Jump to content

Win7 Load w black screen and mouse cursor only

AdrosV

By AdrosV
in Resolved Malware Removal Logs

 Share

Recommended Posts

AdrosV

AdrosV

Posted
Posted

Dear first of all I introduce myself, my name is Juan M and as I think the majority gave the forum because I have a problem.
So, thank you in advance for your help.
I do not think it's new for you, so I'm an expert on the subject, but I'm almost 40 years old. I'm pretty rusty in dealing with new virus technologies and gral faults .... in DOS I had it tied !!! Hahaha

I tell you, the problem is that when windows 7 ultimate, load the logo but it does not reach the screen of users to login, only shows the black screen with the mouse pointer not responding to any key or command.
i try  almost everything I had within reach of my old knowledge.
Restoration, repair, ati virus, regenerated HDD, and reading a lotI found that the most feasible is that i have a rootkit, or malware of that style. I saw many coincidences in similar cases. But no automatic tool worked.
And the reality is that with the urgency of almost escapes the scripting of the far bar, so I ask your help for the case.

I copied the scan and was grateful again.

=======

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by SYSTEM on MININT-JJBAO6C (27-08-2017 15:15:47)
Running from E:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2015-10-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-09-24] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-30] (Raptr, Inc)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1053144 2017-06-07] (DivX, LLC)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2016-09-18] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-09-14] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-11-26] (Oracle Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-2515516240-1601857838-364683336-1004\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-2515516240-1601857838-364683336-1003\User: Restriction <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-10-11] (Advanced Micro Devices, Inc.)
S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2016-02-29] (Autodesk, Inc.)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-09-24] (Comodo Security Solutions, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-07-22] (Disc Soft Ltd)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2016-09-14] (Seiko Epson Corporation)
S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-09-24] (Comodo Security Solutions, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-23] (Microsoft Corporation)
S2 ChromodoUpdater; "C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe" [X]
S2 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]
S3 cmdvirth; "C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe" [X]
S2 DragonUpdater; "C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe" [X]
S2 isesrv; "C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe" -service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-12-02] (AppEx Networks Corporation)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31664 2017-05-31] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [849248 2017-05-31] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [57504 2017-05-31] (COMODO)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-07-22] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-07-22] (Disc Soft Ltd)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [122520 2017-06-07] (COMODO)
