Jump to content

Recommended Posts

https://forums.malwarebytes.org/index.php?showtopic=134417

 

I have the exact same problem as this post.

 

The screen is black, except for the cursor.

Boot screens seem fine, but as soon as windows starts up, it's blank screen time.

 

I cannot reach any form of safe mode.

When I tried to use my Windows 7 disk it offered no recovery options.

 

With my Windows 7 Recovery disk I was able to reach a command prompt.

 

First I followed the instruction

chkdsk C: /f /r /x

 

Then I ran the Farbar Recovery Scan tool

Here is my result.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by SYSTEM on MININT-3APNJEO on 24-03-2014 19:41:03
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2014-01-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [bingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2357984 2014-02-20] (Microsoft Corp.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2013-12-18] (Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKU\nzomo\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\nzomo\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHQA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\nzomo\...\Run: [Advanced SystemCare 7] - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2285344 2013-12-09] (IObit)

==================== Services (Whitelisted) =================

S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173280 2014-02-20] (Microsoft Corp.)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S4 MSiSCSI; C:\Windows\system32\iscsiexe.dll [0 2009-07-13] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-12-18] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 ALSysIO; \??\C:\Users\nzomo\AppData\Local\Temp\ALSysIO64.sys [X]
S4 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-24 19:40 - 2014-03-24 19:41 - 00000000 ____D () C:\FRST
2014-03-23 23:45 - 2014-03-23 23:45 - 00000000 __SHD () C:\found.001
2014-03-23 22:39 - 2014-03-23 22:40 - 00451080 _____ () C:\Windows\Minidump\032414-16005-01.dmp
2014-03-20 09:24 - 2014-03-20 09:24 - 00455152 _____ () C:\Windows\Minidump\032014-39655-01.dmp
2014-03-19 21:05 - 2014-03-19 21:05 - 00000000 _____ () C:\Windows\Minidump\032014-18345-01.dmp
2014-03-17 15:44 - 2014-03-17 15:44 - 00274672 _____ () C:\Windows\Minidump\031714-39515-01.dmp
2014-03-12 06:02 - 2014-03-12 06:02 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 04:48 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-12 04:48 - 2014-02-28 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-12 04:48 - 2014-02-28 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-03-12 04:48 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-12 04:48 - 2014-02-28 20:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-12 04:48 - 2014-02-28 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-03-12 04:48 - 2014-02-28 20:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-12 04:48 - 2014-02-28 20:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-12 04:48 - 2014-02-28 20:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-12 04:48 - 2014-02-28 20:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-12 04:48 - 2014-02-28 20:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-03-12 04:48 - 2014-02-28 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-03-12 04:48 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 04:48 - 2014-02-28 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-12 04:48 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-12 04:48 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 04:48 - 2014-02-28 20:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-12 04:48 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-12 04:48 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 04:48 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 04:48 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 04:48 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 04:48 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 04:48 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-12 04:48 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 04:48 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 04:48 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 04:48 - 2014-02-28 19:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-12 04:48 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-12 04:48 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 04:48 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 04:48 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-12 04:48 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 04:48 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 04:48 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 04:48 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-12 04:48 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 04:48 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 04:48 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-03-12 04:48 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 04:48 - 2014-02-06 17:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-12 04:48 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-12 04:48 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 04:48 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2014-03-12 04:47 - 2014-02-03 18:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-03-12 04:47 - 2014-02-03 18:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-12 04:47 - 2014-02-03 18:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 04:47 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 21:04 - 2014-03-11 21:05 - 33108116 _____ () C:\Users\nzomo\Desktop\trayvon2nzomo.wav
2014-03-11 20:50 - 2014-03-11 20:50 - 45480240 _____ () C:\Users\nzomo\Desktop\trayvon01.wav
2014-03-02 19:33 - 2014-03-02 19:33 - 01228854 _____ () C:\Users\nzomo\Desktop\Grabbed Frame 4.bmp
2014-02-24 21:04 - 2014-02-24 21:05 - 00274728 _____ () C:\Windows\Minidump\022514-23244-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-24 19:41 - 2014-03-24 19:40 - 00000000 ____D () C:\FRST
2014-03-23 23:45 - 2014-03-23 23:45 - 00000000 __SHD () C:\found.001
2014-03-23 22:40 - 2014-03-23 22:39 - 00451080 _____ () C:\Windows\Minidump\032414-16005-01.dmp
2014-03-23 22:39 - 2014-01-15 11:08 - 339620103 _____ () C:\Windows\MEMORY.DMP
2014-03-20 09:24 - 2014-03-20 09:24 - 00455152 _____ () C:\Windows\Minidump\032014-39655-01.dmp
2014-03-19 21:05 - 2014-03-19 21:05 - 00000000 _____ () C:\Windows\Minidump\032014-18345-01.dmp
2014-03-19 21:05 - 2014-01-15 11:08 - 00000000 ____D () C:\Windows\Minidump
2014-03-19 21:05 - 2014-01-10 10:30 - 00010996 _____ () C:\Windows\setupact.log
2014-03-19 21:04 - 2014-01-09 15:20 - 01566571 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 21:02 - 2014-01-10 16:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-19 20:36 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-03-19 20:35 - 2014-01-09 16:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 19:57 - 2014-01-09 15:22 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-03-19 19:57 - 2014-01-09 15:22 - 00000349 _____ () C:\ProgramData\Documents\PCLECHAL.INI
2014-03-19 18:35 - 2014-01-09 16:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 09:56 - 2014-01-14 22:49 - 00000000 ____D () C:\Users\nzomo\AppData\Local\CrashDumps
2014-03-19 06:39 - 2009-07-13 20:45 - 00023568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 06:39 - 2009-07-13 20:45 - 00023568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 06:38 - 2009-07-13 21:13 - 00781782 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-19 06:32 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 18:18 - 2014-01-10 19:46 - 00006656 _____ () C:\Users\nzomo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-17 15:44 - 2014-03-17 15:44 - 00274672 _____ () C:\Windows\Minidump\031714-39515-01.dmp
2014-03-15 08:40 - 2014-01-09 16:47 - 00002188 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 08:40 - 2014-01-09 16:47 - 00002188 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-03-12 23:22 - 2014-01-09 17:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 23:22 - 2014-01-09 17:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 23:22 - 2009-07-13 20:45 - 00431560 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-12 06:02 - 2014-03-12 06:02 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 06:02 - 2014-01-10 16:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 06:02 - 2014-01-10 16:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 06:02 - 2014-01-10 10:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:05 - 2014-03-11 21:04 - 33108116 _____ () C:\Users\nzomo\Desktop\trayvon2nzomo.wav
2014-03-11 20:50 - 2014-03-11 20:50 - 45480240 _____ () C:\Users\nzomo\Desktop\trayvon01.wav
2014-03-11 15:06 - 2014-01-09 13:31 - 00002210 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-03-11 15:06 - 2014-01-09 13:31 - 00002210 _____ () C:\ProgramData\Desktop\Advanced SystemCare 7.lnk
2014-03-02 19:33 - 2014-03-02 19:33 - 01228854 _____ () C:\Users\nzomo\Desktop\Grabbed Frame 4.bmp
2014-02-28 22:05 - 2014-03-12 04:48 - 23133696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-28 21:17 - 2014-03-12 04:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-28 21:16 - 2014-03-12 04:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-28 20:58 - 2014-03-12 04:48 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-28 20:52 - 2014-03-12 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-28 20:51 - 2014-03-12 04:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-28 20:42 - 2014-03-12 04:48 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-28 20:40 - 2014-03-12 04:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-28 20:37 - 2014-03-12 04:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-28 20:33 - 2014-03-12 04:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-28 20:33 - 2014-03-12 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-28 20:32 - 2014-03-12 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-28 20:30 - 2014-03-12 04:48 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 20:23 - 2014-03-12 04:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-02-28 20:17 - 2014-03-12 04:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-28 20:11 - 2014-03-12 04:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 20:02 - 2014-03-12 04:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-28 19:54 - 2014-03-12 04:48 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-28 19:52 - 2014-03-12 04:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 19:51 - 2014-03-12 04:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 19:47 - 2014-03-12 04:48 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 19:43 - 2014-03-12 04:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 19:43 - 2014-03-12 04:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 19:42 - 2014-03-12 04:48 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-28 19:40 - 2014-03-12 04:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 19:38 - 2014-03-12 04:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 19:37 - 2014-03-12 04:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 19:35 - 2014-03-12 04:48 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-28 19:18 - 2014-03-12 04:48 - 13051904 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-28 19:16 - 2014-03-12 04:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 19:14 - 2014-03-12 04:48 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 19:10 - 2014-03-12 04:48 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-28 19:03 - 2014-03-12 04:48 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 19:00 - 2014-03-12 04:48 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 18:57 - 2014-03-12 04:48 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 18:38 - 2014-03-12 04:48 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-28 18:32 - 2014-03-12 04:48 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 18:27 - 2014-03-12 04:48 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 18:25 - 2014-03-12 04:48 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-28 18:25 - 2014-03-12 04:48 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-24 21:05 - 2014-02-24 21:04 - 00274728 _____ () C:\Windows\Minidump\022514-23244-01.dmp
2014-02-24 21:04 - 2014-01-10 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-22 09:15 - 2014-01-10 17:44 - 00154624 ____H () C:\Users\nzomo\Desktop\~WRL2845.tmp

