Windows critical error... restart in one minute

Inactive
By debate
Aug 5, 2012
  1. I have had this problem for about 2 months. Only happens when connected to internet.

    Windows 7 x64


    Thanks for the help
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
  3. debate

    debate Newcomer, in training Topic Starter Posts: 20

    Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by SYSTEM at 04-08-2012 23:51:02
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [413720 2010-04-21] (Intel Corporation)
    HKLM\...\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
    HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
    HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [166424 2010-04-21] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391192 2010-04-21] (Intel Corporation)
    HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [2598280 2010-06-23] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-16] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-16] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [171104 2010-06-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-12-28] (Lenovo)
    HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-03] (CyberLink Corp.)
    HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-01-08] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35184 2008-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
    HKU\guest1\...\Policies\system: [LogonHoursAction] 2
    HKU\guest1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Joe\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-20] (Google Inc.)
    HKU\Joe\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17037704 2011-03-08] (Skype Technologies S.A.)
    HKU\Joe\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\Joe\...\Run: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-03-27] (Google Inc.)
    HKU\Joe\...\Run: [chromium] C:\Users\Joe\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window [1229848 2012-07-30] (Google Inc.)
    HKU\Joe\...\Policies\system: [LogonHoursAction] 2
    HKU\Joe\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
    ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
    ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Lenovo Smile Dock.lnk
    ShortcutTarget: Lenovo Smile Dock.lnk -> C:\Program Files (x86)\DDNi\Lenovo Smile Dock\Delay.exe (Digital Delivery Networks, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinTV Recording Status..lnk
    ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)

    ==================== Services (Whitelisted) ======

    2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)
    2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [559104 2011-02-08] (Hauppauge Computer Works)
    2 lxdn_device; C:\windows\system32\lxdncoms.exe -service [1039872 2007-11-28] ( )
    2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [103472 2012-06-15] (McAfee, Inc.)
    2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    2 NitroReaderDriverReadSpool; "C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe" [341296 2011-01-14] (Nitro PDF Software)
    2 Oasis2Service; "C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe" [46080 2010-06-23] ()
    2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [345600 2010-01-14] (Pharos Systems International)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)
    2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [x]

    ========================== Drivers (Whitelisted) =============

    1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [1161376 2012-07-10] (Symantec Corporation)
    1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [167048 2011-11-04] (Symantec Corporation)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-18] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-07-19] (Symantec Corporation)
    1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120719.002\IDSvia64.sys [509088 2012-07-19] (Symantec Corporation)
    0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-07-21] (Lavasoft AB)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120719.021\ENG64.SYS [120440 2012-07-19] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120719.021\EX64.SYS [2068600 2012-07-19] (Symantec Corporation)
    3 SRTSP; C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\N360x64\0602010.005\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\N360x64\0602010.005\SYMEFA64.SYS [1092728 2011-11-23] (Symantec Corporation)
    3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-07-19] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
    1 SymNetS; C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
    3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215168 2010-03-18] (Vimicro Corporation)
    3 BcmSqlStartupSvc; [x]
    3 IGRS; [x]
    2 IviRegMgr; [x]
    3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    2 ReadyComm.DirectRouter; [x]
    2 RichVideo; [x]
    3 SQLWriter; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-04 20:07 - 2012-08-04 20:28 - 00000000 ____D C:\Windows\pss
    2012-08-04 19:59 - 2012-08-04 19:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-04 19:58 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-04 19:56 - 2012-08-04 19:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall (1).exe
    2012-08-04 19:33 - 2012-07-03 00:19 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-04 19:31 - 2012-08-04 19:32 - 17039840 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\Windows-KB890830-x64-V4.10.exe
    2012-08-04 19:31 - 2012-08-04 19:31 - 16373192 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\Windows-KB890830-V4.10.exe
    2012-08-04 19:31 - 2012-07-03 00:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-08-04 09:28 - 2012-05-31 09:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-07-31 10:30 - 2012-08-04 08:59 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2012-07-30 20:48 - 2012-07-30 20:48 - 00000170 ____A C:\Users\Joe\Desktop\stop shutdown.lnk
    2012-07-30 18:28 - 2012-08-04 19:33 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2012-07-30 14:33 - 2012-07-30 14:34 - 73231904 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\msert.exe
    2012-07-30 14:33 - 2012-07-30 14:33 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall.exe
    2012-07-20 05:50 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-20 05:50 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-20 05:50 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-20 05:50 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-20 05:50 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-20 05:50 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-20 05:50 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-20 05:50 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-20 05:50 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-20 05:50 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-20 05:50 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-20 05:50 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-20 05:50 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-20 05:50 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-20 05:50 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-20 05:50 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-20 05:50 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-20 05:50 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-20 05:50 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-20 05:50 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-20 05:50 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-20 05:50 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-20 05:50 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-20 05:50 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-20 05:50 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-20 05:50 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-20 05:50 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-20 05:50 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-19 21:33 - 2012-07-19 21:33 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2012-07-19 21:33 - 2012-07-19 21:33 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2012-07-19 21:33 - 2012-07-19 21:33 - 00000000 ____D C:\Program Files\Symantec
    2012-07-19 21:33 - 2012-07-19 21:33 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2012-07-19 21:32 - 2012-07-19 22:56 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
    2012-07-19 21:32 - 2012-07-19 22:54 - 00002420 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
    2012-07-19 21:32 - 2012-07-19 21:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
    2012-07-19 21:24 - 2012-07-19 21:24 - 00000000 ____D C:\Users\Joe\Documents\Symantec
    2012-07-19 21:19 - 2012-07-19 21:32 - 00000000 ____D C:\Users\All Users\Norton
    2012-07-19 21:19 - 2012-07-19 21:19 - 00001284 ____A C:\Users\Joe\Desktop\Norton Installation Files.lnk
    2012-07-19 21:19 - 2012-07-19 21:19 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2012-07-19 21:15 - 2012-07-19 21:15 - 00000000 ____D C:\Users\All Users\IsolatedStorage
    2012-07-19 21:10 - 2012-08-04 20:06 - 00000000 ____D C:\Users\Joe\AppData\Roaming\ID Vault
    2012-07-19 21:10 - 2012-07-19 21:53 - 00000000 ____D C:\Users\Joe\AppData\Local\ID Vault
    2012-07-19 21:10 - 2012-07-19 21:10 - 00002265 ____A C:\Users\Public\Desktop\Constant Guard.lnk
    2012-07-19 21:10 - 2012-07-19 21:10 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
    2012-07-19 21:08 - 2012-07-19 21:08 - 00000000 ____D C:\Users\All Users\White Sky, Inc
    2012-07-19 21:00 - 2012-07-19 21:00 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard (2).exe
    2012-07-19 20:58 - 2012-07-19 20:59 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard.exe
    2012-07-19 20:58 - 2012-07-19 20:58 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard (1).exe
    2012-07-19 14:31 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-07-19 14:31 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-07-19 14:31 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-07-19 14:31 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-07-19 14:31 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-07-19 14:31 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-07-19 14:30 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-07-19 14:30 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-07-19 14:30 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-07-19 14:28 - 2012-05-01 21:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-07-19 14:21 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-07-19 14:21 - 2012-04-07 04:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-07-19 14:21 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-07-19 13:48 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-07-19 13:48 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-07-19 13:48 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-07-19 13:48 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-07-16 20:55 - 2012-07-16 20:56 - 00000000 ____D C:\Program Files (x86)\GUMBFE0.tmp
    2012-07-16 20:55 - 2012-07-16 20:55 - 04024320 ____A C:\Program Files (x86)\GUTBFE1.tmp
    2012-07-16 20:54 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-07-16 20:54 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe


    ============ 3 Months Modified Files ========================

    2012-08-04 20:47 - 2011-03-27 21:10 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144747702-1964984273-1192697869-1000UA.job
    2012-08-04 20:47 - 2011-03-27 21:01 - 07328878 ____A C:\FaceProv.log
    2012-08-04 20:46 - 2011-08-27 20:46 - 00000029 ____A C:\Windows\SysWOW64\TempWmicBatchFile.bat
    2012-08-04 20:46 - 2011-05-20 22:58 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-04 20:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-04 20:45 - 2011-08-06 23:28 - 00045916 ____A C:\aaw7boot.log
    2012-08-04 20:45 - 2010-12-28 20:11 - 01228230 ____A C:\Windows\WindowsUpdate.log
    2012-08-04 20:45 - 2009-07-13 20:51 - 00049849 ____A C:\Windows\setupact.log
    2012-08-04 20:16 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-04 20:16 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-04 20:09 - 2009-07-13 21:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-04 19:56 - 2012-08-04 19:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall (1).exe
    2012-08-04 19:52 - 2011-05-20 22:58 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-04 19:32 - 2012-08-04 19:31 - 17039840 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\Windows-KB890830-x64-V4.10.exe
    2012-08-04 19:31 - 2012-08-04 19:31 - 16373192 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\Windows-KB890830-V4.10.exe
    2012-08-04 14:37 - 2011-03-27 21:10 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144747702-1964984273-1192697869-1000Core.job
    2012-08-04 09:49 - 2011-05-20 22:59 - 00002405 ____A C:\Users\Joe\Desktop\Google Chrome.lnk
    2012-08-04 08:59 - 2012-07-31 10:30 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2012-08-04 08:44 - 2011-08-11 22:15 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-08-04 08:44 - 2011-08-11 22:15 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-07-30 20:48 - 2012-07-30 20:48 - 00000170 ____A C:\Users\Joe\Desktop\stop shutdown.lnk
    2012-07-30 20:31 - 2011-03-27 14:57 - 00246840 ____A C:\Windows\PFRO.log
    2012-07-30 14:34 - 2012-07-30 14:33 - 73231904 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\msert.exe
    2012-07-30 14:33 - 2012-07-30 14:33 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall.exe
    2012-07-30 13:48 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-19 22:54 - 2012-07-19 21:32 - 00002420 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
    2012-07-19 21:33 - 2012-07-19 21:33 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2012-07-19 21:33 - 2012-07-19 21:33 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2012-07-19 21:19 - 2012-07-19 21:19 - 00001284 ____A C:\Users\Joe\Desktop\Norton Installation Files.lnk
    2012-07-19 21:10 - 2012-07-19 21:10 - 00002265 ____A C:\Users\Public\Desktop\Constant Guard.lnk
    2012-07-19 21:00 - 2012-07-19 21:00 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard (2).exe
    2012-07-19 20:59 - 2012-07-19 20:58 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard.exe
    2012-07-19 20:58 - 2012-07-19 20:58 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard (1).exe
    2012-07-16 20:55 - 2012-07-16 20:55 - 04024320 ____A C:\Program Files (x86)\GUTBFE1.tmp
    2012-07-03 00:19 - 2012-08-04 19:33 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-03 00:13 - 2012-08-04 19:31 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-06-09 10:01 - 2012-06-08 19:33 - 00011697 ____A C:\Users\Joe\Desktop\Graduation.xlsx
    2012-06-02 14:19 - 2012-07-19 13:48 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-07-19 13:48 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-07-19 13:48 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:15 - 2012-07-19 13:48 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 12:19 - 2012-07-16 20:54 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-07-16 20:54 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-20 05:50 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-20 05:50 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-20 05:50 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-20 05:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-20 05:50 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-20 05:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-20 05:50 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-20 05:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-20 05:50 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-20 05:50 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-20 05:50 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-20 05:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-20 05:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-20 05:50 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-20 05:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-20 05:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-20 05:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-20 05:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-20 05:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-20 05:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-20 05:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-20 05:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-20 05:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-20 05:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-20 05:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-20 05:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-20 05:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-20 05:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 12:18 - 2012-06-01 12:18 - 00021504 ____A C:\Users\Joe\Downloads\project4-spreadsheet (1).xls
    2012-06-01 12:15 - 2012-06-01 12:15 - 00021504 ____A C:\Users\Joe\Downloads\project4-spreadsheet.xls
    2012-06-01 11:36 - 2012-06-01 11:36 - 00051491 ____A C:\Users\Joe\Downloads\project-A1-jim-janossy.zip
    2012-05-31 16:52 - 2012-05-31 16:52 - 00003336 ____A C:\Users\Joe\Downloads\e353481361384841.ics
    2012-05-31 09:25 - 2012-08-04 09:28 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-29 15:21 - 2012-05-29 15:21 - 00002512 ____A C:\Users\Joe\Downloads\e225484284235751.ics
    2012-05-29 15:17 - 2012-05-29 15:17 - 00004447 ____A C:\Users\Joe\Downloads\e246946508739819.ics
    2012-05-29 14:49 - 2012-05-29 14:48 - 00042195 ____A C:\Users\Joe\Downloads\Attachments_2012_05_29.zip
    2012-05-26 17:25 - 2012-05-26 17:25 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-05-26 17:20 - 2012-05-26 17:17 - 74761776 ____A C:\Users\Joe\Downloads\avast_free_antivirus_setup.exe
    2012-05-26 17:17 - 2012-05-26 17:17 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-05-26 17:11 - 2012-05-26 17:11 - 00000000 ___AH C:\Users\Joe\Documents\Default.rdp
    2012-05-24 07:45 - 2012-05-24 07:45 - 24499270 ____A C:\Users\Joe\Downloads\versace-00vtop8fgayd.zip
    2012-05-23 22:28 - 2012-05-23 22:28 - 01470582 ____A C:\Users\Joe\Desktop\Untitled.bmp
    2012-05-23 16:58 - 2012-05-23 16:58 - 00002999 ____A C:\Users\Joe\Downloads\e461852373841511.ics
    2012-05-23 09:16 - 2012-05-23 09:16 - 00001695 ____A C:\Users\Joe\Downloads\attachment.ics
    2012-05-23 06:39 - 2012-05-23 06:39 - 00003555 ____A C:\Users\Joe\Downloads\e210486612405441 (1).ics
    2012-05-23 06:38 - 2012-05-23 06:38 - 00003555 ____A C:\Users\Joe\Downloads\e210486612405441.ics
    2012-05-17 08:38 - 2012-05-17 08:38 - 00350554 ____A C:\Users\Joe\Downloads\Attachments_2012_05_17.zip
    2012-05-16 07:59 - 2012-05-16 07:58 - 254886463 ____A C:\Users\Joe\Desktop\Portfolio.zip
    2012-05-16 07:45 - 2012-05-16 07:45 - 00877568 ____A C:\Users\Joe\Downloads\Power_All_Proposal_Final.ppt
    2012-05-16 07:45 - 2012-05-16 07:45 - 00156308 ____A C:\Users\Joe\Downloads\textLayout_1.0.0.595.swz
    2012-05-16 07:45 - 2012-05-16 07:45 - 00072130 ____A C:\Users\Joe\Downloads\It02_proto_Joe1-Alec.swf
    2012-05-16 07:45 - 2012-05-16 07:45 - 00028672 ____A C:\Users\Joe\Downloads\IT01Feedback_JoeMannarelli.xls
    2012-05-16 07:44 - 2012-05-16 07:44 - 00150325 ____A C:\Users\Joe\Downloads\Iterattion03_Joe1-Alec.swf
    2012-05-16 07:44 - 2012-05-16 07:44 - 00069874 ____A C:\Users\Joe\Downloads\Iterattion03_Joe1-Alec.fla
    2012-05-16 07:44 - 2012-05-16 07:44 - 00035066 ____A C:\Users\Joe\Downloads\Iterattion03_Joe1-Alec.as
    2012-05-16 07:43 - 2012-05-16 07:43 - 01040796 ____A C:\Users\Joe\Downloads\Iteration04 Joe1_Alec (2).zip
    2012-05-16 07:41 - 2012-05-16 07:41 - 01040796 ____A C:\Users\Joe\Downloads\Iteration04 Joe1_Alec (1).zip
    2012-05-16 07:28 - 2012-05-16 07:28 - 06444918 ____A C:\Users\Joe\Downloads\Group2_TreadmillPresentation.pptx
    2012-05-16 07:26 - 2012-05-16 07:26 - 02664368 ____A C:\Users\Joe\Downloads\FINAL FINAL FINAL FINAL.mp4
    2012-05-13 12:55 - 2009-07-13 20:45 - 00454560 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-11 13:50 - 2012-05-11 13:50 - 00003564 ____A C:\Users\Joe\Downloads\e366682236712769.ics
    2012-05-11 13:28 - 2012-05-11 13:28 - 00023459 ____A C:\Users\Joe\Downloads\IM210Team101H (1) (1).odt
    2012-05-11 13:27 - 2012-05-11 13:27 - 00023459 ____A C:\Users\Joe\Downloads\IM210Team101H (1).odt
    2012-05-11 13:22 - 2012-05-11 13:22 - 09356800 ____A C:\Users\Joe\Downloads\Mannarelli_Joe_Think_Tank_Revision_101.avi
    2012-05-11 13:20 - 2012-05-11 13:20 - 00698880 ____A C:\Users\Joe\Downloads\Mannarelli_Joe_Think_Tank (4).ppt
    2012-05-11 13:20 - 2012-05-11 13:20 - 00698880 ____A C:\Users\Joe\Downloads\Mannarelli_Joe_Think_Tank (3).ppt
    2012-05-11 13:20 - 2012-05-11 13:20 - 00698880 ____A C:\Users\Joe\Downloads\Mannarelli_Joe_Think_Tank (2).ppt
    2012-05-07 23:00 - 2012-05-07 23:00 - 00005408 ____A C:\Users\Joe\Downloads\e289899294431869.ics
    2012-05-07 22:48 - 2012-05-07 22:48 - 00437248 ____A C:\Users\Joe\Downloads\Presentation1.ppt
    2012-05-07 22:47 - 2012-05-07 22:47 - 06677264 ____A (Adobe Systems Inc.) C:\Users\Joe\Downloads\Shockwave_Installer_Slim (1).exe
    2012-05-07 22:45 - 2012-05-07 22:45 - 00259584 ____A C:\Users\Joe\Downloads\Joseph Mannarelli ppt show (2).ppt
    2012-05-07 22:45 - 2012-05-07 22:45 - 00205824 ____A C:\Users\Joe\Downloads\Joseph Mannarelli ppt show (1).ppt
    2012-05-07 22:01 - 2012-05-07 22:01 - 56556266 ____A C:\Users\Joe\Downloads\Mannarelli_Double_Take (1).mov
    2012-05-07 15:56 - 2012-05-07 15:56 - 00152064 ____A C:\Users\Joe\Downloads\LitMinistersList (4).xls

