Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen of Death after malware removal.


  • This topic is locked This topic is locked
54 replies to this topic

#1 tienyboi

tienyboi

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 12 December 2013 - 01:12 AM

Hey guys my computer started to run very strange where my internet explorer kept freezing. I ran Malwarebytes and Spybot search and destroy and removed everything that was found in the list. After restarting the computer now I would get the BSOD after starting up after a couple mins or so later..

The blue screen would come up and the computer restarts to the login screen. If i don't login, a couple minutes later the blue screen would come up again and cycle like this. I've been running on safe mode and I don't seem to have the blue screen in this mode at least I don't think yet. And I am still noticing little ads on the corner of my internet explorer..

Where should I start with this?


Edited by tienyboi, 12 December 2013 - 01:13 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 17 December 2013 - 01:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517238 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 17 December 2013 - 06:57 AM

Hello, just stating that I do not have the original Windows CD available.
My DDS log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/1/2012 1:07:53 AM
System Uptime: 12/12/2013 6:35:04 PM (108 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-MA785GM-US2H
Processor: AMD Phenom™ II X4 965 Processor | Socket M2 | 3415/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 10.745 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 586 GiB total, 61.507 GiB free.
F: is FIXED (NTFS) - 10 GiB total, 1.312 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP393: 12/12/2013 6:27:41 PM - Scheduled Checkpoint
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:53 AM

Posted 17 December 2013 - 08:36 PM

Greetings tienyboi and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do these things.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Boot into Safe Mode
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Diagnose Blue Screen of Death (BSOD) Errors

--------------------
  • When you boot your machine into Normal Mode, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • BSOD information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 18 December 2013 - 12:12 AM

Hello, you can just call me Tien.
For the BSOD diagnoses I already have taking a photo of the BSOD when it occurred. Should I still "disable automatic restart after system failure"? 

BSOD information:
"Modification of system code or a critical data structure was detected."

Technical information:
STOP: 0x00000109 (0xA3A039D896F7C50A, 0xB3B7465EE97602C4, 0xFFFFF80000B96BB0, x0000000000006)
ntoskrnl.exe -- address: FFFFF80000B96BB0 base at FFFFF80000B95000, DateStamp 5149a99c
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2013 02
Ran by Tieny (administrator) on TIENY-PC on 18-12-2013 00:02:07
Running from C:\Users\Tieny\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [BitTorrent] - C:\Users\Tieny\AppData\Roaming\BitTorrent\BitTorrent.exe [895328 2013-11-20] (BitTorrent Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Tieny\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [AIM for Windows] - C:\Users\Tieny\AppData\Local\AOL\AIM\aim.exe [2930288 2012-11-11] (AOL Inc.)
HKCU\...\Run: [AIM] - C:\Program Files (x86)\AIM\aim.exe [67160 2004-12-08] (America Online, Inc.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKCU\...\Run: [Hobbyist Software VLC Streamer] - C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [1608008 2013-10-23] (Hobbyist Software)
HKCU\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKCU\...\Policies\Explorer: []
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2011-11-14] (Power Software Ltd)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKU\Mcx1-TIENY-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7DE635F8AAE0CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0B842F08-B64B-400A-A079-D9CA3D2A7B53} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {0B842F08-B64B-400A-A079-D9CA3D2A7B53} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tieny\AppData\Roaming\Mozilla\Firefox\Profiles\hznvlzhh.default-1386725631725
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Coupon Companion Plugin - C:\Program Files (x86)\Mozilla Firefox\extensions\extension21804@extension21804.com
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{5a6ec53c-ed35-40ac-82a4-8766b3559964}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:
=======
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Tieny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tieny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tieny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\Tieny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Skype Click to Call) - C:\Users\Tieny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_1
CHR Extension: (Google Wallet) - C:\Users\Tieny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Tieny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Tieny\AppData\Local\Temp\ccex.crx

