Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to Boot Windows 8


  • This topic is locked This topic is locked
35 replies to this topic

#1 Dilf000

Dilf000

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 04 January 2014 - 02:01 PM

I went to start my Asus ASUS M51AC-US005S Desktop and I got the horrid Log file C:\WINDOWS\System32\Logfiles\Srt\SrtTrail.txt  error so after days of research and none of the immediate reboot or restart options working I came across FRST and this forum so here's the log text, please help! 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014

Ran by SYSTEM on MININT-PT6RD4E on 03-01-2014 11:45:06
Running from E:\
WIN_8 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Winlogon: [Userinit] 
HKLM-x32\...\Winlogon: [Userinit]  [x]
HKLM\...\Winlogon: [Shell]  [0 2013-12-21] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
 
==================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-03 11:44 - 2014-01-03 11:45 - 00000000 ____D C:\FRST
2013-12-22 17:23 - 2013-12-22 18:47 - 00000000 _____ C:\Recovery.txt
2013-12-22 17:07 - 2013-12-22 17:07 - 00000000 __SHD C:\found.000
2013-12-22 16:47 - 2013-12-22 16:47 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-22 08:15 - 2013-12-22 08:15 - 00000000 ____D C:\Windows\System32\MRT
2013-12-22 08:15 - 2013-12-01 14:42 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-21 22:10 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2013-12-21 19:21 - 2013-12-21 19:21 - 00000000 ____D C:\ProgramData\AVID
2013-12-21 19:14 - 2013-12-21 19:14 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\Trillium Lane
2013-12-21 19:13 - 2013-12-21 19:13 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\PACE Anti-Piracy
2013-12-21 19:13 - 2013-12-21 19:13 - 00000000 ____D C:\Users\Dillon\AppData\Local\PACE Anti-Piracy
2013-12-21 19:13 - 2013-12-21 19:13 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-12-21 17:34 - 2013-12-21 17:34 - 00002084 _____ C:\Users\Public\Desktop\iLok License Manager.lnk
2013-12-21 17:31 - 2013-12-21 17:31 - 00000000 ____D C:\Program Files (x86)\iLok License Manager
2013-12-21 17:30 - 2013-12-21 17:30 - 00000000 ____D C:\Users\Dillon\Downloads\LicenseSupportInstallerWin64
2013-12-21 17:29 - 2013-12-21 17:30 - 59446205 _____ C:\Users\Dillon\Downloads\LicenseSupportInstallerWin64.zip
2013-12-21 16:39 - 2013-12-21 16:39 - 00000000 ____D C:\ProgramData\Digidesign
2013-12-21 16:11 - 2013-12-21 16:11 - 00001980 _____ C:\Users\Public\Desktop\Pro Tools 10.lnk
2013-12-21 16:10 - 2013-12-21 16:10 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\Avid
2013-12-21 16:06 - 2013-12-21 19:21 - 00000000 ____D C:\Program Files\Avid
2013-12-21 16:06 - 2013-12-21 19:21 - 00000000 ____D C:\Program Files (x86)\Avid
2013-12-21 15:55 - 2013-12-21 15:55 - 00000000 ____D C:\ProgramData\PACE
2013-12-21 15:33 - 2013-12-21 15:33 - 00000000 ____D C:\Users\Dillon\Downloads\Pro_Tools_10_3_7_Win_80110
2013-12-21 14:56 - 2013-12-21 15:24 - 1901477401 _____ C:\Users\Dillon\Downloads\Pro_Tools_10_3_7_Win_80110 (1).zip
2013-12-21 14:51 - 2013-12-21 14:51 - 13079688 _____ (Microsoft Corporation) C:\Users\Dillon\Downloads\Silverlight_x64 (1).exe
2013-12-21 14:51 - 2013-12-21 14:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-21 14:51 - 2013-12-21 14:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-21 13:11 - 2013-12-21 17:02 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3731808598-750315347-3862431983-1001
