Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with paysafe ransomware


  • Please log in to reply
2 replies to this topic

#1 robert89

robert89

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 14 August 2013 - 05:18 AM

Hello! Since yesterday I try to control a laptop infected with Paysafe randsomware and I managed half. I managed to delete virus manually and now have control of your PC. The only problem is that all my startup occurs in a part of the virus, namely: dirty.exe and decrypt window. I used combofix and adwcleaner in safe mode, but I could not remove. What do I disappear to these "traces"?

The system is on 64 bits

 

Farbar log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013
Ran by versace (administrator) on 14-08-2013 03:15:03
Running from C:\Users\versace\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Punsh.at.ua (Vladimir aka punsh)) C:\Users\versace\Desktop\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\MalwarebytesPortable.exe
(Malwarebytes Corporation) C:\Users\versace\Desktop\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\App\Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Windows Media Player\qxsDoTzv.exe, [x]
HKCU\...\Run: [HOizTbEx] - C:\Users\versace\AppData\Local\ATI\UKIQlxHi.exe [241536 2013-08-11] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\versace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zeltOwJP.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -  No File

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.)
S2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
S2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [247296 2010-01-13] ()

==================== Drivers (Whitelisted) ====================

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 8BD152EAAEFEB8667E7E43FD8CAC3642
C:\Windows\System32\DRIVERS\atikmpag.sys 4112266BD3949EBE9B0B8AB198D3D0EE
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amd_sata.sys CAEE7C1AFC9F1C9EE8DD11ACD18D22E7
C:\Windows\System32\DRIVERS\amd_xata.sys 23726116B4FBCC84FC45B95157C08F5F
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys F8633CDD09647A64EE8DB550630427FF
C:\Windows\System32\drivers\AtihdW76.sys DBB487D09F56C674430AC454FD8BCAB9
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys AC31727F9946E9009480708E4D1B9986
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys AC31727F9946E9009480708E4D1B9986
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 4C120D2B2EA269EAE7A5744794EB6DB1
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 033B4AED2C5519072C0D81E00804D003
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\massfilter.sys 23488767CB18FC3FF39E3AF1DB3FB02C
C:\Windows\System32\drivers\massfilter_hs.sys 7AD627CDB12F5F451F24C8A97CA6E175
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys E453ACF4E7D44E5530B5D5F2B9CA8563
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 135A64530D7699AD48F29D73A658DD11
C:\Windows\System32\DRIVERS\Rt64win7.sys 3372196F61AF48503656EF6AA3E92D1B
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 37608401DFDB388CAF66917F6B2D6FB0
C:\Windows\System32\DRIVERS\tcpip.sys 37608401DFDB388CAF66917F6B2D6FB0
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lgx64bus.sys C73CB90E6A2FF90FD02451A8DFC6AF8A
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lgx64diag.sys 856CE1F23785369BB5A2DE0AEDAD0AA7
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbfilter.sys 76E2FFAD301490BA27B947C6507752FB
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lgx64modem.sys F81055629778D33C9317B32E4D2B58DB
C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys FF5A03A65B68DB7E02A12880399D40D4
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys FF5A03A65B68DB7E02A12880399D40D4
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys FF5A03A65B68DB7E02A12880399D40D4