==================== Services (Whitelisted) =================

S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 NetFlixDownloadManager; C:\Program Files\Luttmann\vmcNetFlix\NetFlixDownloadManager.exe [26624 2009-04-16] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4390376 2011-07-17] (INCA Internet Co., Ltd.)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4774 2012-03-06] (INCA Internet Co., Ltd.)
S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
U3 fgloipog; \??\C:\Users\Tieny\AppData\Local\Temp\fgloipog.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-17 23:49 - 2013-12-18 00:02 - 00013296 _____ C:\Users\Tieny\Desktop\FRST.txt
2013-12-17 23:49 - 2013-12-17 23:50 - 00027515 _____ C:\Users\Tieny\Desktop\Addition.txt
2013-12-17 23:49 - 2013-12-17 23:49 - 00000000 ____D C:\FRST
2013-12-17 23:48 - 2013-12-17 23:48 - 00000000 ____D C:\Users\Tieny\Desktop\New folder (2)
2013-12-17 23:47 - 2013-12-17 23:47 - 01928214 _____ (Farbar) C:\Users\Tieny\Desktop\FRST64.exe
2013-12-17 06:31 - 2013-12-17 06:31 - 00688992 ____R (Swearware) C:\Users\Tieny\Desktop\dds.com
2013-12-15 00:11 - 2013-12-15 00:11 - 00000000 ____D C:\Windows\Sun
2013-12-12 17:50 - 2013-12-12 17:50 - 00282664 _____ C:\Windows\Minidump\121213-154082-01.dmp
2013-12-12 17:04 - 2013-12-12 17:04 - 00282664 _____ C:\Windows\Minidump\121213-41465-01.dmp
2013-12-12 15:39 - 2013-12-12 15:39 - 00289128 _____ C:\Windows\Minidump\121213-50840-01.dmp
2013-12-12 15:09 - 2013-12-12 15:09 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-12 14:07 - 2013-12-12 14:08 - 00285600 _____ C:\Windows\Minidump\121213-78016-01.dmp
2013-12-12 13:31 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 13:31 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 13:31 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 13:31 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 13:29 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 13:29 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 13:29 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 13:29 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 13:29 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 13:29 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 13:29 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 13:29 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 13:29 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 13:29 - 2013-10-25 01:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 13:29 - 2013-10-25 01:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-12 13:29 - 2013-10-25 01:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 13:29 - 2013-10-25 01:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 13:29 - 2013-10-25 01:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 13:29 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 13:29 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 13:29 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 13:29 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 13:29 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 13:29 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 13:29 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-12 13:29 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-12 13:29 - 2013-10-24 23:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 13:29 - 2013-10-24 23:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-12 13:29 - 2013-10-24 23:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-12 13:29 - 2013-10-24 23:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 13:29 - 2013-10-24 23:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-12 13:29 - 2013-10-24 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 13:29 - 2013-10-24 22:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 13:29 - 2013-10-24 22:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-12 13:29 - 2013-10-24 21:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-12 00:48 - 2013-12-12 00:48 - 00286168 _____ C:\Windows\Minidump\121213-22916-01.dmp
2013-12-12 00:24 - 2013-12-12 00:24 - 00017787 _____ C:\ComboFix.txt
2013-12-11 23:57 - 2013-12-12 00:10 - 00000000 ____D C:\AdwCleaner
2013-12-11 23:33 - 2013-12-11 23:33 - 00282664 _____ C:\Windows\Minidump\121113-19078-01.dmp
2013-12-11 22:08 - 2013-12-11 22:08 - 00282664 _____ C:\Windows\Minidump\121113-19172-01.dmp
2013-12-11 21:23 - 2013-12-11 21:23 - 00282664 _____ C:\Windows\Minidump\121113-17425-01.dmp
2013-12-11 20:18 - 2013-12-11 20:18 - 00283848 _____ C:\Windows\Minidump\121113-17066-01.dmp
2013-12-11 19:33 - 2013-12-11 19:33 - 00284256 _____ C:\Windows\Minidump\121113-17378-01.dmp
2013-12-11 18:21 - 2013-12-11 18:21 - 00282664 _____ C:\Windows\Minidump\121113-17331-01.dmp
2013-12-11 17:26 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 17:26 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 17:26 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 17:26 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 17:26 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 17:26 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 17:26 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 17:26 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 17:26 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 17:26 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 17:26 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 17:26 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 17:26 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 17:26 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 17:26 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 17:26 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 17:26 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 17:26 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 17:26 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 17:17 - 2013-12-11 17:17 - 00282664 _____ C:\Windows\Minidump\121113-15568-01.dmp
2013-12-11 16:32 - 2013-12-11 16:32 - 00282664 _____ C:\Windows\Minidump\121113-16395-01.dmp
2013-12-11 15:47 - 2013-12-11 15:47 - 00288160 _____ C:\Windows\Minidump\121113-18142-01.dmp
2013-12-11 10:40 - 2013-12-11 10:40 - 00291952 _____ C:\Windows\Minidump\121113-19281-01.dmp
2013-12-11 09:56 - 2013-12-11 09:56 - 00283864 _____ C:\Windows\Minidump\121113-20358-01.dmp
2013-12-11 09:41 - 2013-12-11 09:41 - 00283544 _____ C:\Windows\Minidump\121113-21855-01.dmp
2013-12-10 03:00 - 2013-12-11 03:01 - 00009367 _____ C:\Windows\IE11_main.log
2013-12-01 22:43 - 2013-12-01 23:25 - 00012800 _____ C:\Users\Tieny\Documents\442HWNEW.O01
2013-12-01 22:43 - 2013-12-01 23:25 - 00004677 _____ C:\Users\Tieny\Documents\442HWNEW.r01
2013-12-01 22:43 - 2013-12-01 23:25 - 00000122 _____ C:\Users\Tieny\Documents\442HWNEW.p01.comp_msgs.txt
2013-12-01 22:40 - 2013-12-02 00:24 - 00000582 _____ C:\Users\Tieny\Documents\442HWNEW.f02
2013-12-01 22:30 - 2013-12-02 00:24 - 00003134 _____ C:\Users\Tieny\Documents\442HWNEW.p01
2013-12-01 22:30 - 2013-12-01 22:30 - 00000328 _____ C:\Users\Tieny\Documents\442HWNEW.f01
2013-12-01 22:29 - 2013-12-02 00:15 - 00000582 _____ C:\Users\Tieny\Documents\Backup.f01
2013-12-01 22:29 - 2013-12-01 22:52 - 00002825 _____ C:\Users\Tieny\Documents\442HWNEW.g01
2013-12-01 22:29 - 2013-12-01 22:29 - 00002820 _____ C:\Users\Tieny\Documents\Backup.g01
2013-12-01 22:01 - 2013-12-02 00:24 - 00000580 _____ C:\Users\Tieny\Documents\442HWNEW.prj
2013-12-01 22:01 - 2013-12-01 22:01 - 00000275 _____ C:\Users\Tieny\Documents\442HW.f02
2013-12-01 21:59 - 2013-12-01 21:59 - 00000487 _____ C:\Users\Tieny\Documents\442HECHW.prj
2013-12-01 18:04 - 2013-12-01 18:06 - 00000000 ____D C:\Users\Tieny\Desktop\New folder (3)
2013-11-28 09:30 - 2013-11-28 09:30 - 00001371 _____ C:\Users\UpdatusUser\Desktop\iTunes Backup Password Recovery Standard.lnk
2013-11-28 09:30 - 2013-11-28 09:30 - 00001371 _____ C:\Users\Mcx1-TIENY-PC\Desktop\iTunes Backup Password Recovery Standard.lnk
2013-11-28 09:30 - 2013-11-28 09:30 - 00000000 ____D C:\Users\Tieny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iTunes Backup Password Recovery Standard
2013-11-28 09:30 - 2013-11-28 09:30 - 00000000 ____D C:\Program Files (x86)\iTunes Backup Password Recovery Standard
2013-11-23 09:51 - 2013-12-01 14:29 - 00000000 ____D C:\Users\Tieny\Desktop\New folder
2013-11-19 01:12 - 2013-11-19 01:21 - 00000204 ____H C:\Users\Tieny\Desktop\Road Water Regrading.dwl2
2013-11-19 01:12 - 2013-11-19 01:21 - 00000054 ____H C:\Users\Tieny\Desktop\Road Water Regrading.dwl

