31] (Trident Multimedia Technologies Co.,Ltd) 3 ubohci; C:\Windows\System32\Drivers\ubohci.sys [132608 2009-03-27] (Unibrain S.A.) 2 ubsbm; C:\Windows\System32\Drivers\ubsbm.sys [24064 2009-03-27] () 2 ubumapi; C:\Windows\System32\Drivers\ubumapi.sys [92160 2009-03-27] () 3 VComm; C:\Windows\System32\Drivers\VComm.sys [47120 2007-03-05] (IVT Corporation.) 3 VComm; C:\Windows\SysWow64\Drivers\VComm.sys [47120 2007-03-05] (IVT Corporation.) 3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.) 3 VcommMgr; C:\Windows\SysWow64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.) 2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-11-18 08:01 - 2012-11-18 08:01 - 00000000 ____D C:\FRST 2012-11-17 18:30 - 2012-11-17 18:30 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-17 16:57 - 2012-11-17 16:57 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-17 16:57 - 2012-11-17 16:57 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Malwarebytes 2012-11-17 16:57 - 2012-11-17 16:57 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-11-17 16:57 - 2012-11-17 16:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-17 16:57 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-11-17 08:07 - 2012-11-18 06:07 - 00150016 ____A C:\Users\Cameron\AppData\Roaming\Msyitwgeawcb.exe 2012-11-17 08:03 - 2012-11-18 07:28 - 00150016 ____A C:\Users\All Users\Msyitwgeawcb.exe 2012-11-17 08:03 - 2012-11-18 07:10 - 00150016 ____A C:\Users\Cameron\AppData\Local\Msyitwgeawcb.exe 2012-11-17 07:11 - 2012-11-17 07:11 - 00000481 ____A C:\Windows\SynInst.log 2012-11-16 07:08 - 2012-11-17 07:08 - 00000000 ____D C:\Users\All Users\blekko toolbars 2012-11-16 06:14 - 2012-11-16 07:01 - 817480974 ____A C:\Users\Cameron\Documents\Megastructures. Megaship _ 720p _ NatGeo(iphone).mp4 2012-11-16 06:14 - 2012-11-16 06:43 - 521988973 ____A C:\Users\Cameron\Documents\MegaStructures - Boeing 747 Breakdown - HD - P1 of 2(iphone).mp4 2012-11-15 20:10 - 2012-11-15 20:45 - 201476098 ____A C:\Users\Cameron\Documents\~yt2CC6.tmp 2012-11-15 20:06 - 2012-11-15 20:45 - 119253521 ____A C:\Users\Cameron\Documents\~ytFD1A.tmp 2012-11-15 19:55 - 2012-11-15 20:10 - 133494619 ____A C:\Users\Cameron\Documents\MegaStructures - Boeing 747 Breakdown - HD - P1 of 2.mp4 2012-11-15 19:33 - 2012-11-15 20:45 - 262787262 ____A C:\Users\Cameron\Documents\~yt4897.tmp 2012-11-15 19:33 - 2012-11-15 20:06 - 135879258 ____A C:\Users\Cameron\Documents\NatGeo Megastructures - Channel Tunnel.mp4 2012-11-15 19:30 - 2012-11-15 19:55 - 205388538 ____A C:\Users\Cameron\Documents\Megastructures. Megaship _ 720p _ NatGeo.mp4 2012-11-15 19:27 - 2012-11-15 19:27 - 00001057 ____A C:\Users\Public\Desktop\YTD Video Downloader.lnk 2012-11-15 19:27 - 2012-11-15 19:27 - 00000000 ____D C:\Users\All Users\YTD Video Downloader 2012-11-14 07:11 - 2012-11-14 07:11 - 00017060 ____A C:\Users\Cameron\Desktop\hs_err_pid7764.log 2012-11-08 06:00 - 2012-11-08 05:59 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2012-11-07 06:42 - 2012-11-17 07:05 - 00023030 ____A C:\Users\Cameron\Documents\Health Tracking.xlsx 2012-10-28 10:34 - 2012-10-28 10:38 - 00000000 ____D C:\Users\Cameron\Documents\RealFlight 6 Demo 2012-10-28 10:32 - 2012-10-28 10:34 - 00000000 ____D C:\Program Files (x86)\RealFlight 6 Demo 2012-10-28 10:32 - 2012-10-28 10:32 - 00002081 ____A C:\Users\Cameron\Desktop\Launch RealFlight 6 Demo.lnk 2012-10-28 10:03 - 2012-10-28 10:32 - 00000000 ____D C:\Users\Cameron\Desktop\AeroFly 2012-10-28 09:12 - 2012-10-28 09:12 - 00002565 ____A C:\Users\Public\Desktop\ClearView1.lnk 2012-10-28 09:12 - 2012-10-28 09:12 - 00002565 ____A C:\Users\Public\Desktop\ClearView.lnk 2012-10-28 09:12 - 2012-10-28 09:12 - 00000000 ____D C:\ClearViewRC 2012-10-22 05:15 - 2012-10-22 05:15 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar 2012-10-22 05:15 - 2012-10-22 05:15 - 00000000 ____D C:\Program Files (x86)\Application Updater ==================== One Month Modified Files and Folders ======= 