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-14 03:14 - 2013-08-14 03:14 - 00000000 ____D C:\Users\versace\Desktop\Malwarebytes' Anti-Malware 1.62.0.1300 Portable
2013-08-14 03:14 - 2013-08-14 03:14 - 00000000 ____D C:\Users\versace\AppData\Roaming\Malwarebytes
2013-08-14 03:14 - 2013-08-14 03:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-14 03:14 - 2013-08-14 03:14 - 00000000 ____D C:\FRST
2013-08-14 03:14 - 2012-07-03 12:46 - 00024904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam,3.sys
2013-08-14 03:12 - 2013-08-14 03:12 - 00015688 _____ C:\ComboFix.txt
2013-08-14 02:55 - 2013-08-14 03:12 - 00000000 ____D C:\Qoobox
2013-08-14 02:55 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-14 02:55 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-14 02:55 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-14 02:55 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-14 02:55 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-14 02:55 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-14 02:55 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-14 02:55 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-14 02:54 - 2013-08-13 09:03 - 05102975 ____R (Swearware) C:\Users\versace\Desktop\ComboFix.exe
2013-08-14 02:40 - 2013-08-14 02:40 - 00000000 ____D C:\found.000
2013-08-14 00:33 - 2013-08-14 02:26 - 00002872 _____ C:\Windows\system32\TmInstall.log
2013-08-14 00:33 - 2013-08-14 00:33 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2013-08-14 00:30 - 2013-08-14 00:30 - 00000000 ____D C:\Users\versace\AppData\Roaming\Malwarebytes-Backup
2013-08-14 00:30 - 2013-08-14 00:30 - 00000000 ____D C:\ProgramData\Malwarebytes-Backup
2013-08-14 00:29 - 2013-08-14 00:29 - 00000000 ____D C:\Windows\pss
2013-08-14 00:24 - 2013-08-14 10:09 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\versace\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-14 00:24 - 2013-07-01 15:52 - 00648201 _____ C:\Users\versace\Desktop\adwcleaner.exe
2013-08-13 23:51 - 2013-08-14 00:29 - 00000000 ___RD C:\Users\versace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-13 23:50 - 2013-08-14 00:26 - 00000000 ____D C:\Windows\erdnt
2013-08-13 23:47 - 2013-08-13 23:47 - 00058520 _____ C:\Users\versace\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-13 23:46 - 2013-08-13 23:46 - 00000000 ____D C:\Users\versace\AppData\Local\Dirty
2013-08-13 08:49 - 2013-08-14 00:28 - 00000000 ____D C:\Users\versace\AppData\Roaming\Systweak
2013-08-13 08:49 - 2013-08-13 08:49 - 00000000 ____D C:\Users\versace\AppData\Roaming\Telefónica
2013-08-13 02:02 - 2011-07-11 10:56 - 00000000 ____D C:\Malwarebytes Anti-Malware 1.51.0.1200
2013-08-13 01:30 - 2013-08-13 01:30 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2013-08-13 01:07 - 2013-08-13 01:07 - 00000000 __RSH C:\MSDOS.SYS
2013-08-13 01:07 - 2013-08-13 01:07 - 00000000 __RSH C:\IO.SYS
2013-08-11 12:37 - 2013-08-11 12:37 - 00000000 ____D C:\Program Files (x86)\Dirty
2013-08-10 08:25 - 2013-08-10 09:06 - 00000000 ____D C:\Users\versace\Desktop\cori muzica