==================== One Month Modified Files and Folders =======

2013-12-18 00:02 - 2013-12-17 23:49 - 00013296 _____ C:\Users\Tieny\Desktop\FRST.txt
2013-12-17 23:58 - 2013-05-14 09:35 - 00000000 ____D C:\Users\Tieny\Desktop\Insurance
2013-12-17 23:50 - 2013-12-17 23:49 - 00027515 _____ C:\Users\Tieny\Desktop\Addition.txt
2013-12-17 23:49 - 2013-12-17 23:49 - 00000000 ____D C:\FRST
2013-12-17 23:48 - 2013-12-17 23:48 - 00000000 ____D C:\Users\Tieny\Desktop\New folder (2)
2013-12-17 23:47 - 2013-12-17 23:47 - 01928214 _____ (Farbar) C:\Users\Tieny\Desktop\FRST64.exe
2013-12-17 06:31 - 2013-12-17 06:31 - 00688992 ____R (Swearware) C:\Users\Tieny\Desktop\dds.com
2013-12-17 03:05 - 2012-02-01 01:04 - 01931227 _____ C:\Windows\WindowsUpdate.log
2013-12-16 11:32 - 2009-07-14 00:13 - 00779132 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-16 08:26 - 2009-07-13 23:51 - 00072332 _____ C:\Windows\setupact.log
2013-12-15 00:11 - 2013-12-15 00:11 - 00000000 ____D C:\Windows\Sun
2013-12-12 19:17 - 2012-05-10 08:50 - 00000000 ____D C:\Users\Tieny\Desktop\playlist
2013-12-12 19:15 - 2012-07-26 20:34 - 00000000 ____D C:\Users\Tieny\Desktop\CEIE
2013-12-12 19:07 - 2012-03-22 17:54 - 00000000 ____D C:\Users\Tieny\AppData\Roaming\vlc
2013-12-12 18:57 - 2012-07-28 23:22 - 00000000 ____D C:\Users\Tieny\Desktop\salev
2013-12-12 18:29 - 2012-02-03 12:19 - 00000000 ____D C:\Users\Tieny\AppData\Roaming\BitTorrent
2013-12-12 18:29 - 2012-02-01 01:45 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 18:08 - 2012-02-01 01:45 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-12 17:58 - 2009-07-13 23:45 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 17:58 - 2009-07-13 23:45 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 17:52 - 2012-08-12 23:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 17:51 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 17:50 - 2013-12-12 17:50 - 00282664 _____ C:\Windows\Minidump\121213-154082-01.dmp
2013-12-12 17:50 - 2013-04-03 08:43 - 00000000 ____D C:\Windows\Minidump
2013-12-12 17:50 - 2012-02-01 01:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-12 17:04 - 2013-12-12 17:04 - 00282664 _____ C:\Windows\Minidump\121213-41465-01.dmp
2013-12-12 15:39 - 2013-12-12 15:39 - 00289128 _____ C:\Windows\Minidump\121213-50840-01.dmp
2013-12-12 15:20 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 15:09 - 2013-12-12 15:09 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-12 15:09 - 2012-02-01 01:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 14:48 - 2013-10-09 03:09 - 00000000 ____D C:\Windows\rescache
2013-12-12 14:11 - 2009-07-13 23:45 - 00491040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 14:08 - 2013-12-12 14:07 - 00285600 _____ C:\Windows\Minidump\121213-78016-01.dmp
2013-12-12 13:28 - 2012-02-03 12:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 13:19 - 2012-02-01 06:16 - 00057852 _____ C:\Windows\PFRO.log
2013-12-12 00:48 - 2013-12-12 00:48 - 00286168 _____ C:\Windows\Minidump\121213-22916-01.dmp
2013-12-12 00:24 - 2013-12-12 00:24 - 00017787 _____ C:\ComboFix.txt
2013-12-12 00:24 - 2012-08-18 11:10 - 00000000 ____D C:\Qoobox
2013-12-12 00:21 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-12-12 00:11 - 2009-07-14 00:08 - 00032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-12 00:10 - 2013-12-11 23:57 - 00000000 ____D C:\AdwCleaner
2013-12-12 00:00 - 2013-11-16 10:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 23:33 - 2013-12-11 23:33 - 00282664 _____ C:\Windows\Minidump\121113-19078-01.dmp
2013-12-11 22:08 - 2013-12-11 22:08 - 00282664 _____ C:\Windows\Minidump\121113-19172-01.dmp
2013-12-11 21:23 - 2013-12-11 21:23 - 00282664 _____ C:\Windows\Minidump\121113-17425-01.dmp
2013-12-11 20:18 - 2013-12-11 20:18 - 00283848 _____ C:\Windows\Minidump\121113-17066-01.dmp