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 3894.85 MB
    Available physical RAM: 3286.83 MB
    Total Pagefile: 3893 MB
    Available Pagefile: 3282.23 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:254.14 GB) (Free:18.15 GB) NTFS
    2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.75 GB) NTFS
    4 Drive g: () (Removable) (Total:0.48 GB) (Free:0.4 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB
    Disk 1 Online 489 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 200 MB 1024 KB
    Partition 2 Primary 254 GB 201 MB
    Partition 0 Extended 28 GB 254 GB
    Partition 4 Logical 28 GB 254 GB
    Partition 3 OEM 14 GB 283 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 200 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 254 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D LENOVO NTFS Partition 28 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 12
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 489 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT Removable 489 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-30 19:24

    ======================= End Of Log ==========================
  4. debate

    debate Newcomer, in training Topic Starter Posts: 20

    search.txt


    Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by SYSTEM at 2012-08-05 09:28:12
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  6. debate

    debate Newcomer, in training Topic Starter Posts: 20

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01
    Ran by SYSTEM at 2012-08-05 19:35:36 Run:1
    Running from G:\

    ==============================================

    HKEY_USERS\guest1\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction Value deleted successfully.
    HKEY_USERS\guest1\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings Value deleted successfully.
    HKEY_USERS\Joe\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction Value deleted successfully.
    HKEY_USERS\Joe\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings Value deleted successfully.
    Could not move C:\Program Files (x86)\*.tmp.