2013-12-21 13:04 - 2013-12-22 16:15 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-21 13:04 - 2013-12-21 19:24 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-21 13:04 - 2013-12-21 13:10 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-21 13:04 - 2013-12-21 13:10 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-21 13:04 - 2013-12-21 13:04 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-21 13:04 - 2013-12-21 13:04 - 00000000 ____D C:\Users\Dillon\AppData\Local\Google
2013-12-21 13:04 - 2013-12-21 13:04 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-21 13:03 - 2013-12-21 13:04 - 00000000 ____D C:\Users\Dillon\AppData\Local\Deployment
2013-12-21 13:03 - 2013-12-21 13:03 - 00000000 ____D C:\Users\Dillon\AppData\Local\Apps\2.0
2013-12-21 10:45 - 2013-12-21 10:45 - 00000000 _____ C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_M51AC.alu
2013-12-21 10:44 - 2013-12-21 10:44 - 00000000 ____D C:\Program Files\ASUS
2013-12-21 10:43 - 2013-12-21 10:43 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\Macromedia
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\InstallShield
2013-12-21 10:40 - 2012-11-01 18:05 - 01258272 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\bcmwlhigh664.sys
2013-12-21 10:40 - 2012-10-30 15:22 - 00095584 _____ (Broadcom Corporation) C:\Windows\System32\bcmwlcoi.dll
2013-12-21 10:40 - 2012-10-30 14:59 - 03900928 _____ (Broadcom Corporation) C:\Windows\System32\bcmihvsrv64.dll
2013-12-21 10:40 - 2012-10-30 14:59 - 03566592 _____ (Broadcom Corporation) C:\Windows\System32\bcmihvui64.dll
2013-12-21 10:40 - 2010-06-10 04:11 - 01721576 _____ (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-12-21 10:40 - 2010-02-03 11:21 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2013-12-21 10:40 - 2010-02-03 11:21 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\Packet.dll
2013-12-21 10:40 - 2010-02-03 11:21 - 00053299 _____ C:\Windows\SysWOW64\pthreadVC.dll
2013-12-21 10:40 - 2010-02-03 11:21 - 00047632 _____ (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2013-12-21 10:39 - 2012-11-19 15:36 - 40669728 _____ (Macrovision Corporation) C:\Users\Dillon\Documents\Setup.exe
2013-12-21 10:35 - 2013-12-21 10:35 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-12-21 10:02 - 2013-12-21 10:02 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\Intel Corporation
2013-12-21 10:01 - 2013-12-21 10:01 - 00012348 _____ C:\Users\Dillon\Desktop\Removed Apps.html
2013-12-21 10:01 - 2013-12-21 10:01 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-21 10:01 - 2013-12-21 10:01 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\ASUS WebStorage
2013-12-21 10:00 - 2013-12-21 10:00 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\Adobe
2013-12-21 09:58 - 2013-12-21 09:58 - 00000020 ___SH C:\Users\Dillon\ntuser.ini
2013-12-21 09:58 - 2013-12-21 09:58 - 00000000 ____D C:\Users\Dillon\AppData\Local\VirtualStore
2013-12-21 09:57 - 2013-12-21 10:01 - 00000000 ____D C:\users\Dillon
2013-12-21 09:57 - 2013-12-21 09:57 - 00017148 _____ C:\Windows\diagwrn.xml
2013-12-21 09:57 - 2013-12-21 09:57 - 00017148 _____ C:\Windows\diagerr.xml
2013-12-21 09:57 - 2013-12-21 09:57 - 00002626 _____ C:\Users\Administrator\AppData\Local\Application.xml
2013-12-21 09:56 - 2013-12-21 13:17 - 00000000 ____D C:\Windows.old