S1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-07-05] (COMODO)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdhub30.sys 4E2B94939B26E71D6EF309207548FBBD
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys C393D18B9B74D08775890BA4E588D95A
C:\Windows\System32\DRIVERS\atikmpag.sys 1E2E0FD45B2F9ADD2E5A5125D44F9BCE
C:\Windows\System32\DRIVERS\amdkmpfd.sys 3F11DB5FF2B4E52CA4B5979A37B97A6F
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amdxhc.sys 8E35BD0496C98E3DADC21A70200D4D91
C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\Windows\system32\drivers\appid.sys 52F8C264D3BF90D2726FDE6642A381D4
C:\Windows\System32\DRIVERS\appexDrv.sys CF6E96336D3B247AB48F28CC570B83D8
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 956BC6EB96AA09478BD897AF8DF55A62
C:\Windows\System32\drivers\AtihdW76.sys 80AA9265E820A8667EDEF731E31335B6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys D08231FC21EECA97145A771ACD3EF656
C:\Windows\System32\DRIVERS\cmdguard.sys 2B08A30A06400FB8587E032936F15A7B
C:\Windows\System32\DRIVERS\cmdhlp.sys 796387085316FCA66CD8E618D1A32057
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\DRIVERS\dtlitescsibus.sys 679FF716052109392D870F6A6C4A3535
C:\Windows\System32\DRIVERS\dtliteusbbus.sys E23FDD696839A4790682CA66C48D3F2F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 24073AED96C1A02E94349A332E9DE1D9
C:\Windows\System32\drivers\RTKVHD64.sys 44ED7064A8CFF33E6D2BCC81412145F7
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\system32\drivers\isedrv.sys F8B301827C97ED6934B357075E420AEA
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys EB7BB4F58971F4FE099B3CE127346563
C:\Windows\System32\Drivers\ksecpkg.sys 6EBBA531A455E8F1092FD530A8682A97
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 341C65D6D4E9AB705258AC83511F7ADD
C:\Windows\System32\DRIVERS\mrxsmb10.sys F93EDDF0B69760456C6E0D73405AC078
C:\Windows\System32\DRIVERS\mrxsmb20.sys A558D659B722FE5FB8C6E1BF288F7316
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D
C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys D34789988234DCC8FA55FA9A485AF0EC
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 5A4AC5D05A7C97C68596416C05D6F2B4
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-27 15:18 - 2017-08-27 15:18 - 000000000 ____D C:\WindowsImageBackup
2017-08-27 15:09 - 2015-08-24 19:40 - 000008192 __RSH C:\BOOTSECT.BAK
2017-08-27 00:09 - 2010-11-21 04:23 - 000383786 __RSH C:\bootmgr
2017-08-26 23:43 - 2017-08-26 23:43 - 000000000 ____D C:\Program Files\Sophos
2017-08-26 22:29 - 2017-08-26 22:30 - 000000000 ____D C:\cce_linux
2017-08-26 21:29 - 2017-08-26 21:47 - 000000000 ____D C:\TMRescueDisk
2017-08-26 21:05 - 2017-08-27 15:15 - 000000000 ____D C:\FRST
2017-08-26 15:00 - 2017-08-27 14:51 - 000000000 ____D C:\TEMP1
2017-08-25 02:16 - 2017-08-27 18:38 - 000914288 _____ C:\Windows\ntbtlog.txt
2017-08-23 21:35 - 2017-08-23 21:35 - 000002206 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-08-23 21:35 - 2017-08-23 21:35 - 000002206 _____ C:\ProgramData\Desktop\Google Earth Pro.lnk
2017-08-21 19:55 - 2017-08-21 19:55 - 000000000 ____D C:\Users\Oriana\Documents\ONU
2017-08-21 19:35 - 2017-08-22 21:53 - 000000000 ____D C:\Users\Oriana\Downloads\trabajos