2012-11-18 08:01 - 2012-11-18 08:01 - 00000000 ____D C:\FRST 2012-11-18 07:28 - 2012-11-17 08:03 - 00150016 ____A C:\Users\All Users\Msyitwgeawcb.exe 2012-11-18 07:16 - 2009-07-13 21:13 - 00784218 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-18 07:10 - 2012-11-17 08:03 - 00150016 ____A C:\Users\Cameron\AppData\Local\Msyitwgeawcb.exe 2012-11-18 07:10 - 2010-07-01 15:25 - 00065536 _____ C:\Windows\System32\Ikeext.etl 2012-11-18 06:07 - 2012-11-17 08:07 - 00150016 ____A C:\Users\Cameron\AppData\Roaming\Msyitwgeawcb.exe 2012-11-17 21:56 - 2010-12-30 07:45 - 00001477 ____A C:\Users\Public\Documents\AcPro7_0_0.ini 2012-11-17 21:56 - 2010-12-30 07:45 - 00000095 ____A C:\Users\Public\Documents\AcPro7_0_0.sta 2012-11-17 21:54 - 2010-06-26 16:18 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-11-17 21:53 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-17 21:53 - 2009-07-13 20:51 - 00750783 ____A C:\Windows\setupact.log 2012-11-17 21:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing 2012-11-17 21:41 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-17 21:41 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-17 21:30 - 2012-04-04 05:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-11-17 20:46 - 2010-07-29 12:46 - 00000000 ____D C:\Windows\System32\Drivers\Avg 2012-11-17 18:30 - 2012-11-17 18:30 - 00000000 ____D C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2012-11-17 16:57 - 2012-11-17 16:57 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-17 16:57 - 2012-11-17 16:57 - 00000000 ____D C:\Users\Cameron\AppData\Roaming\Malwarebytes 2012-11-17 16:57 - 2012-11-17 16:57 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-11-17 16:57 - 2012-11-17 16:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-17 10:31 - 2010-07-01 14:52 - 00000000 ____D C:\Users\All Users\PC Suite 2012-11-17 08:06 - 2010-06-26 16:18 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-11-17 07:13 - 2010-05-28 17:53 - 00267564 ____A C:\Windows\PFRO.log 2012-11-17 07:11 - 2012-11-17 07:11 - 00000481 ____A C:\Windows\SynInst.log 2012-11-17 07:08 - 2012-11-16 07:08 - 00000000 ____D C:\Users\All Users\blekko toolbars 2012-11-17 07:05 - 2012-11-07 06:42 - 00023030 ____A C:\Users\Cameron\Documents\Health Tracking.xlsx 2012-11-16 07:01 - 2012-11-16 06:14 - 817480974 ____A C:\Users\Cameron\Documents\Megastructures. Megaship _ 720p _ NatGeo(iphone).mp4 2012-11-16 06:43 - 2012-11-16 06:14 - 521988973 ____A C:\Users\Cameron\Documents\MegaStructures - Boeing 747 Breakdown - HD - P1 of 2(iphone).mp4 2012-11-15 20:45 - 2012-11-15 20:10 - 201476098 ____A C:\Users\Cameron\Documents\~yt2CC6.tmp 2012-11-15 20:45 - 2012-11-15 20:06 - 119253521 ____A C:\Users\Cameron\Documents\~ytFD1A.tmp 2012-11-15 20:45 - 2012-11-15 19:33 - 262787262 ____A C:\Users\Cameron\Documents\~yt4897.tmp 2012-11-15 20:10 - 2012-11-15 19:55 - 133494619 ____A C:\Users\Cameron\Documents\MegaStructures - Boeing 747 Breakdown - HD - P1 of 2.mp4 2012-11-15 20:06 - 2012-11-15 19:33 - 135879258 ____A C:\Users\Cameron\Documents\NatGeo Megastructures - Channel Tunnel.mp4 2012-11-15 19:55 - 2012-11-15 19:30 - 205388538 ____A C:\Users\Cameron\Documents\Megastructures. Megaship _ 720p _ NatGeo.mp4 2012-11-15 19:27 - 2012-11-15 19:27 - 00001057 ____A C:\Users\Public\Desktop\YTD Video Downloader.lnk 2012-11-15 19:27 - 2012-11-15 19:27 - 00000000 ____D C:\Users\All Users\YTD Video Downloader 2012-11-15 19:27 - 2011-07-28 20:44 - 00000000 ____D C:\Users\All Users\YouTube Downloader 2012-11-15 19:27 - 2011-07-28 20:44 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader 2012-11-15 06:47 - 2010-12-23 17:15 - 00000000 ____D C:\Users\Cameron\Desktop\Grandpa 2012-11-14 07:11 - 2012-11-14 07:11 - 00017060 ____A C:\Users\Cameron\Desktop\hs_err_pid7764.log 2012-11-09 20:00 - 2010-06-09 02:59 - 01375177 ____A C:\Windows\WindowsUpdate.log 2012-11-09 06:58 - 2011-05-02 10:10 - 00000000 ____D C:\Users\Cameron\Desktop\Houseboats 2012-11-08 06:01 - 