2013-12-21 09:56 - 2013-12-21 09:56 - 00262144 _____ C:\Windows\System32\config\userdiff
2013-12-21 08:00 - 2013-12-21 08:00 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\Dillon\Downloads\setup.exe
2013-12-21 07:55 - 2013-12-21 07:55 - 15435078 _____ C:\Users\Dillon\Downloads\Install_Avid_Eleven_Rack_1.1.6 (1).zip
2013-12-20 15:44 - 2013-12-20 15:45 - 00000000 ____D C:\Users\Dillon\Documents\Native Instruments
2013-12-20 08:33 - 2013-12-20 08:33 - 00098699 _____ C:\Users\Dillon\Downloads\pentagram2-591100.jpeg
2013-12-20 06:36 - 2013-12-20 06:37 - 99562074 _____ C:\Users\Dillon\Downloads\Supercharger_110_PC.zip
2013-12-19 18:59 - 2013-12-19 18:59 - 00000000 ____D C:\Users\Dillon\Downloads\Avid_Virtual_Instruments_10_Installer_73466
2013-12-19 18:07 - 2013-12-19 18:52 - 2718669922 _____ C:\Users\Dillon\Downloads\Avid_Virtual_Instruments_10_Installer_73466.zip
2013-12-10 08:10 - 2013-12-10 08:12 - 41950909 _____ C:\Users\Dillon\Downloads\dtg_deprive.zip
2013-12-08 22:09 - 2013-12-08 22:14 - 100400976 _____ (Apple Inc.) C:\Users\Dillon\Downloads\iTunes64Setup.exe
2013-12-04 23:23 - 2013-12-04 23:23 - 00000000 _____ C:\END
2013-12-04 23:21 - 2013-12-04 23:21 - 02317608 _____ (Premium Installer     ) C:\Users\Dillon\Downloads\Hamachi_Setup (1).exe
2013-12-04 23:21 - 2013-12-04 23:21 - 02317608 _____ (Premium Installer     ) C:\Users\Dillon\Downloads\Free_Download_Manager_Setup.exe
2013-12-04 23:18 - 2013-12-04 23:18 - 02317608 _____ (Premium Installer     ) C:\Users\Dillon\Downloads\Hamachi_Setup.exe
2013-12-04 21:09 - 2013-12-04 21:09 - 00000000 ____D C:\Users\Dillon\Documents\Toontrack
2013-12-04 21:08 - 2013-12-21 07:33 - 00000000 ____D C:\Users\Dillon\Documents\test
2013-12-04 20:50 - 2013-12-04 20:50 - 00000000 ____D C:\Users\Dillon\Downloads\TT106_EZdrummer_WIN
2013-12-04 20:30 - 2013-12-04 20:30 - 00000000 ____D C:\Users\Dillon\Downloads\TT173_EZX_Metal_Machine_WIN
2013-12-04 20:28 - 2013-12-04 20:28 - 00000222 _____ C:\Users\Dillon\Desktop\Starbound.url
2013-12-04 20:28 - 2013-12-04 20:28 - 00000219 _____ C:\Users\Dillon\Desktop\Left 4 Dead 2.url
2013-12-04 19:49 - 2013-12-04 19:49 - 01133552 _____ C:\Users\Dillon\Downloads\SteamSetup.exe
2013-12-04 19:48 - 2013-12-04 19:52 - 15435078 _____ C:\Users\Dillon\Downloads\Install_Avid_Eleven_Rack_1.1.6.zip
2013-12-04 19:46 - 2013-12-04 20:11 - 700573951 _____ C:\Users\Dillon\Downloads\TT106_EZdrummer_WIN.zip
2013-12-04 19:46 - 2013-12-04 20:09 - 591272312 _____ C:\Users\Dillon\Downloads\TT173_EZX_Metal_Machine_WIN.zip
2013-12-04 19:30 - 2013-12-04 19:31 - 41404760 _____ (Apple Inc.) C:\Users\Dillon\Downloads\QuickTimeInstaller.exe
2013-12-04 19:28 - 2013-12-04 19:28 - 13079688 _____ (Microsoft Corporation) C:\Users\Dillon\Downloads\Silverlight_x64.exe
2013-12-04 19:25 - 2013-12-04 19:25 - 00022169 _____ C:\TMPatch.log
2013-12-04 19:22 - 2013-12-04 21:07 - 00002560 _____ C:\Users\Dillon\PaceKeyChain
2013-12-04 18:27 - 2013-12-04 18:27 - 00000000 ____D C:\aws
2013-12-04 18:27 - 2013-12-04 18:27 - 00000000 ____D C:\Asus WebStorage
2013-12-04 17:55 - 2013-12-04 18:48 - 1901477401 _____ C:\Users\Dillon\Downloads\Pro_Tools_10_3_7_Win_80110.zip
2013-12-04 17:28 - 2013-12-04 17:28 - 00000000 ____D C:\Users\Dillon\Documents\CyberLink
2013-12-04 17:22 - 2013-12-04 17:22 - 00000000 ____D C:\Users\Dillon\Documents\ASUS
2013-12-04 16:15 - 2013-12-21 14:38 - 00000000 ____D C:\Users\Dillon\AppData\Local\Packages
 