==================== One Month Modified Files and Folders =======

2013-08-14 10:09 - 2013-08-14 00:24 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\versace\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-14 03:14 - 2013-08-14 03:14 - 00000000 ____D C:\Users\versace\Desktop\Malwarebytes' Anti-Malware 1.62.0.1300 Portable
2013-08-14 03:14 - 2013-08-14 03:14 - 00000000 ____D C:\Users\versace\AppData\Roaming\Malwarebytes
2013-08-14 03:14 - 2013-08-14 03:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-14 03:14 - 2013-08-14 03:14 - 00000000 ____D C:\FRST
2013-08-14 03:12 - 2013-08-14 03:12 - 00015688 _____ C:\ComboFix.txt
2013-08-14 03:12 - 2013-08-14 02:55 - 00000000 ____D C:\Qoobox
2013-08-14 03:08 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2013-08-14 02:51 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 02:51 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 02:50 - 2012-06-29 18:02 - 00000000 ____D C:\Users\versace\AppData\Local\ATI
2013-08-14 02:47 - 2012-06-27 07:37 - 00000000 ____D C:\ASUS.DAT
2013-08-14 02:47 - 2011-04-12 19:33 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 02:46 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 02:46 - 2009-07-13 21:51 - 00141843 _____ C:\Windows\setupact.log
2013-08-14 02:40 - 2013-08-14 02:40 - 00000000 ____D C:\found.000
2013-08-14 02:30 - 2011-04-12 19:33 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 02:26 - 2013-08-14 00:33 - 00002872 _____ C:\Windows\system32\TmInstall.log
2013-08-14 02:26 - 2012-06-26 15:50 - 00001301 _____ C:\Windows\system32\ServiceFilter.ini
2013-08-14 02:21 - 2011-04-12 18:39 - 00330486 _____ C:\Windows\PFRO.log
2013-08-14 02:13 - 2012-08-16 08:30 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423716162-3940700756-3874099973-1001UA.job
2013-08-14 02:13 - 2012-06-26 15:23 - 02050934 _____ C:\Windows\WindowsUpdate.log
2013-08-14 01:58 - 2012-06-29 19:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 00:47 - 2012-08-13 19:39 - 00000000 ____D C:\Windows\Minidump
2013-08-14 00:33 - 2013-08-14 00:33 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2013-08-14 00:32 - 2011-04-12 19:51 - 00000000 ____D C:\ProgramData\Trend Micro
2013-08-14 00:30 - 2013-08-14 00:30 - 00000000 ____D C:\Users\versace\AppData\Roaming\Malwarebytes-Backup
2013-08-14 00:30 - 2013-08-14 00:30 - 00000000 ____D C:\ProgramData\Malwarebytes-Backup
2013-08-14 00:30 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2013-08-14 00:29 - 2013-08-14 00:29 - 00000000 ____D C:\Windows\pss
2013-08-14 00:29 - 2013-08-13 23:51 - 00000000 ___RD C:\Users\versace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-14 00:28 - 2013-08-13 08:49 - 00000000 ____D C:\Users\versace\AppData\Roaming\Systweak
2013-08-14 00:28 - 2011-03-17 04:52 - 04681022 _____ C:\Windows\system32\perfh019.dat
2013-08-14 00:28 - 2011-03-17 04:52 - 01523738 _____ C:\Windows\system32\perfc019.dat
2013-08-14 00:28 - 2011-02-18 22:02 - 04359648 _____ C:\Windows\system32\perfh00D.dat
2013-08-14 00:28 - 2011-02-18 22:02 - 01460720 _____ C:\Windows\system32\perfc00D.dat
2013-08-14 00:28 - 2011-02-18 21:56 - 04556316 _____ C:\Windows\system32\perfh008.dat