2013-12-11 19:33 - 2013-12-11 19:33 - 00284256 _____ C:\Windows\Minidump\121113-17378-01.dmp
2013-12-11 18:21 - 2013-12-11 18:21 - 00282664 _____ C:\Windows\Minidump\121113-17331-01.dmp
2013-12-11 17:17 - 2013-12-11 17:17 - 00282664 _____ C:\Windows\Minidump\121113-15568-01.dmp
2013-12-11 16:32 - 2013-12-11 16:32 - 00282664 _____ C:\Windows\Minidump\121113-16395-01.dmp
2013-12-11 15:47 - 2013-12-11 15:47 - 00288160 _____ C:\Windows\Minidump\121113-18142-01.dmp
2013-12-11 12:28 - 2012-08-05 15:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-11 10:40 - 2013-12-11 10:40 - 00291952 _____ C:\Windows\Minidump\121113-19281-01.dmp
2013-12-11 09:56 - 2013-12-11 09:56 - 00283864 _____ C:\Windows\Minidump\121113-20358-01.dmp
2013-12-11 09:41 - 2013-12-11 09:41 - 00283544 _____ C:\Windows\Minidump\121113-21855-01.dmp
2013-12-11 08:57 - 2013-10-08 23:42 - 00000000 __SHD C:\Users\Tieny\AppData\Roaming\gedhrevb
2013-12-11 03:01 - 2013-12-10 03:00 - 00009367 _____ C:\Windows\IE11_main.log
2013-12-10 21:52 - 2012-08-12 23:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 21:52 - 2012-08-12 23:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 21:52 - 2012-02-01 01:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 19:03 - 2012-02-01 01:45 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 19:03 - 2012-02-01 01:45 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-02 12:26 - 2012-12-05 09:44 - 00000000 ____D C:\Users\Tieny\Desktop\boards sale
2013-12-02 00:24 - 2013-12-01 22:40 - 00000582 _____ C:\Users\Tieny\Documents\442HWNEW.f02
2013-12-02 00:24 - 2013-12-01 22:30 - 00003134 _____ C:\Users\Tieny\Documents\442HWNEW.p01
2013-12-02 00:24 - 2013-12-01 22:01 - 00000580 _____ C:\Users\Tieny\Documents\442HWNEW.prj
2013-12-02 00:15 - 2013-12-01 22:29 - 00000582 _____ C:\Users\Tieny\Documents\Backup.f01
2013-12-01 23:35 - 2012-11-13 12:30 - 00003134 _____ C:\Users\Tieny\Documents\Backup.p01
2013-12-01 23:25 - 2013-12-01 22:43 - 00012800 _____ C:\Users\Tieny\Documents\442HWNEW.O01
2013-12-01 23:25 - 2013-12-01 22:43 - 00004677 _____ C:\Users\Tieny\Documents\442HWNEW.r01
2013-12-01 23:25 - 2013-12-01 22:43 - 00000122 _____ C:\Users\Tieny\Documents\442HWNEW.p01.comp_msgs.txt
2013-12-01 22:52 - 2013-12-01 22:29 - 00002825 _____ C:\Users\Tieny\Documents\442HWNEW.g01
2013-12-01 22:30 - 2013-12-01 22:30 - 00000328 _____ C:\Users\Tieny\Documents\442HWNEW.f01
2013-12-01 22:29 - 2013-12-01 22:29 - 00002820 _____ C:\Users\Tieny\Documents\Backup.g01
2013-12-01 22:01 - 2013-12-01 22:01 - 00000275 _____ C:\Users\Tieny\Documents\442HW.f02
2013-12-01 22:01 - 2012-11-13 11:56 - 00000562 _____ C:\Users\Tieny\Documents\442HW.prj
2013-12-01 21:59 - 2013-12-01 21:59 - 00000487 _____ C:\Users\Tieny\Documents\442HECHW.prj
2013-12-01 18:06 - 2013-12-01 18:04 - 00000000 ____D C:\Users\Tieny\Desktop\New folder (3)
2013-12-01 14:29 - 2013-11-23 09:51 - 00000000 ____D C:\Users\Tieny\Desktop\New folder
2013-11-29 18:06 - 2012-02-21 21:57 - 00000000 ____D C:\Users\Tieny\Desktop\circuits
2013-11-28 09:30 - 2013-11-28 09:30 - 00001371 _____ C:\Users\UpdatusUser\Desktop\iTunes Backup Password Recovery Standard.lnk
2013-11-28 09:30 - 2013-11-28 09:30 - 00001371 _____ C:\Users\Mcx1-TIENY-PC\Desktop\iTunes Backup Password Recovery Standard.lnk
2013-11-28 09:30 - 2013-11-28 09:30 - 00000000 ____D C:\Users\Tieny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iTunes Backup Password Recovery Standard
2013-11-28 09:30 - 2013-11-28 09:30 - 00000000 ____D C:\Program Files (x86)\iTunes Backup Password Recovery Standard
2013-11-23 13:26 - 2013-12-11 17:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 12:47 - 2013-12-11 17:26 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-19 01:21 - 2013-11-19 01:12 - 00000204 ____H C:\Users\Tieny\Desktop\Road Water Regrading.dwl2
2013-11-19 01:21 - 2013-11-19 01:12 - 00000054 ____H C:\Users\Tieny\Desktop\Road Water Regrading.dwl