==================== One Month Modified Files and Folders =======
 
2014-01-03 11:45 - 2014-01-03 11:44 - 00000000 ____D C:\FRST
2013-12-22 18:47 - 2013-12-22 17:23 - 00000000 _____ C:\Recovery.txt
2013-12-22 17:07 - 2013-12-22 17:07 - 00000000 __SHD C:\found.000
2013-12-22 17:01 - 2013-04-26 03:14 - 00018250 _____ C:\Windows\PFRO.log
2013-12-22 17:00 - 2013-05-31 01:33 - 00000000 _____ C:\Windows\WindowsUpdate.log
2013-12-22 16:47 - 2013-12-22 16:47 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-22 16:15 - 2013-12-21 13:04 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 15:51 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru
2013-12-22 08:15 - 2013-12-22 08:15 - 00000000 ____D C:\Windows\System32\MRT
2013-12-22 07:45 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-21 23:10 - 2013-04-26 04:44 - 00000000 ____D C:\ProgramData\McAfee
2013-12-21 22:10 - 2013-04-26 04:44 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-12-21 22:10 - 2012-07-26 00:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-12-21 22:09 - 2013-04-26 04:44 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-21 19:30 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache
2013-12-21 19:29 - 2013-04-26 02:14 - 00796916 _____ C:\Windows\System32\perfh00A.dat
2013-12-21 19:29 - 2013-04-26 02:14 - 00162818 _____ C:\Windows\System32\perfc00A.dat
2013-12-21 19:29 - 2013-04-26 01:57 - 00794520 _____ C:\Windows\System32\perfh013.dat
2013-12-21 19:29 - 2013-04-26 01:57 - 00159050 _____ C:\Windows\System32\perfc013.dat
2013-12-21 19:29 - 2013-04-26 01:45 - 00798992 _____ C:\Windows\System32\perfh00C.dat
2013-12-21 19:29 - 2013-04-26 01:45 - 00155548 _____ C:\Windows\System32\perfc00C.dat
2013-12-21 19:29 - 2013-04-26 01:34 - 00750770 _____ C:\Windows\System32\perfh007.dat
2013-12-21 19:29 - 2013-04-26 01:34 - 00155824 _____ C:\Windows\System32\perfc007.dat
2013-12-21 19:29 - 2012-07-25 23:28 - 04593276 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-21 19:27 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\ELAM
2013-12-21 19:24 - 2013-12-21 13:04 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-21 19:23 - 2012-07-25 23:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 19:22 - 2012-09-05 22:26 - 00000000 ___HD C:\Users\Dillon\AppData\Local\BYptj4SsiMX
2013-12-21 19:22 - 2012-07-25 23:21 - 00020103 _____ C:\Windows\setupact.log
2013-12-21 19:22 - 2012-06-07 15:08 - 00000000 ___HD C:\Users\Dillon\AppData\Local\Zj6TZRumUGPZUD
2013-12-21 19:21 - 2013-12-21 19:21 - 00000000 ____D C:\ProgramData\AVID
2013-12-21 19:21 - 2013-12-21 16:06 - 00000000 ____D C:\Program Files\Avid
2013-12-21 19:21 - 2013-12-21 16:06 - 00000000 ____D C:\Program Files (x86)\Avid
2013-12-21 19:14 - 2013-12-21 19:14 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\Trillium Lane
2013-12-21 19:14 - 2013-10-01 05:13 - 00000000 ___HD C:\Users\Dillon\AppData\Local\364qkt4QrY
2013-12-21 19:14 - 2012-11-08 19:26 - 00000000 ___HD C:\Users\Dillon\AppData\Local\WC6oznpS
2013-12-21 19:13 - 2013-12-21 19:13 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\PACE Anti-Piracy
2013-12-21 19:13 - 2013-12-21 19:13 - 00000000 ____D C:\Users\Dillon\AppData\Local\PACE Anti-Piracy