2013-08-14 00:28 - 2011-02-18 21:56 - 01480722 _____ C:\Windows\system32\perfc008.dat
2013-08-14 00:28 - 2011-02-18 21:51 - 04392738 _____ C:\Windows\system32\prfh0404.dat
2013-08-14 00:28 - 2011-02-18 21:51 - 01498014 _____ C:\Windows\system32\prfc0404.dat
2013-08-14 00:28 - 2011-02-18 21:45 - 04684494 _____ C:\Windows\system32\prfh0816.dat
2013-08-14 00:28 - 2011-02-18 21:45 - 01525138 _____ C:\Windows\system32\prfc0816.dat
2013-08-14 00:28 - 2011-02-18 21:40 - 04695954 _____ C:\Windows\system32\perfh013.dat
2013-08-14 00:28 - 2011-02-18 21:40 - 01524188 _____ C:\Windows\system32\perfc013.dat
2013-08-14 00:28 - 2011-02-18 21:35 - 04694182 _____ C:\Windows\system32\perfh010.dat
2013-08-14 00:28 - 2011-02-18 21:35 - 01518610 _____ C:\Windows\system32\perfc010.dat
2013-08-14 00:28 - 2011-02-18 21:29 - 04699372 _____ C:\Windows\system32\perfh00C.dat
2013-08-14 00:28 - 2011-02-18 21:29 - 01521630 _____ C:\Windows\system32\perfc00C.dat
2013-08-14 00:28 - 2011-02-18 21:24 - 04648312 _____ C:\Windows\system32\perfh007.dat
2013-08-14 00:28 - 2011-02-18 21:24 - 01520574 _____ C:\Windows\system32\perfc007.dat
2013-08-14 00:28 - 2011-02-18 21:19 - 04698436 _____ C:\Windows\system32\perfh00A.dat
2013-08-14 00:28 - 2011-02-18 21:19 - 01528206 _____ C:\Windows\system32\perfc00A.dat
2013-08-14 00:28 - 2009-07-13 22:13 - 00005780 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 00:26 - 2013-08-13 23:50 - 00000000 ____D C:\Windows\erdnt
2013-08-14 00:19 - 2012-12-30 05:19 - 00000000 ____D C:\Users\versace\AppData\Roaming\uTorrent
2013-08-14 00:16 - 2012-06-29 17:59 - 00000000 ____D C:\Users\versace
2013-08-13 23:47 - 2013-08-13 23:47 - 00058520 _____ C:\Users\versace\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-13 23:46 - 2013-08-13 23:46 - 00000000 ____D C:\Users\versace\AppData\Local\Dirty
2013-08-13 15:24 - 2012-08-09 02:07 - 00000000 ____D C:\Users\versace\AppData\Local\Downloaded Installations
2013-08-13 09:03 - 2013-08-14 02:54 - 05102975 ____R (Swearware) C:\Users\versace\Desktop\ComboFix.exe
2013-08-13 08:49 - 2013-08-13 08:49 - 00000000 ____D C:\Users\versace\AppData\Roaming\Telefónica
2013-08-13 01:30 - 2013-08-13 01:30 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2013-08-13 01:07 - 2013-08-13 01:07 - 00000000 __RSH C:\MSDOS.SYS
2013-08-13 01:07 - 2013-08-13 01:07 - 00000000 __RSH C:\IO.SYS
2013-08-13 01:01 - 2009-07-28 22:10 - 00000000 ____D C:\Recovery
2013-08-11 12:43 - 2012-06-26 15:50 - 00002144 _____ C:\Windows\system32\AutoRunFilter.ini
2013-08-11 12:37 - 2013-08-11 12:37 - 00000000 ____D C:\Program Files (x86)\Dirty
2013-08-10 23:11 - 2012-08-16 08:30 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423716162-3940700756-3874099973-1001Core.job
2013-08-10 09:06 - 2013-08-10 08:25 - 00000000 ____D C:\Users\versace\Desktop\cori muzica
2013-08-03 14:55 - 2012-10-13 07:56 - 00000000 ____D C:\Users\versace\Desktop\muzica faina alin
2013-08-03 14:49 - 2012-07-20 04:26 - 00000000 ____D C:\Users\versace\Desktop\cori
2013-07-29 06:56 - 2013-01-26 10:34 - 00000000 ____D C:\Program Files (x86)\Mobile Partner Manager
2013-07-26 20:15 - 2013-01-27 07:20 - 00000000 ____D C:\Users\versace\Desktop\New folder (3)