ZeroAccess:
C:\Windows\Installer\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040}
ZeroAccess:
C:\Users\Tieny\AppData\Local\Google\Desktop\Install

ZeroAccess:
C:\Users\Tieny\AppData\Local\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040}
C:\Users\Tieny\AppData\Local\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040}\@

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-10 00:27

==================== End Of Log ============================

 

 

 

 

\

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2013 02
Ran by Tieny at 2013-12-18 00:02:22
Running from C:\Users\Tieny\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Aeria Ignite (x32 Version: 1.13.3296)
AIM for Windows (HKCU)
Akamai NetSession Interface (HKCU)
AOL Instant Messenger (x32)
A-PDF Image Converter Pro (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0 (x32)
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0)
Autodesk 360 (Version: 4.0.27.1)
Autodesk App Manager (x32 Version: 1.1.0)
Autodesk AutoCAD 2014 - English (Version: 19.1.18.0)
Autodesk AutoCAD Civil 3D 2014 - English (Version: 10.3.525.0)
Autodesk AutoCAD Civil 3D 2014 (Version: 10.3.525.0)
Autodesk AutoCAD Civil 3D 2014 32 Bit Object Enabler on Autodesk® Storm and Sanitary Analysis 2014 - Language Neutral (x32 Version: 525.0)
Autodesk AutoCAD Civil 3D 2014 64 Bit Object Enabler on AutoCAD 2014 - English - English (United States) (Version: 525.0)
Autodesk AutoCAD Civil 3D 2014 64 Bit Object Enabler on Autodesk 360 - Language Neutral (Version: 525.0)
Autodesk AutoCAD Civil 3D 2014 Language Pack - English (Version: 10.3.525.0)
Autodesk Content Service (x32 Version: 3.1.3.0)
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0)
Autodesk Featured Apps (x32 Version: 1.1.0)
Autodesk Material Library 2014 (x32 Version: 4.0.19.0)
Autodesk Material Library Base Resolution Image Library 2014 (x32 Version: 4.0.19.0)
Autodesk ReCap (Version: 1.0.43.13)
Autodesk ReCap Language Pack-English (Version: 1.0.43.13)
Autodesk® Storm and Sanitary Analysis 2014 (x32 Version: 8.1.46)
Autodesk® Storm and Sanitary Analysis 2014 x64 Plug-in (Version: 8.1.46)
BitTorrent (HKCU Version: 7.8.2.30332)
Bonjour (Version: 3.0.0.10)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DiskAid 5.45 (x32 Version: 5.45)
EPANET 2.0 (x32)
ESET Online Scanner v3 (x32)
FARO LS 1.1.501.0 (64bit) (x32 Version: 5.1.0.30630)
Google Chrome (x32 Version: 31.0.1650.63)
Google Earth (x32 Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
GunZ (x32)
HEC-RAS 4.1.0 (x32 Version: 4.1.0)
HY-8 7.30 (x32 Version: 7.30.8)
iExplorer 3.2.5.0 (x32)
iTunes (Version: 11.1.1.11)
iTunes Backup Password Recovery Standard  (x32 Version: )
Japanese Fonts Support For Adobe Reader X (x32 Version: 10.0.0)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.6.0)
Java™ 7 Update 5 (x32 Version: 7.0.50)
JavaFX 2.1.1 (x32 Version: 2.1.1)
JDownloader 0.9 (x32 Version: 0.9)
KUSO EXIF Viewer (x32)
LAME v3.99.3 (for Windows) (x32)
League of Legends (x32 Version: 3.0.0)
Macro Recorder (HKCU Version: 5.0.0.153)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual Basic PowerPacks 10.0 (x32 Version: 10.0.20911)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
Mumble 1.2.3 (x32 Version: 1.2.3)
Netflix in Windows Media Center (x32 Version: 3.3.101.0)
NVIDIA 3D Vision Controller Driver 295.73 (Version: 295.73)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0209)
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Pando Media Booster (x32 Version: 2.6.0.7)
PDF Report Writer (novaPDF 6.4  printer)
plist Editor for Windows 1.0.2 (x32 Version: 1.0.2)
PowerISO (x32 Version: 4.9)
REACTOR (x32 Version: 1.00.0000)
Recuva (Version: 1.44)
SketchUp Import for AutoCAD 2014 (x32 Version: 1.1.0)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.0 (x32 Version: 6.0.126)
Spybot - Search & Destroy (x32 Version: 1.6.2)
StarCraft II (x32 Version: 2.0.8.25604)
TeamViewer 7 (x32 Version: 7.0.12541)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Vista Media Center vmcNetFlix Add-In x64 (Version: 1.1.14)
VLC media player 2.0.1 (x32 Version: 2.0.1)
VLC Streamer 4.23 (x32)
WinRAR 4.10 (64-bit) (Version: 4.10.0)
WinSCP 4.3.9 (x32 Version: 4.3.9)