2013-12-21 19:13 - 2013-12-21 19:13 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-12-21 19:03 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-12-21 19:03 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-21 19:03 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-21 19:03 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-12-21 19:03 - 2012-07-25 23:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-21 19:02 - 2013-04-26 01:28 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-12-21 19:02 - 2012-07-26 00:12 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2013-12-21 19:02 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\WinStore
2013-12-21 19:02 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-12-21 19:02 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-12-21 19:02 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\SysWOW64\Com
2013-12-21 19:02 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\migwiz
2013-12-21 19:02 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-21 19:02 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-12-21 19:02 - 2012-07-25 23:49 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-12-21 19:02 - 2012-07-25 23:49 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-12-21 19:02 - 2012-07-25 23:49 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-12-21 19:02 - 2012-07-25 23:49 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-12-21 19:02 - 2012-07-25 23:49 - 00000000 ____D C:\Windows\System32\winrm
2013-12-21 19:02 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-12-21 19:02 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-12-21 19:02 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\System32\oobe
2013-12-21 19:01 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\MUI
2013-12-21 19:01 - 2012-07-25 23:49 - 00000000 ____D C:\Windows\System32\WCN
2013-12-21 19:01 - 2012-07-25 23:49 - 00000000 ____D C:\Windows\System32\slmgr
2013-12-21 19:01 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\System32\Sysprep
2013-12-21 19:01 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\System32\Dism
2013-12-21 19:00 - 2013-04-26 01:24 - 00000000 ____D C:\Windows\en-GB
2013-12-21 19:00 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-12-21 19:00 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\SystemResetPlatform
2013-12-21 19:00 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\en-GB
2013-12-21 19:00 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\Com
2013-12-21 19:00 - 2012-07-25 23:49 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2013-12-21 18:57 - 2012-07-25 23:49 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2013-12-21 17:34 - 2013-12-21 17:34 - 00002084 _____ C:\Users\Public\Desktop\iLok License Manager.lnk
2013-12-21 17:34 - 2013-04-26 04:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-21 17:31 - 2013-12-21 17:31 - 00000000 ____D C:\Program Files (x86)\iLok License Manager
2013-12-21 17:30 - 2013-12-21 17:30 - 00000000 ____D C:\Users\Dillon\Downloads\LicenseSupportInstallerWin64
2013-12-21 17:30 - 2013-12-21 17:29 - 59446205 _____ C:\Users\Dillon\Downloads\LicenseSupportInstallerWin64.zip
2013-12-21 17:02 - 2013-12-21 13:11 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3731808598-750315347-3862431983-1001
2013-12-21 16:39 - 2013-12-21 16:39 - 00000000 ____D C:\ProgramData\Digidesign
2013-12-21 16:37 - 2013-04-26 03:15 - 00366552 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-21 16:11 - 2013-12-21 16:11 - 00001980 _____ C:\Users\Public\Desktop\Pro Tools 10.lnk
2013-12-21 16:10 - 2013-12-21 16:10 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\Avid
2013-12-21 15:55 - 2013-12-21 15:55 - 00000000 ____D C:\ProgramData\PACE
2013-12-21 15:53 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\IME