2017-08-16 17:52 - 2017-08-16 18:45 - 001657658 _____ C:\Users\Oriana\Documents\Music History.pptx
2017-08-13 01:00 - 2017-08-13 01:00 - 000007060 _____ C:\Users\Afip_Empresas\Downloads\afip_presentacion_cuit_30696393466_f715_nrotransaccion_561891402.pdf
2017-08-13 01:00 - 2017-08-13 01:00 - 000005058 _____ C:\Users\Afip_Empresas\Downloads\afip_presentacion_cuit_30696393466_f713_nrotransaccion_561891379.pdf
2017-08-13 00:08 - 2017-08-13 00:10 - 000000000 ____D C:\Users\Afip_Empresas\Downloads\gmp-v900-r2-Master2
2017-08-13 00:08 - 2017-08-13 00:08 - 001230244 _____ C:\Users\Afip_Empresas\Downloads\gmp-v900-r2-Master2.zip
2017-08-13 00:08 - 2017-08-13 00:08 - 000002727 _____ C:\Windows\ST5UNST.003
2017-08-12 23:55 - 2017-08-12 23:55 - 000000000 ____D C:\Users\Afip_Empresas\Downloads\GPJ-v1500-r0-Master2
2017-08-12 23:53 - 2017-08-12 23:54 - 010825837 _____ C:\Users\Afip_Empresas\Downloads\GPJ-v1500-r0-Master2.zip
2017-08-12 23:47 - 2017-08-12 23:47 - 000004248 _____ C:\Users\Afip_Empresas\Downloads\MisRetencionesImpositivasParaAplicativo.txt
2017-08-10 02:01 - 2017-08-10 02:01 - 001700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2017-08-08 20:25 - 2017-08-21 16:18 - 004171235 _____ C:\Users\Oriana\Documents\Trabajo practico, drogas y adicciones.pptx
2017-07-22 23:32 - 2017-07-22 23:32 - 000001020 _____ C:\Windows\ST5UNST.002
2017-07-22 23:31 - 2017-07-22 23:32 - 011997764 _____ C:\Users\Lujan\Downloads\GPF-BP-v1800-r1-instalador_.zip
2017-07-15 17:42 - 2017-07-15 17:42 - 000007962 _____ C:\Users\Lujan\Downloads\F711 (2).pdf
2017-07-15 17:23 - 2017-07-15 17:23 - 000007955 _____ C:\Users\Juan\Downloads\F711.pdf
2017-07-06 19:09 - 2017-07-06 19:09 - 000013617 _____ C:\Users\Oriana\Documents\matematica excel..xlsx
2017-07-01 04:27 - 2017-07-01 04:27 - 000000000 ____D C:\Users\Juan\AppData\Local\Akamai
2017-07-01 04:26 - 2017-07-15 23:54 - 000000000 ____D C:\Users\Juan\AppData\Local\Turbine
2017-07-01 04:26 - 2017-07-10 00:03 - 000000000 ____D C:\Users\Juan\Documents\Dungeons and Dragons Online
2017-07-01 04:23 - 2017-07-01 04:23 - 000000000 ____D C:\Program Files (x86)\StandingStoneGames
2017-06-18 19:32 - 2017-07-23 19:02 - 000000000 ___RD C:\Users\Oriana\Downloads\todo para la fiesta
2017-06-18 00:15 - 2017-06-18 00:15 - 000000000 ____D C:\Users\Afip_Empresas\Downloads\BP-AyP-v4_0-r1-Master2
2017-06-18 00:07 - 2017-06-18 00:15 - 006703364 _____ C:\Users\Afip_Empresas\Downloads\BP-AyP-v4_0-r1-Master2.zip
2017-06-17 23:28 - 2017-06-17 23:28 - 000007963 _____ C:\Users\Lujan\Downloads\F711 (1).pdf
2017-06-17 23:10 - 2017-06-17 23:10 - 000143360 _____ C:\Users\Lujan\Downloads\Libro1 (2).xls
2017-06-17 23:00 - 2017-06-17 23:00 - 000007965 _____ C:\Users\Lujan\Downloads\F711.pdf
2017-06-17 22:53 - 2017-06-17 22:54 - 000011804 _____ C:\Users\Lujan\Documents\Ganancias Ma. Fernanda 2016 - Control Reg Simplificado.xlsx
2017-06-17 22:40 - 2017-06-17 22:40 - 000143360 _____ C:\Users\Lujan\Downloads\Libro1 (1).xls
2017-06-17 21:29 - 2017-06-17 21:29 - 000014487 _____ C:\Users\Lujan\Downloads\23238648904_2016_presentacion_3.pdf
2017-06-17 20:37 - 2017-06-17 20:37 - 000143360 _____ C:\Users\Lujan\Downloads\Libro1.xls
2017-06-07 18:27 - 2017-06-07 18:27 - 000039348 _____ C:\Users\Rocio\Downloads\S8-10PL.pdf
2017-06-07 18:23 - 2017-06-07 18:23 - 000174387 _____ C:\Users\Rocio\Downloads\151-578-1-PB.pdf