2012-06-13 04:57 - 00000000 ____D C:\Users\Cameron\AppData\Local\AVG Secure Search 2012-11-08 06:01 - 2011-12-08 06:15 - 00000000 ____D C:\Users\All Users\AVG Secure Search 2012-11-08 06:00 - 2011-12-08 06:15 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search 2012-11-08 05:59 - 2012-11-08 06:00 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys 2012-10-28 21:09 - 2010-07-29 16:20 - 00000000 ____D C:\Users\Cameron\AppData\Local\CrashDumps 2012-10-28 10:38 - 2012-10-28 10:34 - 00000000 ____D C:\Users\Cameron\Documents\RealFlight 6 Demo 2012-10-28 10:34 - 2012-10-28 10:32 - 00000000 ____D C:\Program Files (x86)\RealFlight 6 Demo 2012-10-28 10:34 - 2010-11-04 20:23 - 00002307 ____A C:\Windows\DXError.log 2012-10-28 10:34 - 2010-05-28 17:41 - 00312542 ____A C:\Windows\DirectX.log 2012-10-28 10:32 - 2012-10-28 10:32 - 00002081 ____A C:\Users\Cameron\Desktop\Launch RealFlight 6 Demo.lnk 2012-10-28 10:32 - 2012-10-28 10:03 - 00000000 ____D C:\Users\Cameron\Desktop\AeroFly 2012-10-28 10:30 - 2010-05-28 17:34 - 00000000 ____D C:\Windows\Downloaded Installations 2012-10-28 09:12 - 2012-10-28 09:12 - 00002565 ____A C:\Users\Public\Desktop\ClearView1.lnk 2012-10-28 09:12 - 2012-10-28 09:12 - 00002565 ____A C:\Users\Public\Desktop\ClearView.lnk 2012-10-28 09:12 - 2012-10-28 09:12 - 00000000 ____D C:\ClearViewRC 2012-10-28 08:18 - 2010-07-02 10:53 - 00000000 ____D C:\Program Files (x86)\IPACS 2012-10-28 07:39 - 2010-10-30 09:38 - 00000249 ____A C:\Windows\emug3.ini 2012-10-28 07:38 - 2010-10-30 08:52 - 00000000 ____D C:\Program Files (x86)\RealFlightG3 2012-10-28 07:30 - 2010-05-28 17:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2012-10-28 07:08 - 2012-02-26 04:46 - 00000000 ____D C:\Users\Cameron\Desktop\Games 2012-10-24 05:19 - 2011-11-09 20:43 - 00000000 ____D C:\Users\Cameron\AppData\Local\Akamai 2012-10-22 05:15 - 2012-10-22 05:15 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar 2012-10-22 05:15 - 2012-10-22 05:15 - 00000000 ____D C:\Program Files (x86)\Application Updater ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-10-28 07:30:25 Restore point made on: 2012-10-28 08:06:29 Restore point made on: 2012-10-28 08:16:24 Restore point made on: 2012-10-28 08:18:20 Restore point made on: 2012-10-28 08:23:39 Restore point made on: 2012-10-28 08:30:29 Restore point made on: 2012-10-28 09:11:55 Restore point made on: 2012-10-28 10:32:11 Restore point made on: 2012-10-28 10:33:58 Restore point made on: 2012-11-05 06:16:41 Restore point made on: 2012-11-12 19:26:34 Restore point made on: 2012-11-17 07:09:51 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4026.68 MB Available physical RAM: 3390.58 MB Total Pagefile: 4024.82 MB Available Pagefile: 3375.06 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Partitions ============================= 1 Drive c: (TI105835W0N) (Fixed) (Total:486.42 GB) (Free:270.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (XP Pro) (Fixed) (Total:97.66 GB) (Free:88.23 GB) NTFS 3 Drive e: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive g: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 1024 KB Disk 1 Online 495 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 486 GB 1501 MB Partition 0 Extended 97 GB 487 GB Partition 4 Logical 97 GB 487 GB Partition 3 Primary 10 GB 585 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E System NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI105835W0N NTFS Partition 486 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D XP Pro NTFS Partition 97 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 495 MB 0 B ================================================================================== Disk: 1 There is no partition selected. There is no partition selected. Please select a partition and try again. ========================================================= Last Boot: 2012-11-15 05:34 ==================== End Of Log =============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.