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {8cb2d9b4-7c05-11de-842e-b4611d44fefa}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {8cb2d9b4-7c05-11de-842e-b4611d44fefa}
device                  ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {8cb2d9b5-7c05-11de-842e-b4611d44fefa}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi



LastRegBack: 2012-12-08 08:34

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013
Ran by versace at 2013-08-14 03:15:53
Running from C:\Users\versace\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.2.3.28705)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (x32 Version: 11.2.202.235)
AMD APP SDK Runtime (Version: 2.5.709.2)
AMD Catalyst Install Manager (Version: 3.0.838.0)
AMD Fuel (Version: 2011.0713.1830.31376)
AMD Media Foundation Decoders (Version: 1.0.60713.1822)
AMD VISION Engine Control Center (x32 Version: 2011.0713.1830.31376)
ASUS AI Recovery (x32 Version: 1.0.19)
ASUS FancyStart (x32 Version: 1.1.0)
ASUS LifeFrame3 (x32 Version: 3.0.27)
ASUS Live Update (x32 Version: 3.0.8)
ASUS Power4Gear Hybrid (Version: 1.1.50)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Virtual Camera (x32 Version: 1.0.21)
ASUS WebStorage (x32 Version: 3.0.84.161)
ASUS_Screensaver (x32)
AsusVibe2.0 (x32 Version: 2.0.4.617)
Atheros Client Installation Program (x32 Version: 7.0)
ATK Package (x32 Version: 1.0.0010)
BS.Player PRO (x32 Version: 2.57.1051)
Catalyst Control Center InstallProxy (x32 Version: 2011.0713.1830.31376)
Catalyst Control Center Localization All (x32 Version: 2011.0713.1830.31376)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0713.1830.31376)
CCC Help Chinese Standard (x32 Version: 2011.0713.1829.31376)
CCC Help Chinese Traditional (x32 Version: 2011.0713.1829.31376)
CCC Help Czech (x32 Version: 2011.0713.1829.31376)
CCC Help Danish (x32 Version: 2011.0713.1829.31376)
CCC Help Dutch (x32 Version: 2011.0713.1829.31376)
CCC Help English (x32 Version: 2011.0713.1829.31376)
CCC Help Finnish (x32 Version: 2011.0713.1829.31376)
CCC Help French (x32 Version: 2011.0713.1829.31376)
CCC Help German (x32 Version: 2011.0713.1829.31376)
CCC Help Greek (x32 Version: 2011.0713.1829.31376)
CCC Help Hungarian (x32 Version: 2011.0713.1829.31376)
CCC Help Italian (x32 Version: 2011.0713.1829.31376)
CCC Help Japanese (x32 Version: 2011.0713.1829.31376)
CCC Help Korean (x32 Version: 2011.0713.1829.31376)
CCC Help Norwegian (x32 Version: 2011.0713.1829.31376)
CCC Help Polish (x32 Version: 2011.0713.1829.31376)
CCC Help Portuguese (x32 Version: 2011.0713.1829.31376)
CCC Help Russian (x32 Version: 2011.0713.1829.31376)
CCC Help Spanish (x32 Version: 2011.0713.1829.31376)
CCC Help Swedish (x32 Version: 2011.0713.1829.31376)
CCC Help Thai (x32 Version: 2011.0713.1829.31376)
CCC Help Turkish (x32 Version: 2011.0713.1829.31376)
ccc-utility64 (Version: 2011.0713.1830.31376)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
D3DX10 (x32 Version: 15.4.2368.0902)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fast Boot (Version: 1.0.9)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Game Park Console (x32 Version: 6.2.1.1)
Google Chrome (x32 Version: 23.0.1271.97)
Google Update Helper (x32 Version: 1.3.21.123)
Governor of Poker (x32)
Jewel Quest 3 (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LG USB Modem Drivers (x32 Version: 4.9.7)
Luxor 3 (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mobile Connection Manager (x32)
Mobile Partner Manager (x32 Version: 1.0.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Nuance PDF Reader (x32 Version: 6.00.0041)
Plants vs Zombies (x32)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.42.304.2011)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)
syncables desktop SE (x32 Version: 5.5.746.11492)
TeamViewer 8 (x32 Version: 8.0.16447)
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.2013.194)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Ware PS/2-X64 8.0.5.1_WHQL (Version: 8.0.5.1)
Winamp (x32 Version: 5.63 )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.31.1)
Wireless Console 3 (x32 Version: 3.0.21)
World of Goo (x32)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
ZTE USB Driver (Version: 1.0.1.25_TME)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (x32 Version: 15.4.5722.2)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)
بريد Windows Live (x32 Version: 15.4.3502.0922)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-08-14 03:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {020D6924-D62A-45DE-8172-2D0DA3E651BF} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe No File
Task: {0E3F5BD1-C7A9-49D0-954D-D11DE911E247} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-11-17] (ASUSTeK Computer Inc.)
Task: {1036FA8C-9A4A-49B6-8DF2-1804A080F22A} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {3B715209-2AE8-42F6-B420-638A71B2FDEE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3423716162-3940700756-3874099973-1001Core => C:\Users\versace\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-19] (Facebook Inc.)
Task: {3DCDBC58-4EB8-4449-8C36-9AFFF610502F} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2011-11-24] (ASUSTek Computer Inc.)
Task: {3E384543-6D4D-4508-BAA0-5A43E3D49DB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29] (Adobe Systems Incorporated)
Task: {60F398C6-F009-4FEB-B4EF-955537F134F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12] (Google Inc.)
Task: {6AEB8533-53E4-47A1-9DC4-C9DE40E4C93C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {84A77F86-B445-48DE-B57F-B89B693CD5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12] (Google Inc.)
Task: {B9114850-9AE5-4BF5-B004-C0F841C23B68} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {E297F5BD-4C61-42BE-8E8B-EB278EA72B72} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3423716162-3940700756-3874099973-1001UA => C:\Users\versace\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-19] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423716162-3940700756-3874099973-1001Core.job => C:\Users\versace\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3423716162-3940700756-3874099973-1001UA.job => C:\Users\versace\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2013 03:15:53 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server