==================== Restore Points  =========================

12-12-2013 23:27:41 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-12-10 20:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {111A66F7-2BC0-433C-9F5E-F703F7728D57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01] (Google Inc.)
Task: {29806F20-C21C-4FAF-ABDC-BC387F6047B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01] (Google Inc.)
Task: {332C4E85-14EC-4566-83BF-CF9FA988353B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {584A387B-CC75-4C89-85B4-E55F9E1B84AE} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-TIENY-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {64B1127D-EBDF-4F61-B373-5913BA8B1FDD} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe
Task: {70947553-46CA-494A-913F-8BF8D566309F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {C1FAEF32-98A0-4A18-9976-C6602DB58AA7} - System32\Tasks\Updater21804.exe => C:\Users\Tieny\AppData\Local\Updater21804\Updater21804.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 23:17 - 2010-01-09 23:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 04:40 - 2010-01-21 04:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-02-03 13:05 - 2012-01-09 22:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-19 12:51 - 2012-09-19 12:51 - 00261608 _____ () C:\Program Files\Java\jre7\bin\jp2iexp.dll
2012-09-19 12:51 - 2012-09-19 12:51 - 00017896 _____ () C:\Program Files\Java\jre7\bin\jp2native.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2013 00:52:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: uy9d4u8t.exe, version: 2.1.19163.0, time stamp: 0x515d31f0
Faulting module name: uy9d4u8t.exe, version: 2.1.19163.0, time stamp: 0x515d31f0
Exception code: 0xc0000005
Fault offset: 0x0008c8ae
Faulting process id: 0x6f4
Faulting application start time: 0xuy9d4u8t.exe0
Faulting application path: uy9d4u8t.exe1
Faulting module path: uy9d4u8t.exe2
Report Id: uy9d4u8t.exe3

Error: (12/12/2013 00:24:16 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.

Program: Windows Explorer
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (12/12/2013 00:24:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x0000000002400000
Faulting process id: 0x3d8
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (12/11/2013 07:40:13 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(3c:d0:f8:19:19:57@fe80::3ed0:f8ff:fe19:1957._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (12/08/2013 09:48:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: winamp.exe, version: 5.5.7.2830, time stamp: 0x4b4e4d1e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00033ac5
Faulting process id: 0x8b60
Faulting application start time: 0xwinamp.exe0
Faulting application path: winamp.exe1
Faulting module path: winamp.exe2
Report Id: winamp.exe3

Error: (12/08/2013 11:05:32 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 25.0.1.5064 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3fe0

Start Time: 01cef428c905e1b5

Termination Time: 320

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 8c091719-6022-11e3-890b-1c6f6544a88c

Error: (12/08/2013 10:30:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x22e5f884
Faulting process id: 0x3fe0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/06/2013 02:36:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: WSCommCntr4.exe, version: 4.0.3.0, time stamp: 0x50dcb523
Faulting module name: WSCommCntr4.exe, version: 4.0.3.0, time stamp: 0x50dcb523
Exception code: 0xc0000005
Fault offset: 0x0000000000016490
Faulting process id: 0x5f20
Faulting application start time: 0xWSCommCntr4.exe0
Faulting application path: WSCommCntr4.exe1
Faulting module path: WSCommCntr4.exe2
Report Id: WSCommCntr4.exe3

Error: (12/06/2013 02:34:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: acad.exe, version: 25.1.18.0, time stamp: 0x5114be09
Faulting module name: QtCore_Ad_SyncNs_4.dll_unloaded, version: 0.0.0.0, time stamp: 0x50d3fca7
Exception code: 0xc0000005
Fault offset: 0x00000000665265fe
Faulting process id: 0x7994
Faulting application start time: 0xacad.exe0
Faulting application path: acad.exe1
Faulting module path: acad.exe2
Report Id: acad.exe3

Error: (12/03/2013 07:12:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: iExplorer.exe, version: 3.2.5.0, time stamp: 0x5282b940
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x069e6e17
Faulting process id: 0x6634
Faulting application start time: 0xiExplorer.exe0
Faulting application path: iExplorer.exe1
Faulting module path: iExplorer.exe2
Report Id: iExplorer.exe3

System errors:
=============
Error: (12/18/2013 00:01:12 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/18/2013 00:01:12 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/18/2013 00:01:12 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/17/2013 11:59:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/17/2013 11:59:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/17/2013 11:59:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/17/2013 11:57:19 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/17/2013 11:54:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/17/2013 11:54:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/17/2013 11:54:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (12/12/2013 00:52:03 AM) (Source: Application Error)(User: )
Description: uy9d4u8t.exe2.1.19163.0515d31f0uy9d4u8t.exe2.1.19163.0515d31f0c00000050008c8ae6f401cef6fe24101da3C:\Users\Tieny\Desktop\uy9d4u8t.exeC:\Users\Tieny\Desktop\uy9d4u8t.exe85ed3b37-62f1-11e3-8cc8-1c6f6544a88c

Error: (12/12/2013 00:24:16 AM) (Source: Application Error)(User: )
Description: Windows Explorer000000000

Error: (12/12/2013 00:24:16 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c000009600000000024000003d801cef6fa5f2194d0C:\Windows\explorer.exeunknowna4302448-62ed-11e3-a20c-1c6f6544a88c

Error: (12/11/2013 07:40:13 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(3c:d0:f8:19:19:57@fe80::3ed0:f8ff:fe19:1957._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (12/08/2013 09:48:39 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.7.28304b4e4d1entdll.dll6.1.7601.18247521ea8e7c000000500033ac58b6001cef48923224273C:\Program Files (x86)\Winamp\winamp.exeC:\Windows\SysWOW64\ntdll.dll680ea3cf-607c-11e3-890b-1c6f6544a88c

Error: (12/08/2013 11:05:32 AM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.1.50643fe001cef428c905e1b5320C:\Program Files (x86)\Mozilla Firefox\firefox.exe8c091719-6022-11e3-890b-1c6f6544a88c

Error: (12/08/2013 10:30:08 AM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204unknown0.0.0.000000000c000000522e5f8843fe001cef428c905e1b5C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknown9e226968-601d-11e3-890b-1c6f6544a88c