Some content of TEMP:
====================
C:\Users\nzomo\AppData\Local\Temp\COIOSHelper.dll
C:\Users\nzomo\AppData\Local\Temp\DSETUP.dll
C:\Users\nzomo\AppData\Local\Temp\dsetup32.dll
C:\Users\nzomo\AppData\Local\Temp\DXSETUP.exe
C:\Users\nzomo\AppData\Local\Temp\google_toolbar_installer.exe
C:\Users\nzomo\AppData\Local\Temp\ShellLink.dll
C:\Users\nzomo\AppData\Local\Temp\uninstall.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8185.49 MB
Available physical RAM: 7351.77 MB
Total Pagefile: 8183.64 MB
Available Pagefile: 7351.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (nzomo) (Fixed) (Total:931.51 GB) (Free:613.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive e: (Lexar) (Removable) (Total:7.47 GB) (Free:7.4 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8F9AEECA)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.

LastRegBack: 2014-03-11 17:23

==================== End Of Log ============================

Link to post
Share on other sites

Kaspersky rescue disk would boot from DVD drive.

I used Graphic mode.

It came up and told me that the system hadn't been shut down properly, and mounting the disk could cause corruption.

Did I want to reboot.

I said yes.

When it came back up with the same warning, I said skip.

The program couldn't find the hard disk at all, and only scanned it's own memory for virus.

Link to post
Share on other sites

Ran chkdsk.

No problems.

Said cant write messages to event log error 50.

I was able to xcopy the user files off the drive.

 

I think I will have to hit the drive with a hammer til it is dead.

The infection seems to be hidden in some interstitial space that logs don't show.

 

Black screen with cursor, no task manager, no safe mode, no repair, no restore point.

 

willing to play along if anybody wants to explore this mess, but I suspect the owner installed a poisoned copy of Tor privacy browser, and if I simply reformat this drive it would be permanently backdoored in some quiet way.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.