2013-12-21 15:53 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\Globalization
2013-12-21 15:53 - 2012-07-25 21:37 - 00000000 ____D C:\Windows\servicing
2013-12-21 15:33 - 2013-12-21 15:33 - 00000000 ____D C:\Users\Dillon\Downloads\Pro_Tools_10_3_7_Win_80110
2013-12-21 15:24 - 2013-12-21 14:56 - 1901477401 _____ C:\Users\Dillon\Downloads\Pro_Tools_10_3_7_Win_80110 (1).zip
2013-12-21 14:51 - 2013-12-21 14:51 - 13079688 _____ (Microsoft Corporation) C:\Users\Dillon\Downloads\Silverlight_x64 (1).exe
2013-12-21 14:51 - 2013-12-21 14:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-21 14:51 - 2013-12-21 14:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-21 14:39 - 2013-04-26 04:39 - 00000000 ____D C:\AsusVibeData
2013-12-21 14:39 - 2013-04-26 04:37 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-12-21 14:38 - 2013-12-04 16:15 - 00000000 ____D C:\Users\Dillon\AppData\Local\Packages
2013-12-21 13:17 - 2013-12-21 09:56 - 00000000 ____D C:\Windows.old
2013-12-21 13:10 - 2013-12-21 13:04 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-21 13:10 - 2013-12-21 13:04 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-21 13:04 - 2013-12-21 13:04 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-21 13:04 - 2013-12-21 13:04 - 00000000 ____D C:\Users\Dillon\AppData\Local\Google
2013-12-21 13:04 - 2013-12-21 13:04 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-21 13:04 - 2013-12-21 13:03 - 00000000 ____D C:\Users\Dillon\AppData\Local\Deployment
2013-12-21 13:03 - 2013-12-21 13:03 - 00000000 ____D C:\Users\Dillon\AppData\Local\Apps\2.0
2013-12-21 10:45 - 2013-12-21 10:45 - 00000000 _____ C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_M51AC.alu
2013-12-21 10:44 - 2013-12-21 10:44 - 00000000 ____D C:\Program Files\ASUS
2013-12-21 10:43 - 2013-12-21 10:43 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\Macromedia
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\InstallShield
2013-12-21 10:35 - 2013-12-21 10:35 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-12-21 10:02 - 2013-12-21 10:02 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\Intel Corporation
2013-12-21 10:01 - 2013-12-21 10:01 - 00012348 _____ C:\Users\Dillon\Desktop\Removed Apps.html
2013-12-21 10:01 - 2013-12-21 10:01 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-21 10:01 - 2013-12-21 10:01 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\ASUS WebStorage
2013-12-21 10:01 - 2013-12-21 09:57 - 00000000 ____D C:\users\Dillon
2013-12-21 10:00 - 2013-12-21 10:00 - 00000000 ____D C:\Users\Dillon\AppData\Roaming\Adobe
2013-12-21 10:00 - 2013-04-26 04:13 - 00000000 ____D C:\Windows\Panther
2013-12-21 10:00 - 2013-04-26 01:19 - 00000000 ____D C:\Windows\SysWOW64\OEM
2013-12-21 09:58 - 2013-12-21 09:58 - 00000020 ___SH C:\Users\Dillon\ntuser.ini
2013-12-21 09:58 - 2013-12-21 09:58 - 00000000 ____D C:\Users\Dillon\AppData\Local\VirtualStore
2013-12-21 09:57 - 2013-12-21 09:57 - 00017148 _____ C:\Windows\diagwrn.xml
2013-12-21 09:57 - 2013-12-21 09:57 - 00017148 _____ C:\Windows\diagerr.xml
2013-12-21 09:57 - 2013-12-21 09:57 - 00002626 _____ C:\Users\Administrator\AppData\Local\Application.xml
2013-12-21 09:57 - 2012-07-26 00:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-21 09:57 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\Recovery
2013-12-21 09:57 - 2012-07-25 21:37 - 00000000 __RHD C:\users\Default
2013-12-21 09:56 - 2013-12-21 09:56 - 00262144 _____ C:\Windows\System32\config\userdiff