    ==== End of Fixlog ====
  7. debate

    debate Newcomer, in training Topic Starter Posts: 20

    Java tried to update and the lenovo face thing failed but that happens every time I start the computer.
  8. debate

    debate Newcomer, in training Topic Starter Posts: 20

    After about 10-15 min connected to the internet the same popup came and restarted the computer
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please post a new log from FRST.
  10. debate

    debate Newcomer, in training Topic Starter Posts: 20

    I may be gone for a while just as a heads up. Will post when possible.
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. That's fine. Will wait for your return.
  12. debate

    debate Newcomer, in training Topic Starter Posts: 20

    New Log from FRST.txt

    Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by SYSTEM at 08-08-2012 14:56:24
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [413720 2010-04-21] (Intel Corporation)
    HKLM\...\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
    HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
    HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [166424 2010-04-21] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391192 2010-04-21] (Intel Corporation)
    HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [2598280 2010-06-23] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-16] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-16] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [171104 2010-06-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-12-28] (Lenovo)
    HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-03] (CyberLink Corp.)
    HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-01-08] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35184 2008-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
    HKU\Joe\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-20] (Google Inc.)
    HKU\Joe\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17037704 2011-03-08] (Skype Technologies S.A.)
    HKU\Joe\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\Joe\...\Run: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-03-27] (Google Inc.)
    HKU\Joe\...\Run: [chromium] C:\Users\Joe\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window [1229848 2012-07-30] (Google Inc.)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
    ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
    ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Lenovo Smile Dock.lnk
    ShortcutTarget: Lenovo Smile Dock.lnk -> C:\Program Files (x86)\DDNi\Lenovo Smile Dock\Delay.exe (Digital Delivery Networks, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinTV Recording Status..lnk
    ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)

    ==================== Services (Whitelisted) ======

    2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)
    2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [559104 2011-02-08] (Hauppauge Computer Works)
    2 lxdn_device; C:\windows\system32\lxdncoms.exe -service [1039872 2007-11-28] ( )
    2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [103472 2012-06-15] (McAfee, Inc.)
    2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    2 NitroReaderDriverReadSpool; "C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe" [341296 2011-01-14] (Nitro PDF Software)
    2 Oasis2Service; "C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe" [46080 2010-06-23] ()
    2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [345600 2010-01-14] (Pharos Systems International)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)
    2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [x]

    ========================== Drivers (Whitelisted) =============

    1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [1161376 2012-07-10] (Symantec Corporation)
    1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [167048 2011-11-04] (Symantec Corporation)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-18] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-07-19] (Symantec Corporation)
    1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120719.002\IDSvia64.sys [509088 2012-07-19] (Symantec Corporation)
    0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-07-21] (Lavasoft AB)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120719.021\ENG64.SYS [120440 2012-07-19] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120719.021\EX64.SYS [2068600 2012-07-19] (Symantec Corporation)
    3 SRTSP; C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\N360x64\0602010.005\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\N360x64\0602010.005\SYMEFA64.SYS [1092728 2011-11-23] (Symantec Corporation)
    3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-07-19] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
    1 SymNetS; C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
    3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215168 2010-03-18] (Vimicro Corporation)
    3 BcmSqlStartupSvc; [x]
    3 IGRS; [x]
    2 IviRegMgr; [x]
    3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    2 ReadyComm.DirectRouter; [x]
    2 RichVideo; [x]
    3 SQLWriter; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-04 23:50 - 2012-08-04 23:51 - 00000000 ____D C:\FRST
    2012-08-04 20:07 - 2012-08-04 20:28 - 00000000 ____D C:\Windows\pss
    2012-08-04 19:59 - 2012-08-04 19:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-04 19:58 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-04 19:56 - 2012-08-04 19:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall (1).exe
    2012-08-04 19:33 - 2012-07-03 00:19 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-04 19:31 - 2012-08-04 19:32 - 17039840 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\Windows-KB890830-x64-V4.10.exe
    2012-08-04 19:31 - 2012-08-04 19:31 - 16373192 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\Windows-KB890830-V4.10.exe
    2012-08-04 19:31 - 2012-07-03 00:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-08-04 09:28 - 2012-05-31 09:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-07-31 10:30 - 2012-08-04 08:59 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2012-07-30 20:48 - 2012-07-30 20:48 - 00000170 ____A C:\Users\Joe\Desktop\stop shutdown.lnk
    2012-07-30 18:28 - 2012-08-04 19:33 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2012-07-30 14:33 - 2012-07-30 14:34 - 73231904 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\msert.exe
    2012-07-30 14:33 - 2012-07-30 14:33 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall.exe
    2012-07-20 05:50 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-20 05:50 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-20 05:50 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-20 05:50 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-20 05:50 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-20 05:50 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-20 05:50 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-20 05:50 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-20 05:50 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-20 05:50 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-20 05:50 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-20 05:50 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-20 05:50 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-20 05:50 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-20 05:50 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-20 05:50 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-20 05:50 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-20 05:50 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-20 05:50 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-20 05:50 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-20 05:50 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-20 05:50 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-20 05:50 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-20 05:50 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-20 05:50 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-20 05:50 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-20 05:50 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-20 05:50 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-19 21:33 - 2012-07-19 21:33 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2012-07-19 21:33 - 2012-07-19 21:33 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2012-07-19 21:33 - 2012-07-19 21:33 - 00000000 ____D C:\Program Files\Symantec
    2012-07-19 21:33 - 2012-07-19 21:33 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2012-07-19 21:32 - 2012-07-19 22:56 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
    2012-07-19 21:32 - 2012-07-19 22:54 - 00002420 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
    2012-07-19 21:32 - 2012-07-19 21:32 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
    2012-07-19 21:24 - 2012-07-19 21:24 - 00000000 ____D C:\Users\Joe\Documents\Symantec
    2012-07-19 21:19 - 2012-07-19 21:32 - 00000000 ____D C:\Users\All Users\Norton
    2012-07-19 21:19 - 2012-07-19 21:19 - 00001284 ____A C:\Users\Joe\Desktop\Norton Installation Files.lnk
    2012-07-19 21:19 - 2012-07-19 21:19 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2012-07-19 21:15 - 2012-07-19 21:15 - 00000000 ____D C:\Users\All Users\IsolatedStorage
    2012-07-19 21:10 - 2012-08-08 11:52 - 00000000 ____D C:\Users\Joe\AppData\Roaming\ID Vault
    2012-07-19 21:10 - 2012-07-19 21:53 - 00000000 ____D C:\Users\Joe\AppData\Local\ID Vault
    2012-07-19 21:10 - 2012-07-19 21:10 - 00002265 ____A C:\Users\Public\Desktop\Constant Guard.lnk
    2012-07-19 21:10 - 2012-07-19 21:10 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
    2012-07-19 21:08 - 2012-07-19 21:08 - 00000000 ____D C:\Users\All Users\White Sky, Inc
    2012-07-19 21:00 - 2012-07-19 21:00 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard (2).exe
    2012-07-19 20:58 - 2012-07-19 20:59 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard.exe
    2012-07-19 20:58 - 2012-07-19 20:58 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard (1).exe
    2012-07-19 14:31 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-07-19 14:31 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-07-19 14:31 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-07-19 14:31 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-07-19 14:31 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-07-19 14:31 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-07-19 14:30 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-07-19 14:30 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-07-19 14:30 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-07-19 14:28 - 2012-05-01 21:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-07-19 14:21 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-07-19 14:21 - 2012-04-07 04:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-07-19 14:21 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-07-19 13:48 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-07-19 13:48 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-07-19 13:48 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-07-19 13:48 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-07-16 20:55 - 2012-07-16 20:56 - 00000000 ____D C:\Program Files (x86)\GUMBFE0.tmp
    2012-07-16 20:55 - 2012-07-16 20:55 - 04024320 ____A C:\Program Files (x86)\GUTBFE1.tmp
    2012-07-16 20:54 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-07-16 20:54 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe


    ============ 3 Months Modified Files ========================

    2012-08-08 11:54 - 2011-03-27 21:01 - 07371673 ____A C:\FaceProv.log
    2012-08-08 11:54 - 2009-07-13 20:51 - 00051941 ____A C:\Windows\setupact.log
    2012-08-08 11:54 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-08 11:54 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-08 11:52 - 2011-05-20 22:58 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-08 11:50 - 2011-08-27 20:46 - 00000029 ____A C:\Windows\SysWOW64\TempWmicBatchFile.bat
    2012-08-08 11:50 - 2011-08-06 23:28 - 00048156 ____A C:\aaw7boot.log
    2012-08-08 11:50 - 2011-05-20 22:58 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-08 11:50 - 2011-03-27 21:10 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144747702-1964984273-1192697869-1000UA.job
    2012-08-08 11:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-05 16:41 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-05 16:33 - 2010-12-28 20:11 - 01323058 ____A C:\Windows\WindowsUpdate.log
    2012-08-04 20:09 - 2009-07-13 21:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-04 19:56 - 2012-08-04 19:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall (1).exe
    2012-08-04 19:32 - 2012-08-04 19:31 - 17039840 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\Windows-KB890830-x64-V4.10.exe
    2012-08-04 19:31 - 2012-08-04 19:31 - 16373192 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\Windows-KB890830-V4.10.exe
    2012-08-04 14:37 - 2011-03-27 21:10 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144747702-1964984273-1192697869-1000Core.job
    2012-08-04 09:49 - 2011-05-20 22:59 - 00002405 ____A C:\Users\Joe\Desktop\Google Chrome.lnk
    2012-08-04 08:59 - 2012-07-31 10:30 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2012-08-04 08:44 - 2011-08-11 22:15 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-08-04 08:44 - 2011-08-11 22:15 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-07-30 20:48 - 2012-07-30 20:48 - 00000170 ____A C:\Users\Joe\Desktop\stop shutdown.lnk
    2012-07-30 20:31 - 2011-03-27 14:57 - 00246840 ____A C:\Windows\PFRO.log
    2012-07-30 14:34 - 2012-07-30 14:33 - 73231904 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\msert.exe
    2012-07-30 14:33 - 2012-07-30 14:33 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall.exe
    2012-07-19 22:54 - 2012-07-19 21:32 - 00002420 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
    2012-07-19 21:33 - 2012-07-19 21:33 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2012-07-19 21:33 - 2012-07-19 21:33 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2012-07-19 21:19 - 2012-07-19 21:19 - 00001284 ____A C:\Users\Joe\Desktop\Norton Installation Files.lnk
    2012-07-19 21:10 - 2012-07-19 21:10 - 00002265 ____A C:\Users\Public\Desktop\Constant Guard.lnk
    2012-07-19 21:00 - 2012-07-19 21:00 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard (2).exe
    2012-07-19 20:59 - 2012-07-19 20:58 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard.exe
    2012-07-19 20:58 - 2012-07-19 20:58 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard (1).exe
    2012-07-16 20:55 - 2012-07-16 20:55 - 04024320 ____A C:\Program Files (x86)\GUTBFE1.tmp
    2012-07-03 00:19 - 2012-08-04 19:33 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-03 00:13 - 2012-08-04 19:31 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-06-09 10:01 - 2012-06-08 19:33 - 00011697 ____A C:\Users\Joe\Desktop\Graduation.xlsx
    2012-06-02 14:19 - 2012-07-19 13:48 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-07-19 13:48 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-07-19 13:48 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:15 - 2012-07-19 13:48 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 12:19 - 2012-07-16 20:54 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-07-16 20:54 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-20 05:50 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-20 05:50 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-20 05:50 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-20 05:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-20 05:50 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-20 05:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-20 05:50 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-20 05:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-20 05:50 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-20 05:50 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-20 05:50 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-20 05:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-20 05:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-20 05:50 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-20 05:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-20 05:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-20 05:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-20 05:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-20 05:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-20 05:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-20 05:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-20 05:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-20 05:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-20 05:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-20 05:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-20 05:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-20 05:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-20 05:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 12:18 - 2012-06-01 12:18 - 00021504 ____A C:\Users\Joe\Downloads\project4-spreadsheet (1).xls
    2012-06-01 12:15 - 2012-06-01 12:15 - 00021504 ____A C:\Users\Joe\Downloads\project4-spreadsheet.xls
    2012-06-01 11:36 - 2012-06-01 11:36 - 00051491 ____A C:\Users\Joe\Downloads\project-A1-jim-janossy.zip
    2012-05-31 16:52 - 2012-05-31 16:52 - 00003336 ____A C:\Users\Joe\Downloads\e353481361384841.ics
    2012-05-31 09:25 - 2012-08-04 09:28 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-29 15:21 - 2012-05-29 15:21 - 00002512 ____A C:\Users\Joe\Downloads\e225484284235751.ics
    2012-05-29 15:17 - 2012-05-29 15:17 - 00004447 ____A C:\Users\Joe\Downloads\e246946508739819.ics
    2012-05-29 14:49 - 2012-05-29 14:48 - 00042195 ____A C:\Users\Joe\Downloads\Attachments_2012_05_29.zip
    2012-05-26 17:25 - 2012-05-26 17:25 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-05-26 17:20 - 2012-05-26 17:17 - 74761776 ____A C:\Users\Joe\Downloads\avast_free_antivirus_setup.exe
    2012-05-26 17:17 - 2012-05-26 17:17 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-05-26 17:11 - 2012-05-26 17:11 - 00000000 ___AH C:\Users\Joe\Documents\Default.rdp
    2012-05-24 07:45 - 2012-05-24 07:45 - 24499270 ____A C:\Users\Joe\Downloads\versace-00vtop8fgayd.zip
    2012-05-23 22:28 - 2012-05-23 22:28 - 01470582 ____A C:\Users\Joe\Desktop\Untitled.bmp
    2012-05-23 16:58 - 2012-05-23 16:58 - 00002999 ____A C:\Users\Joe\Downloads\e461852373841511.ics
    2012-05-23 09:16 - 2012-05-23 09:16 - 00001695 ____A C:\Users\Joe\Downloads\attachment.ics
    2012-05-23 06:39 - 2012-05-23 06:39 - 00003555 ____A C:\Users\Joe\Downloads\e210486612405441 (1).ics
    2012-05-23 06:38 - 2012-05-23 06:38 - 00003555 ____A C:\Users\Joe\Downloads\e210486612405441.ics
    2012-05-17 08:38 - 2012-05-17 08:38 - 00350554 ____A C:\Users\Joe\Downloads\Attachments_2012_05_17.zip
    2012-05-16 07:59 - 2012-05-16 07:58 - 254886463 ____A C:\Users\Joe\Desktop\Portfolio.zip
    2012-05-16 07:45 - 2012-05-16 07:45 - 00877568 ____A C:\Users\Joe\Downloads\Power_All_Proposal_Final.ppt
    2012-05-16 07:45 - 2012-05-16 07:45 - 00156308 ____A C:\Users\Joe\Downloads\textLayout_1.0.0.595.swz
    2012-05-16 07:45 - 2012-05-16 07:45 - 00072130 ____A C:\Users\Joe\Downloads\It02_proto_Joe1-Alec.swf
    2012-05-16 07:45 - 2012-05-16 07:45 - 00028672 ____A C:\Users\Joe\Downloads\IT01Feedback_JoeMannarelli.xls
    2012-05-16 07:44 - 2012-05-16 07:44 - 00150325 ____A C:\Users\Joe\Downloads\Iterattion03_Joe1-Alec.swf
    2012-05-16 07:44 - 2012-05-16 07:44 - 00069874 ____A C:\Users\Joe\Downloads\Iterattion03_Joe1-Alec.fla
    2012-05-16 07:44 - 2012-05-16 07:44 - 00035066 ____A C:\Users\Joe\Downloads\Iterattion03_Joe1-Alec.as
    2012-05-16 07:43 - 2012-05-16 07:43 - 01040796 ____A C:\Users\Joe\Downloads\Iteration04 Joe1_Alec (2).zip
    2012-05-16 07:41 - 2012-05-16 07:41 - 01040796 ____A C:\Users\Joe\Downloads\Iteration04 Joe1_Alec (1).zip
    2012-05-16 07:28 - 2012-05-16 07:28 - 06444918 ____A C:\Users\Joe\Downloads\Group2_TreadmillPresentation.pptx
    2012-05-16 07:26 - 2012-05-16 07:26 - 02664368 ____A C:\Users\Joe\Downloads\FINAL FINAL FINAL FINAL.mp4
    2012-05-13 12:55 - 2009-07-13 20:45 - 00454560 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-11 13:50 - 2012-05-11 13:50 - 00003564 ____A C:\Users\Joe\Downloads\e366682236712769.ics
    2012-05-11 13:28 - 2012-05-11 13:28 - 00023459 ____A C:\Users\Joe\Downloads\IM210Team101H (1) (1).odt
    2012-05-11 13:27 - 2012-05-11 13:27 - 00023459 ____A C:\Users\Joe\Downloads\IM210Team101H (1).odt
    2012-05-11 13:22 - 2012-05-11 13:22 - 09356800 ____A C:\Users\Joe\Downloads\Mannarelli_Joe_Think_Tank_Revision_101.avi
    2012-05-11 13:20 - 2012-05-11 13:20 - 00698880 ____A C:\Users\Joe\Downloads\Mannarelli_Joe_Think_Tank (4).ppt
    2012-05-11 13:20 - 2012-05-11 13:20 - 00698880 ____A C:\Users\Joe\Downloads\Mannarelli_Joe_Think_Tank (3).ppt
    2012-05-11 13:20 - 2012-05-11 13:20 - 00698880 ____A C:\Users\Joe\Downloads\Mannarelli_Joe_Think_Tank (2).ppt