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-27 15:03 - 2016-04-09 20:11 - 000001324 _____ C:\Users\Afip_Empresas\Desktop\siap - Acceso directo.lnk
2017-08-27 14:13 - 2016-02-09 19:27 - 000001461 _____ C:\Users\Lujan\Desktop\siap - Acceso directo.lnk
2017-08-27 13:23 - 2015-09-24 00:38 - 000000000 ____D C:\TEMP
2017-08-26 22:31 - 2009-07-14 05:45 - 000003072 _____ C:\Windows\System32\umstartup.etl
2017-08-25 09:59 - 2015-09-24 01:46 - 000065536 _____ C:\Windows\System32\spu_storage.bin
2017-08-24 15:58 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-23 23:25 - 2015-09-24 03:24 - 001474832 _____ C:\Windows\System32\Drivers\sfi.dat
2017-08-23 23:25 - 2009-07-14 05:45 - 000028928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-23 23:25 - 2009-07-14 05:45 - 000028928 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-23 22:40 - 2015-10-12 00:29 - 000000000 ____D C:\Users\Oriana\AppData\Roaming\Raptr
2017-08-23 22:30 - 2016-09-14 03:30 - 000000911 _____ C:\Windows\Tasks\EPSON L375 Series Update {6BA75C58-CD60-4878-B9EB-A0858B761F00}.job
2017-08-23 22:16 - 2015-10-12 21:49 - 000000000 ____D C:\Users\Rocio\AppData\Roaming\Raptr
2017-08-23 21:35 - 2015-09-23 23:43 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-23 01:45 - 2015-09-24 01:35 - 000000000 ____D C:\Program Files\WarThunder
2017-08-22 21:54 - 2017-01-25 22:35 - 000000000 ___RD C:\Users\Oriana\Downloads\imagenes
2017-08-21 21:17 - 2015-10-21 00:47 - 000000000 ____D C:\Users\Lujan\AppData\Roaming\Raptr
2017-08-21 19:55 - 2016-06-01 23:31 - 000000000 ____D C:\Users\Oriana\Documents\trabajos
2017-08-20 23:54 - 2016-04-09 20:35 - 000000000 ____D C:\Users\Lujan\Documents\Gastos de la casa
2017-08-20 01:23 - 2016-08-17 00:19 - 000000000 ____D C:\Users\Juan\AppData\Roaming\TS3Client
2017-08-19 21:40 - 2016-02-03 20:03 - 000000000 ____D C:\Users\Juan\AppData\Local\Adobe
2017-08-19 21:39 - 2015-12-08 13:59 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-19 21:39 - 2015-12-08 13:59 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-19 21:39 - 2015-12-08 13:58 - 000000000 ____D C:\Windows\System32\Macromed
2017-08-19 21:39 - 2015-09-26 14:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-19 18:27 - 2016-08-17 00:18 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-08-19 18:26 - 2015-09-24 01:41 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-19 18:21 - 2015-12-11 16:53 - 000000000 ____D C:\Program Files\Core Temp
2017-08-16 17:47 - 2011-04-12 10:10 - 000746992 _____ C:\Windows\System32\perfh00A.dat
2017-08-16 17:47 - 2011-04-12 10:10 - 000158464 _____ C:\Windows\System32\perfc00A.dat
2017-08-16 17:47 - 2009-07-14 06:13 - 001675926 _____ C:\Windows\System32\PerfStringBackup.INI
2017-08-16 17:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-08-15 20:03 - 2017-05-19 19:56 - 000012288 _____ C:\Users\Oriana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-13 00:15 - 2016-04-09 20:00 - 000000000 ____D C:\Users\Afip_Empresas\AppData\Roaming\Raptr
2017-08-13 00:10 - 2016-02-09 19:23 - 000130048 _____ C:\Windows\SysWOW64\filewin2.dll
2017-08-13 00:10 - 2016-02-02 19:22 - 000072704 _____ (Microsoft Corporation) C:\Windows\ST5UNST.EXE
2017-08-12 20:07 - 2016-06-26 01:48 - 000000000 ___RD C:\Users\Maria Fernanda\Google Drive
2017-08-12 20:07 - 2016-04-24 16:07 - 000000000 ____D C:\Users\Maria Fernanda\AppData\Roaming\Raptr
2017-08-11 01:23 - 2016-03-06 03:52 - 000000000 ____D C:\Program Files (x86)\Raptr Inc
2017-08-10 16:07 - 2016-03-07 15:47 - 000000000 ____D C:\Users\Rocio\AppData\Roaming\PlaysTV
2017-08-05 12:22 - 2016-03-24 20:06 - 000000000 ____D C:\Users\Lujan\AppData\Roaming\PlaysTV