Error: (08/14/2013 03:15:53 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
   Instantiating VSS server

Error: (08/14/2013 03:14:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ASUSWSShellExt64.dll, version: 1.1.0.27, time stamp: 0x4c7f631d
Exception code: 0xc0000005
Fault offset: 0x00000000000051da
Faulting process id: 0x%9
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (08/14/2013 02:55:44 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (08/14/2013 02:55:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server

Error: (08/14/2013 02:55:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
   Instantiating VSS server

Error: (08/14/2013 02:54:05 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ASUSWSShellExt64.dll, version: 1.1.0.27, time stamp: 0x4c7f631d
Exception code: 0xc0000005
Fault offset: 0x00000000000051da
Faulting process id: 0x%9
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/14/2013 02:51:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ASUSWSShellExt64.dll, version: 1.1.0.27, time stamp: 0x4c7f631d
Exception code: 0xc0000005
Fault offset: 0x00000000000051da
Faulting process id: 0x%9
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (08/14/2013 02:50:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ASUSWSShellExt64.dll, version: 1.1.0.27, time stamp: 0x4c7f631d
Exception code: 0xc0000005
Fault offset: 0x00000000000051da
Faulting process id: 0x%9
Faulting application start time: 0xExplorer.exe0
Faulting application path: Explorer.exe1
Faulting module path: Explorer.exe2
Report Id: Explorer.exe3

Error: (08/14/2013 02:48:59 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ASUSWSShellExt64.dll, version: 1.1.0.27, time stamp: 0x4c7f631d
Exception code: 0xc0000005
Fault offset: 0x00000000000051da
Faulting process id: 0x%9
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3


System errors:
=============
Error: (08/14/2013 03:16:00 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume C: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/14/2013 03:15:55 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume OS encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/14/2013 03:15:50 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume OS encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/14/2013 03:15:45 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume OS encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/14/2013 03:15:40 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume OS encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/14/2013 03:15:35 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume OS encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/14/2013 03:15:29 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume C: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/14/2013 03:15:24 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume OS encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/14/2013 03:15:19 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume C: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/14/2013 03:15:14 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume OS encountered a non-retryable error and could not start.  The data contains the error code.


Microsoft Office Sessions:
=========================
Error: (08/14/2013 03:15:53 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (08/14/2013 03:15:53 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (08/14/2013 03:14:12 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da

Error: (08/14/2013 02:55:44 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (08/14/2013 02:55:44 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (08/14/2013 02:55:44 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (08/14/2013 02:54:05 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da

Error: (08/14/2013 02:51:41 AM) (Source: Application Error)(User: )
Description: Explorer.exe6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da

Error: (08/14/2013 02:50:21 AM) (Source: Application Error)(User: )
Description: Explorer.exe6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da

Error: (08/14/2013 02:48:59 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da


CodeIntegrity Errors:
===================================
  Date: 2013-08-14 03:07:32.777
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-14 03:07:30.827
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-14 00:16:24.131
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-14 00:16:22.089
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 4075.7 MB
Available physical RAM: 3052.28 MB
Total Pagefile: 8149.59 MB
Available Pagefile: 7300.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:78.07 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:148.06 GB) (Free:147.48 GB) NTFS (Disk=0 Partition=3)
Drive f: (DEEA) (Removable) (Total:3.75 GB) (Free:3.1 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B2A0A341)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=125 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 robert89

robert89
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 14 August 2013 - 07:11 AM

Resolved with format



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:15 AM

Posted 14 August 2013 - 07:30 AM

Portable\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\MalwarebytesPortable.exe
(Malwarebytes Corporation) C:\Users\versace\Desktop\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\Malwarebytes' Anti-Malware 1.62.0.1300 Portable\App\Anti-Malware\mbam.exe

This is a forged or illegal version of Malwarebytes Anti-Malware.

There was never a Portable version made, and Version 1.62.0.1300 is a few years old -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users