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 3894.85 MB
    Available physical RAM: 3280.26 MB
    Total Pagefile: 3893 MB
    Available Pagefile: 3276.84 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:254.14 GB) (Free:18.17 GB) NTFS
    2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.73 GB) NTFS
    4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.3 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB
    Disk 1 Online 7629 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 200 MB 1024 KB
    Partition 2 Primary 254 GB 201 MB
    Partition 0 Extended 28 GB 254 GB
    Partition 4 Logical 28 GB 254 GB
    Partition 3 OEM 14 GB 283 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 200 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 254 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D LENOVO NTFS Partition 28 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 12
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7629 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 7629 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-30 19:24

    ======================= End Of Log ==========================
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Additional FRST Scan

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    netio.sys

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
     
  14. debate

    debate Newcomer, in training Topic Starter Posts: 20

    Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by SYSTEM at 2012-08-09 17:55:30
    Running from G:\

    ================== Search: "netio.sys" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7600.20687_none_b31bffa7e81a5acc\netio.sys
    [2012-08-04 19:58] - [2010-04-08 23:56] - 0374664 ____A (Microsoft Corporation) 86FC2B7E90AA0EE90AC3E9B1D727C1FE

    C:\Windows\winsxs\amd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7600.16569_none_b2aa0348ceeab5ce\netio.sys
    [2012-08-04 19:58] - [2010-04-09 03:06] - 0374664 ____A (Microsoft Corporation) 02903EB9D9308541D032417ACDFB975C

    C:\Windows\winsxs\amd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_b2905e7ccefe8e06\netio.sys
    [2009-07-13 15:21] - [2009-07-13 17:48] - 0374864 ____A (Microsoft Corporation) 7B8403912673A87EA6622F5CB867A670

    C:\Windows\System32\drivers\netio.sys
    [2012-08-04 19:58] - [2010-04-09 03:06] - 0374664 ____A (Microsoft Corporation) 02903EB9D9308541D032417ACDFB975C

    ====== End Of Search ======
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  16. debate

    debate Newcomer, in training Topic Starter Posts: 20

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01
    Ran by SYSTEM at 2012-08-10 14:08:56 Run:2
    Running from G:\

    ==============================================

    C:\Users\Joe\Downloads\Windows-KB890830-x64-V4.10.exe moved successfully.
    C:\Users\Joe\Downloads\Windows-KB890830-V4.10.exe moved successfully.