Some files in TEMP:
====================
2015-11-04 16:19 - 2015-11-04 16:19 - 218108224 _____ (SexyDoll.ru ) C:\Users\Juan\AppData\Local\Temp\ 3DGoGo2Setup.exe
2016-02-29 02:16 - 2016-02-29 01:53 - 000060296 _____ (Autodesk, Inc.) C:\Users\Juan\AppData\Local\Temp\AcDeltree.exe
2015-11-10 20:04 - 2015-12-26 15:29 - 001013744 _____ (DivX, LLC) C:\Users\Juan\AppData\Local\Temp\DivXSetup.exe
2015-10-28 15:34 - 2015-10-28 15:34 - 003864135 _____ () C:\Users\Juan\AppData\Local\Temp\Hentai 3D 2 - Cry of Pleasure.exe
2017-07-01 01:17 - 2017-07-15 18:47 - 004113960 _____ (COMODO) C:\Users\Juan\AppData\Local\Temp\ise_installer.exe
2016-08-08 01:12 - 2016-08-08 01:12 - 000741440 _____ (Oracle Corporation) C:\Users\Juan\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-11-26 02:57 - 2016-11-26 02:57 - 000737856 _____ (Oracle Corporation) C:\Users\Juan\AppData\Local\Temp\jre-8u111-windows-au.exe
2015-11-21 05:41 - 2015-11-21 05:41 - 000585824 _____ (Oracle Corporation) C:\Users\Juan\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-02-02 17:49 - 2016-02-02 17:49 - 000644704 _____ (Oracle Corporation) C:\Users\Juan\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-09 18:44 - 2016-02-09 18:44 - 000736352 _____ (Oracle Corporation) C:\Users\Juan\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-28 00:45 - 2016-03-28 00:45 - 000736320 _____ (Oracle Corporation) C:\Users\Juan\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-04-29 14:07 - 2016-04-29 14:07 - 000739904 _____ (Oracle Corporation) C:\Users\Juan\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-03-06 03:52 - 2016-03-06 03:55 - 059755648 _____ () C:\Users\Juan\AppData\Local\Temp\playstv_patch.exe
2015-10-11 01:11 - 2015-10-11 01:14 - 061015144 _____ () C:\Users\Juan\AppData\Local\Temp\raptrpatch.exe
2015-10-11 01:11 - 2015-10-11 01:11 - 000221632 _____ () C:\Users\Juan\AppData\Local\Temp\raptr_stub.exe
2015-09-30 15:26 - 2015-09-29 19:59 - 000113152 _____ (Cisco Systems, Inc.) C:\Users\Juan\AppData\Local\Temp\Relay.dll
2015-10-07 13:10 - 2015-10-07 13:15 - 250413440 _____ (AMD Inc.) C:\Users\Juan\AppData\Local\Temp\tmp561B.exe
2015-12-02 17:39 - 2015-12-02 17:52 - 263289648 _____ (AMD Inc.) C:\Users\Juan\AppData\Local\Temp\tmp849.exe
2017-04-10 01:23 - 2017-08-19 18:24 - 015301888 _____ (Microsoft Corporation) C:\Users\Juan\AppData\Local\Temp\vcredist_x64.exe
2016-07-26 13:03 - 2016-07-26 13:05 - 031717016 _____ () C:\Users\Juan\AppData\Local\Temp\vlc-2.2.4-win64.exe
2015-10-28 15:35 - 2015-10-28 15:35 - 000627119 _____ (thriXXX) C:\Users\Juan\AppData\Local\Temp\WebLaunchInstaller.exe
2017-07-06 19:08 - 2017-07-12 17:58 - 004113960 _____ (COMODO) C:\Users\Oriana\AppData\Local\Temp\ise_installer.exe
2017-04-09 20:45 - 2017-04-09 20:45 - 007153264 _____ (Spotify Ltd) C:\Users\Oriana\AppData\Local\Temp\SpotifyUninstall.exe
2015-10-10 21:39 - 2015-10-10 22:00 - 250413440 _____ (AMD Inc.) C:\Users\Oriana\AppData\Local\Temp\tmpF5D8.exe
2017-06-30 14:55 - 2017-07-14 18:10 - 004113960 _____ (COMODO) C:\Users\Rocio\AppData\Local\Temp\ise_installer.exe
2016-09-10 18:42 - 2016-09-10 18:44 - 016902144 _____ () C:\Users\Rocio\AppData\Local\Temp\SkypeSetup.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-09-17 17:14] - [2016-09-17 17:14] - 001009152 _____ (Microsoft Corporation) 8F4B991E7837E8E0F90C856659456652