Error: (12/06/2013 02:36:11 AM) (Source: Application Error)(User: )
Description: WSCommCntr4.exe4.0.3.050dcb523WSCommCntr4.exe4.0.3.050dcb523c000000500000000000164905f2001cef049c56fcde0C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exeC:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe13a145c6-5e49-11e3-890b-1c6f6544a88c

Error: (12/06/2013 02:34:37 AM) (Source: Application Error)(User: )
Description: acad.exe25.1.18.05114be09QtCore_Ad_SyncNs_4.dll_unloaded0.0.0.050d3fca7c000000500000000665265fe799401cef0497d95e435C:\Program Files\Autodesk\Autodesk AutoCAD Civil 3D 2014\acad.exeQtCore_Ad_SyncNs_4.dlldb755765-5e48-11e3-890b-1c6f6544a88c

Error: (12/03/2013 07:12:25 AM) (Source: Application Error)(User: )
Description: iExplorer.exe3.2.5.05282b940unknown0.0.0.000000000c0000005069e6e17663401cef01f4f095724C:\Program Files (x86)\iExplorer\iExplorer.exeunknown2b7aca9a-5c14-11e3-890b-1c6f6544a88c

CodeIntegrity Errors:
===================================
  Date: 2013-12-10 20:47:50.250
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-10 20:47:50.016
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-10 20:47:49.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-10 20:47:49.626
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-07 16:09:33.471
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-07 16:09:33.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-07 16:09:33.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-07 16:09:32.769
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-16 09:50:02.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-16 09:50:02.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 5117.45 MB
Available physical RAM: 3156.52 MB
Total Pagefile: 10233.09 MB
Available Pagefile: 8368.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:10.62 GB) NTFS
Drive e: (HP) (Fixed) (Total:586.47 GB) (Free:61.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (FACTORY_IMAGE) (Fixed) (Total:9.7 GB) (Free:1.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: E317EBEB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: FE6287F7)
Partition 1: (Active) - (Size=586 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================


 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:53 AM

Posted 18 December 2013 - 09:02 AM

Greetings Tien,
 

Should I still "disable automatic restart after system failure"?

Yes please. The BSOD information is not always the same from event to event. (Upon further review no need for this)

Your computer is quite ill. Please consider and do the following for me.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\Mcx1-TIENY-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
U3 fgloipog; \??\C:\Users\Tieny\AppData\Local\Temp\fgloipog.sys [x]
C:\Users\Tieny\AppData\Local\Temp\fgloipog.sys
C:\Users\Tieny\Desktop\uy9d4u8t.exe
ZeroAccess:
C:\Windows\Installer\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040}
ZeroAccess:
C:\Users\Tieny\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Users\Tieny\AppData\Local\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040}
C:\Users\Tieny\AppData\Local\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040}\@
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Edited by Oh My, 18 December 2013 - 09:38 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 18 December 2013 - 12:11 PM

I never used this PC to do any money transactions. I never trusted Windows in the first place due to its vulnerability to attacks, and I always used my Apple Mac products to do all my transactions.  

I never used Bittorrent for some time now I may just get rid of it.

Heres the log, I'll restart into normal mode and see if I get anymore BSOD soon after.

So far its running a bit sluggish when opening up programs. and I still have little pop up ads on my firefox.
 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2013 02
Ran by Tieny at 2013-12-18 12:04:14 Run:1
Running from C:\Users\Tieny\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
HKU\Mcx1-TIENY-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
U3 fgloipog; \??\C:\Users\Tieny\AppData\Local\Temp\fgloipog.sys [x]
C:\Users\Tieny\AppData\Local\Temp\fgloipog.sys
C:\Users\Tieny\Desktop\uy9d4u8t.exe
ZeroAccess:
C:\Windows\Installer\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040}
ZeroAccess:
C:\Users\Tieny\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Users\Tieny\AppData\Local\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040}
C:\Users\Tieny\AppData\Local\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040}\@
*****************

HKU\Mcx1-TIENY-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
fgloipog => Service deleted successfully.
"C:\Users\Tieny\AppData\Local\Temp\fgloipog.sys" => File/Directory not found.
"C:\Users\Tieny\Desktop\uy9d4u8t.exe" => File/Directory not found.
C:\Windows\Installer\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040} => Moved successfully.
C:\Users\Tieny\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Users\Tieny\AppData\Local\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040} => Moved successfully.
"C:\Users\Tieny\AppData\Local\{d9bcfe60-3d6a-9bf5-07e1-6a12fed29040}\@" => File/Directory not found.

==== End of Fixlog ====



 


Edited by tienyboi, 18 December 2013 - 12:19 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:53 AM

Posted 18 December 2013 - 12:24 PM

OK.  After you are able to provide a full update on how things are running we will take our next steps.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 18 December 2013 - 01:15 PM

Looks like the BSOD is still happening. Computer is acting a little sluggish.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:53 AM

Posted 18 December 2013 - 02:25 PM

Greetings,

Please run this program. If necessary do so in Safe Mode.