    ==== End of Fixlog ====
  17. debate

    debate Newcomer, in training Topic Starter Posts: 20

    Still had the popup box and the restart happen after running the code in the previous post. After about 2 minutes.
  18. debate

    debate Newcomer, in training Topic Starter Posts: 20

    just came up again
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    We are going to be using a Windows Recovery Environment to help disinfect the system.

    Download the OTLPE Network REATOGO Windows Recovery Environment.
    • Place a blank CD-R disc in to your CD burning drive.
    • Download OTLPENet.exe and double-click on it to burn to a CD using ISO Burner.
    • Reboot your system using the boot CD you just created.

      Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Double-click on the OTLPE icon.
    • When asked "Do you wish to load the remote registry", select Yes
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start. Change the following settings
      • Change Drivers to Non-Microsoft
      • Press Run Scan to start the scan.
      • When finished, the file will be saved in drive C:\_OTL\MovedFiles
      • Copy this file to your USB drive if you do not have internet connection on this system
      • Please post the contents of the OTL.txt file in your reply.
  20. debate

    debate Newcomer, in training Topic Starter Posts: 20

    thanks. this might take a few days.
  21. debate

    debate Newcomer, in training Topic Starter Posts: 20

    When I try to boot of the disk it gets to the Windows XP load screen with the bar below the logo but then windows goes blue screen and stops the program from running
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're talking about the disc for OTLPE?
  23. debate

    debate Newcomer, in training Topic Starter Posts: 20

    I can download the file, burn it, and then run it but when I get to the booting of the disk I only reach the "Starting REATOGO-X-PE" screen with a loadbar on the bottom. The bar completes but does not advance the booting process
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Back to FRST, please post a new log.
  25. debate

    debate Newcomer, in training Topic Starter Posts: 20

    Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by SYSTEM at 25-08-2012 08:34:00
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [413720 2010-04-21] (Intel Corporation)
    HKLM\...\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
    HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
    HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [166424 2010-04-21] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391192 2010-04-21] (Intel Corporation)
    HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [2598280 2010-06-23] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-16] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-16] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-21] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [171104 2010-06-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-12-28] (Lenovo)
    HKLM-x32\...\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" [218408 2008-12-03] (CyberLink Corp.)
    HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-01-08] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35184 2008-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
    HKU\Joe\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-20] (Google Inc.)
    HKU\Joe\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17037704 2011-03-08] (Skype Technologies S.A.)
    HKU\Joe\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\Joe\...\Run: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-03-27] (Google Inc.)
    HKU\Joe\...\Run: [chromium] C:\Users\Joe\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window [1229848 2012-08-17] (Google Inc.)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
    ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
    ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Lenovo Smile Dock.lnk
    ShortcutTarget: Lenovo Smile Dock.lnk -> C:\Program Files (x86)\DDNi\Lenovo Smile Dock\Delay.exe (Digital Delivery Networks, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinTV Recording Status..lnk
    ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)

    ==================== Services (Whitelisted) ======

    2 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.)
    2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [559104 2011-02-08] (Hauppauge Computer Works)
    2 lxdn_device; C:\windows\system32\lxdncoms.exe -service [1039872 2007-11-28] ( )
    2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [103472 2012-06-15] (McAfee, Inc.)
    2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\6.2.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    2 NitroReaderDriverReadSpool; "C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe" [341296 2011-01-14] (Nitro PDF Software)
    2 Oasis2Service; "C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe" [46080 2010-06-23] ()
    2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [345600 2010-01-14] (Pharos Systems International)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)
    2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [x]

    ========================== Drivers (Whitelisted) =============

    1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [1161376 2012-07-10] (Symantec Corporation)
    1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [167048 2011-11-04] (Symantec Corporation)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-07-18] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-07-19] (Symantec Corporation)
    1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120719.002\IDSvia64.sys [509088 2012-07-19] (Symantec Corporation)
    0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-07-21] (Lavasoft AB)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120719.021\ENG64.SYS [120440 2012-07-19] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120719.021\EX64.SYS [2068600 2012-07-19] (Symantec Corporation)
    3 SRTSP; C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\N360x64\0602010.005\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\N360x64\0602010.005\SYMEFA64.SYS [1092728 2011-11-23] (Symantec Corporation)
    3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-07-19] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
    1 SymNetS; C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
    3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215168 2010-03-18] (Vimicro Corporation)
    3 BcmSqlStartupSvc; [x]
    3 IGRS; [x]
    2 IviRegMgr; [x]
    3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    2 ReadyComm.DirectRouter; [x]
    2 RichVideo; [x]
    3 SQLWriter; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-18 11:45 - 2012-08-19 05:50 - 00000000 ____D C:\Users\Joe\Desktop\fun stuff
    2012-08-18 09:05 - 2012-08-18 09:14 - 127231689 ____A (Igor Pavlov) C:\Users\Joe\Downloads\OTLPENet (1).exe
    2012-08-11 16:25 - 2012-08-10 16:11 - 00024064 ____A C:\Users\Joe\Desktop\VSCWest.xls
    2012-08-11 10:12 - 2012-08-11 10:12 - 127231689 ____A (Igor Pavlov) C:\Users\Joe\Downloads\OTLPENet.exe
    2012-08-10 16:16 - 2012-08-10 16:16 - 00000512 ____A C:\Users\Joe\Downloads\85CE0000
    2012-08-09 18:07 - 2012-08-10 16:11 - 00024064 ____A C:\Users\Joe\Downloads\VSCWest.xls
    2012-08-04 23:50 - 2012-08-04 23:51 - 00000000 ____D C:\FRST
    2012-08-04 20:07 - 2012-08-04 20:28 - 00000000 ____D C:\Windows\pss
    2012-08-04 19:59 - 2012-08-04 19:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-04 19:58 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-04 19:56 - 2012-08-04 19:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall (1).exe
    2012-08-04 19:33 - 2012-07-03 00:19 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-04 19:31 - 2012-07-03 00:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-08-04 09:28 - 2012-05-31 11:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-07-31 10:30 - 2012-08-04 08:59 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2012-07-30 20:48 - 2012-07-30 20:48 - 00000170 ____A C:\Users\Joe\Desktop\stop shutdown.lnk
    2012-07-30 18:28 - 2012-08-04 19:33 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2012-07-30 14:33 - 2012-07-30 14:34 - 73231904 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\msert.exe
    2012-07-30 14:33 - 2012-07-30 14:33 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall.exe