2013-12-21 09:56 - 2012-07-26 00:13 - 00262144 _____ C:\Windows\System32\config\BCD-Template
2013-12-21 08:00 - 2013-12-21 08:00 - 02816072 _____ (LionSea SoftWare                                            ) C:\Users\Dillon\Downloads\setup.exe
2013-12-21 07:55 - 2013-12-21 07:55 - 15435078 _____ C:\Users\Dillon\Downloads\Install_Avid_Eleven_Rack_1.1.6 (1).zip
2013-12-21 07:33 - 2013-12-04 21:08 - 00000000 ____D C:\Users\Dillon\Documents\test
2013-12-20 15:45 - 2013-12-20 15:44 - 00000000 ____D C:\Users\Dillon\Documents\Native Instruments
2013-12-20 08:33 - 2013-12-20 08:33 - 00098699 _____ C:\Users\Dillon\Downloads\pentagram2-591100.jpeg
2013-12-20 06:37 - 2013-12-20 06:36 - 99562074 _____ C:\Users\Dillon\Downloads\Supercharger_110_PC.zip
2013-12-19 18:59 - 2013-12-19 18:59 - 00000000 ____D C:\Users\Dillon\Downloads\Avid_Virtual_Instruments_10_Installer_73466
2013-12-19 18:52 - 2013-12-19 18:07 - 2718669922 _____ C:\Users\Dillon\Downloads\Avid_Virtual_Instruments_10_Installer_73466.zip
2013-12-10 08:12 - 2013-12-10 08:10 - 41950909 _____ C:\Users\Dillon\Downloads\dtg_deprive.zip
2013-12-08 22:14 - 2013-12-08 22:09 - 100400976 _____ (Apple Inc.) C:\Users\Dillon\Downloads\iTunes64Setup.exe
2013-12-04 23:23 - 2013-12-04 23:23 - 00000000 _____ C:\END
2013-12-04 23:21 - 2013-12-04 23:21 - 02317608 _____ (Premium Installer     ) C:\Users\Dillon\Downloads\Hamachi_Setup (1).exe
2013-12-04 23:21 - 2013-12-04 23:21 - 02317608 _____ (Premium Installer     ) C:\Users\Dillon\Downloads\Free_Download_Manager_Setup.exe
2013-12-04 23:18 - 2013-12-04 23:18 - 02317608 _____ (Premium Installer     ) C:\Users\Dillon\Downloads\Hamachi_Setup.exe
2013-12-04 21:09 - 2013-12-04 21:09 - 00000000 ____D C:\Users\Dillon\Documents\Toontrack
2013-12-04 21:07 - 2013-12-04 19:22 - 00002560 _____ C:\Users\Dillon\PaceKeyChain
2013-12-04 20:50 - 2013-12-04 20:50 - 00000000 ____D C:\Users\Dillon\Downloads\TT106_EZdrummer_WIN
2013-12-04 20:30 - 2013-12-04 20:30 - 00000000 ____D C:\Users\Dillon\Downloads\TT173_EZX_Metal_Machine_WIN
2013-12-04 20:28 - 2013-12-04 20:28 - 00000222 _____ C:\Users\Dillon\Desktop\Starbound.url
2013-12-04 20:28 - 2013-12-04 20:28 - 00000219 _____ C:\Users\Dillon\Desktop\Left 4 Dead 2.url
2013-12-04 20:11 - 2013-12-04 19:46 - 700573951 _____ C:\Users\Dillon\Downloads\TT106_EZdrummer_WIN.zip
2013-12-04 20:09 - 2013-12-04 19:46 - 591272312 _____ C:\Users\Dillon\Downloads\TT173_EZX_Metal_Machine_WIN.zip
2013-12-04 19:52 - 2013-12-04 19:48 - 15435078 _____ C:\Users\Dillon\Downloads\Install_Avid_Eleven_Rack_1.1.6.zip
2013-12-04 19:49 - 2013-12-04 19:49 - 01133552 _____ C:\Users\Dillon\Downloads\SteamSetup.exe
2013-12-04 19:31 - 2013-12-04 19:30 - 41404760 _____ (Apple Inc.) C:\Users\Dillon\Downloads\QuickTimeInstaller.exe
2013-12-04 19:28 - 2013-12-04 19:28 - 13079688 _____ (Microsoft Corporation) C:\Users\Dillon\Downloads\Silverlight_x64.exe
2013-12-04 19:25 - 2013-12-04 19:25 - 00022169 _____ C:\TMPatch.log
2013-12-04 19:14 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\BBI
2013-12-04 18:48 - 2013-12-04 17:55 - 1901477401 _____ C:\Users\Dillon\Downloads\Pro_Tools_10_3_7_Win_80110.zip
2013-12-04 18:27 - 2013-12-04 18:27 - 00000000 ____D C:\aws
2013-12-04 18:27 - 2013-12-04 18:27 - 00000000 ____D C:\Asus WebStorage
2013-12-04 17:28 - 2013-12-04 17:28 - 00000000 ____D C:\Users\Dillon\Documents\CyberLink
2013-12-04 17:22 - 2013-12-04 17:22 - 00000000 ____D C:\Users\Dillon\Documents\ASUS
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
 