===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 19 December 2013 - 10:39 AM

==================================================
Dump File         : 121213-154082-01.dmp
Crash Time        : 12/12/2013 5:47:16 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`96760687
Parameter 2       : b3b7465e`e8f44431
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121213-154082-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 282,664
Dump File Time    : 12/12/2013 5:50:56 PM
==================================================

==================================================
Dump File         : 121213-41465-01.dmp
Crash Time        : 12/12/2013 5:02:47 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`967f44ff
Parameter 2       : b3b7465e`e8fd82a9
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121213-41465-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 282,664
Dump File Time    : 12/12/2013 5:04:28 PM
==================================================

==================================================
Dump File         : 121213-50840-01.dmp
Crash Time        : 12/12/2013 3:37:46 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`995e787b
Parameter 2       : b3b7465e`ebdcb625
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121213-50840-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 289,128
Dump File Time    : 12/12/2013 3:39:36 PM
==================================================

==================================================
Dump File         : 121213-78016-01.dmp
Crash Time        : 12/12/2013 2:05:19 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`99cf3609
Parameter 2       : b3b7465e`ec4d73b3
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121213-78016-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 285,600
Dump File Time    : 12/12/2013 2:08:02 PM
==================================================

==================================================
Dump File         : 121213-22916-01.dmp
Crash Time        : 12/12/2013 12:47:23 AM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`99dd1acb
Parameter 2       : b3b7465e`ec5b5875
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121213-22916-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 286,168
Dump File Time    : 12/12/2013 12:48:30 AM
==================================================

==================================================
Dump File         : 121113-19078-01.dmp
Crash Time        : 12/11/2013 11:32:04 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`98cbb8f1
Parameter 2       : b3b7465e`eb49f69b
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-19078-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 282,664
Dump File Time    : 12/11/2013 11:33:27 PM
==================================================

==================================================
Dump File         : 121113-19172-01.dmp
Crash Time        : 12/11/2013 10:06:59 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`984fa8db
Parameter 2       : b3b7465e`eacde695
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-19172-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 282,664
Dump File Time    : 12/11/2013 10:08:25 PM
==================================================

==================================================
Dump File         : 121113-17425-01.dmp
Crash Time        : 12/11/2013 9:22:04 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`977315a6
Parameter 2       : b3b7465e`e9f15350
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-17425-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 282,664
Dump File Time    : 12/11/2013 9:23:37 PM
==================================================

==================================================
Dump File         : 121113-17066-01.dmp
Crash Time        : 12/11/2013 8:17:04 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`98fbb510
Parameter 2       : b3b7465e`eb79f2ba
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-17066-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 283,848
Dump File Time    : 12/11/2013 8:18:30 PM
==================================================

==================================================
Dump File         : 121113-17378-01.dmp
Crash Time        : 12/11/2013 7:31:58 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`98c2a79f
Parameter 2       : b3b7465e`eb40e549
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-17378-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 284,256
Dump File Time    : 12/11/2013 7:33:24 PM
==================================================

==================================================
Dump File         : 121113-17331-01.dmp
Crash Time        : 12/11/2013 6:19:56 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`97beba6c
Parameter 2       : b3b7465e`ea3cf826
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-17331-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 282,664
Dump File Time    : 12/11/2013 6:21:19 PM
==================================================

==================================================
Dump File         : 121113-15568-01.dmp
Crash Time        : 12/11/2013 5:16:09 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`96a4b4f2
Parameter 2       : b3b7465e`e922f29c
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-15568-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 282,664
Dump File Time    : 12/11/2013 5:17:30 PM
==================================================

==================================================
Dump File         : 121113-16395-01.dmp
Crash Time        : 12/11/2013 4:31:37 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`9685b4f9
Parameter 2       : b3b7465e`e903f2a3
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-16395-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 282,664
Dump File Time    : 12/11/2013 4:32:59 PM
==================================================

==================================================
Dump File         : 121113-18142-01.dmp
Crash Time        : 12/11/2013 3:46:17 PM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`989e452f
Parameter 2       : b3b7465e`eb1c82d9
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-18142-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 288,160
Dump File Time    : 12/11/2013 3:47:44 PM
==================================================

==================================================
Dump File         : 121113-19281-01.dmp
Crash Time        : 12/11/2013 10:39:41 AM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`9945b573
Parameter 2       : b3b7465e`ebc3f32d
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-19281-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 291,952
Dump File Time    : 12/11/2013 10:40:51 AM
==================================================

==================================================
Dump File         : 121113-20358-01.dmp
Crash Time        : 12/11/2013 9:54:57 AM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`98eba927
Parameter 2       : b3b7465e`eb69e6d1
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-20358-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 283,864
Dump File Time    : 12/11/2013 9:56:03 AM
==================================================

==================================================
Dump File         : 121113-21855-01.dmp
Crash Time        : 12/11/2013 9:40:11 AM
Bug Check String  :
Bug Check Code    : 0x00000109
Parameter 1       : a3a039d8`99179610
Parameter 2       : b3b7465e`eb95d3ca
Parameter 3       : fffff800`00b96bb0
Parameter 4       : 00000000`00000006
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18247 (win7sp1_gdr.130828-1532)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\121113-21855-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 283,544
Dump File Time    : 12/11/2013 9:41:20 AM
==================================================



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:53 AM

Posted 19 December 2013 - 02:14 PM

Thank you for the information. Please locate and attach the following file to your reply. Zip it if you need to.

C:\Windows\Minidump\121213-154082-01.dmp
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 20 December 2013 - 02:18 AM

Here it is

Attached Files



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:53 AM

Posted 20 December 2013 - 10:54 AM

Greetings Tien,

I would like you to do the following please.

===================================================

Using VGA Driver in Normal Mode

--------------------
  • Click Start, type msconfig, then hit Enter
  • Click the Boot tab
  • Place a check mark in Base video, then click OK
  • Restart your computer
  • Check your computer's performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • How is your computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 20 December 2013 - 11:10 AM

When I restarted the screen resolution changed and everything was zoomed in closer, not sure if that was normal but I changed back the screen resolution after I logged in. I think everything is running good except when I open my web browsers, then it starts to freeze for a few seconds and it takes a while to load up. (I guess it may be the result of just restarting the pc maybe?)

Other than that its running good.

 


Edited by tienyboi, 20 December 2013 - 11:11 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users