    ============ 3 Months Modified Files ========================

    2012-08-25 07:31 - 2011-03-27 21:10 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144747702-1964984273-1192697869-1000Core.job
    2012-08-25 07:31 - 2011-03-27 21:01 - 07663891 ____A C:\FaceProv.log
    2012-08-25 07:30 - 2011-03-27 21:10 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1144747702-1964984273-1192697869-1000UA.job
    2012-08-25 07:29 - 2011-05-20 22:58 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-25 07:29 - 2010-12-28 20:11 - 01597048 ____A C:\Windows\WindowsUpdate.log
    2012-08-25 07:28 - 2011-08-27 20:46 - 00000029 ____A C:\Windows\SysWOW64\TempWmicBatchFile.bat
    2012-08-25 07:28 - 2011-05-20 22:58 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-24 05:45 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-24 05:45 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-24 05:36 - 2011-08-06 23:28 - 00056668 ____A C:\aaw7boot.log
    2012-08-24 05:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-24 05:36 - 2009-07-13 20:51 - 00054069 ____A C:\Windows\setupact.log
    2012-08-23 05:24 - 2011-03-27 14:57 - 00247494 ____A C:\Windows\PFRO.log
    2012-08-23 05:21 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-21 17:03 - 2011-05-20 22:59 - 00002405 ____A C:\Users\Joe\Desktop\Google Chrome.lnk
    2012-08-19 05:59 - 2011-08-20 08:56 - 00117784 ____A C:\Users\guest1\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-18 09:14 - 2012-08-18 09:05 - 127231689 ____A (Igor Pavlov) C:\Users\Joe\Downloads\OTLPENet (1).exe
    2012-08-11 10:12 - 2012-08-11 10:12 - 127231689 ____A (Igor Pavlov) C:\Users\Joe\Downloads\OTLPENet.exe
    2012-08-10 16:16 - 2012-08-10 16:16 - 00000512 ____A C:\Users\Joe\Downloads\85CE0000
    2012-08-10 16:11 - 2012-08-11 16:25 - 00024064 ____A C:\Users\Joe\Desktop\VSCWest.xls
    2012-08-10 16:11 - 2012-08-09 18:07 - 00024064 ____A C:\Users\Joe\Downloads\VSCWest.xls
    2012-08-08 12:10 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-04 19:56 - 2012-08-04 19:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall (1).exe
    2012-08-04 08:59 - 2012-07-31 10:30 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    2012-08-04 08:44 - 2011-08-11 22:15 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-08-04 08:44 - 2011-08-11 22:15 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-07-30 20:48 - 2012-07-30 20:48 - 00000170 ____A C:\Users\Joe\Desktop\stop shutdown.lnk
    2012-07-30 14:34 - 2012-07-30 14:33 - 73231904 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\msert.exe
    2012-07-30 14:33 - 2012-07-30 14:33 - 12621696 ____A (Microsoft Corporation) C:\Users\Joe\Downloads\mseinstall.exe
    2012-07-19 22:54 - 2012-07-19 21:32 - 00002420 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
    2012-07-19 21:33 - 2012-07-19 21:33 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2012-07-19 21:33 - 2012-07-19 21:33 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2012-07-19 21:19 - 2012-07-19 21:19 - 00001284 ____A C:\Users\Joe\Desktop\Norton Installation Files.lnk
    2012-07-19 21:10 - 2012-07-19 21:10 - 00002265 ____A C:\Users\Public\Desktop\Constant Guard.lnk
    2012-07-19 21:00 - 2012-07-19 21:00 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard (2).exe
    2012-07-19 20:59 - 2012-07-19 20:58 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard.exe
    2012-07-19 20:58 - 2012-07-19 20:58 - 18237472 ____A (White Sky, Inc.) C:\Users\Joe\Downloads\constantguard (1).exe
    2012-07-16 20:55 - 2012-07-16 20:55 - 04024320 ____A C:\Program Files (x86)\GUTBFE1.tmp
    2012-07-03 00:19 - 2012-08-04 19:33 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-03 00:13 - 2012-08-04 19:31 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-06-09 10:01 - 2012-06-08 19:33 - 00011697 ____A C:\Users\Joe\Desktop\Graduation.xlsx
    2012-06-02 14:19 - 2012-07-19 13:48 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-07-19 13:48 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-07-19 13:48 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-07-16 20:55 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-07-16 20:55 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-07-19 13:48 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-07-16 20:55 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-07-16 20:54 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-07-16 20:54 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-20 05:50 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-20 05:50 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-20 05:50 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-20 05:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-20 05:50 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-20 05:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-20 05:50 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-20 05:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-20 05:50 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-20 05:50 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-20 05:50 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-20 05:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-20 05:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-20 05:50 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-20 05:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-20 05:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-20 05:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-20 05:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-20 05:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-20 05:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-20 05:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-20 05:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-20 05:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-20 05:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-20 05:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-20 05:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-20 05:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-20 05:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 12:18 - 2012-06-01 12:18 - 00021504 ____A C:\Users\Joe\Downloads\project4-spreadsheet (1).xls
    2012-06-01 12:15 - 2012-06-01 12:15 - 00021504 ____A C:\Users\Joe\Downloads\project4-spreadsheet.xls
    2012-06-01 11:36 - 2012-06-01 11:36 - 00051491 ____A C:\Users\Joe\Downloads\project-A1-jim-janossy.zip
    2012-05-31 16:52 - 2012-05-31 16:52 - 00003336 ____A C:\Users\Joe\Downloads\e353481361384841.ics
    2012-05-31 11:25 - 2012-08-04 09:28 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-29 15:21 - 2012-05-29 15:21 - 00002512 ____A C:\Users\Joe\Downloads\e225484284235751.ics
    2012-05-29 15:17 - 2012-05-29 15:17 - 00004447 ____A C:\Users\Joe\Downloads\e246946508739819.ics
    2012-05-29 14:49 - 2012-05-29 14:48 - 00042195 ____A C:\Users\Joe\Downloads\Attachments_2012_05_29.zip


    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 3894.85 MB
    Available physical RAM: 3293.26 MB
    Total Pagefile: 3893 MB
    Available Pagefile: 3288.77 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:254.14 GB) (Free:10.29 GB) NTFS
    2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.67 GB) NTFS
    4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.3 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB
    Disk 1 Online 7629 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 200 MB 1024 KB
    Partition 2 Primary 254 GB 201 MB
    Partition 0 Extended 28 GB 254 GB
    Partition 4 Logical 28 GB 254 GB
    Partition 3 OEM 14 GB 283 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 200 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 254 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D LENOVO NTFS Partition 28 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 12
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 LENOVO_PART NTFS Partition 14 GB Healthy Hidden

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7629 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 7629 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-30 19:24

    ======================= End Of Log ==========================


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.