C:\Windows\SysWOW64\User32.dll
[2016-09-17 17:14] - [2016-09-17 17:14] - 000833024 _____ (Microsoft Corporation) 0FBC0E335B65EE5A0175631237817510

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-08-27 15:39

==================== BCD ================================

Administrador de arranque de Windows
----------------------------------
Identificador {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale es-ES
inherit {globalsettings}
default {default}
resumeobject {c0752b37-5740-11e5-9ccd-facc076c965c}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Cargador de arranque de Windows
-----------------------------
Identificador {c0752b38-5740-11e5-9ccd-facc076c965c}
device locate=\Windows\system32\winload.exe
path \Windows\system32\winload.exe
description Windows 7
locale es-ES
inherit {bootloadersettings}
recoveryenabled No
osdevice locate=\Windows
systemroot \Windows
resumeobject {c0752b37-5740-11e5-9ccd-facc076c965c}
nx OptIn

Cargador de arranque de Windows
-----------------------------
Identificador {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7 Ultimate (recuperado) 
locale es-ES
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows

Cargador de arranque de Windows
-----------------------------
Identificador {current}
device ramdisk=[C:]\Recovery\719c2c63-6255-11e5-876f-a031d220cb5e\Winre.wim,{c0752b3d-5740-11e5-9ccd-facc076c965c}
path \windows\system32\winload.exe
description Windows Recovery Environment (recuperado) 
locale 
osdevice ramdisk=[C:]\Recovery\719c2c63-6255-11e5-876f-a031d220cb5e\Winre.wim,{c0752b3d-5740-11e5-9ccd-facc076c965c}
systemroot \windows
winpe Yes

Reanudar tras hibernaci¢n
-------------------------
Identificador {c0752b37-5740-11e5-9ccd-facc076c965c}
device locate=\Windows\system32\winresume.exe
path \Windows\system32\winresume.exe
description Windows Resume Application
locale es-ES
inherit {resumeloadersettings}
filedevice locate=\hiberfil.sys
filepath \hiberfil.sys
debugoptionenabled No

Herramienta de comprobaci¢n de memoria de Windows
-------------------------------------------------
Identificador {memdiag}
device partition=C:
path \boot\memtest.exe
description Herramienta de diagn¢stico de memoria de Windows
locale es-ES
inherit {globalsettings}
badmemoryaccess Yes

Configuraci¢n de EMS
--------------------
Identificador {emssettings}
bootems Yes

Configuraci¢n del depurador
---------------------------
Identificador {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Defectos de RAM
---------------
Identificador {badmemory}

Configuraci¢n global
--------------------
Identificador {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Configuraci¢n del cargador de arranque
------------------------------------
Identificador {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Configuraci¢n de hipervisor
-------------------
Identificador {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Reanudar la configuraci¢n del cargador
--------------------------------------
Identificador {resumeloadersettings}
inherit {globalsettings}

Opciones de dispositivo
-----------------------
Identificador {c0752b3d-5740-11e5-9ccd-facc076c965c}
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\719c2c63-6255-11e5-876f-a031d220cb5e\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 11%
Total physical RAM: 6075.82 MB
Available physical RAM: 5354.44 MB
Total Virtual: 6074.02 MB
Available Virtual: 5344.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:625.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HBCD 15_2) (Removable) (Total:3.76 GB) (Free:3.12 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7416543D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 01D52DCD)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)

LastRegBack: 2016-10-25 00:19

==================== End of FRST.txt ============================

Logically I would not bother you if I could format and install a new operating system, but I have lot information in non-back-up applications ...... My bad ... 

 

Tkns again!!

 

 

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Hi AdrosV :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Do you still need assistance with your issue?

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.