==================== Restore Points  =========================
 
Restore point made on: 2013-12-21 10:40:31
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16034.26 MB
Available physical RAM: 14897.57 MB
Total Pagefile: 16034.26 MB
Available Pagefile: 14940.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:150 GB) (Free:57.69 GB) NTFS
Drive d: (Data) (Fixed) (Total:2624.07 GB) (Free:2623.81 GB) NTFS
Drive e: () (Fixed) (Total:29.8 GB) (Free:27.1 GB) FAT32
Drive j: (NBX0NNW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 AM

Posted 09 January 2014 - 02:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519629 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 18 January 2014 - 02:55 PM

Greetings Dilf000 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please post a fresh Farbar Recovery Scan Tool report.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 21 January 2014 - 08:52 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Dilf000

Dilf000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 21 January 2014 - 10:26 PM

My apologize all my computers are acting up my name is Dillon, so whats up with my computer? 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 21 January 2014 - 11:14 PM

Hi Dillon,

Thank you for your patience thus far. Please post a fresh Farbar Recovery Scan Tool report.

I am not sure what is happening with your computer. I need to review a fresh Farbar Recovery Scan Tool log.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Dilf000

Dilf000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 22 January 2014 - 01:53 AM

Here's the new log
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by SYSTEM on MININT-1I9N2UC on 21-01-2014 22:40:45
Running from E:\
WIN_8 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Winlogon: [Userinit] 
HKLM-x32\...\Winlogon: [Userinit]  [x]
HKLM\...\Winlogon: [Shell]  [0 2013-12-21] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
 
==================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-03 11:44 - 2014-01-03 11:45 - 00000000 ____D C:\FRST
2013-12-22 17:23 - 2013-12-22 18:47 - 00000000 _____ C:\Recovery.txt
2013-12-22 17:07 - 2013-12-22 17:07 - 00000000 __SHD C:\found.000
2013-12-22 16:47 - 2013-12-22 16:47 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-22 08:15 - 2013-12-22 08:15 - 00000000 ____D C:\Windows\System32\MRT
2013-12-22 08:15 - 2013-12-01 14:42 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
 
==================== One Month Modified Files and Folders =======
 
2014-01-03 11:45 - 2014-01-03 11:44 - 00000000 ____D C:\FRST
2013-12-22 18:47 - 2013-12-22 17:23 - 00000000 _____ C:\Recovery.txt
2013-12-22 17:07 - 2013-12-22 17:07 - 00000000 __SHD C:\found.000
2013-12-22 17:01 - 2013-04-26 03:14 - 00018250 _____ C:\Windows\PFRO.log
2013-12-22 17:00 - 2013-05-31 01:33 - 00000000 _____ C:\Windows\WindowsUpdate.log
2013-12-22 16:47 - 2013-12-22 16:47 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-22 16:15 - 2013-12-21 13:04 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 15:51 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru
2013-12-22 08:15 - 2013-12-22 08:15 - 00000000 ____D C:\Windows\System32\MRT
2013-12-22 07:45 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 7%
Total physical RAM: 16034.26 MB
Available physical RAM: 14902.68 MB
Total Pagefile: 16034.26 MB
Available Pagefile: 14949.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:150 GB) (Free:57.69 GB) NTFS
Drive d: (Data) (Fixed) (Total:2624.07 GB) (Free:2623.81 GB) NTFS
Drive e: () (Fixed) (Total:29.8 GB) (Free:27.1 GB) FAT32
Drive j: (NBX0NNW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 2795 GB) (Disk ID: DA942E9B)
 
Partition: GPT Partition Type
========================================================
Disk: 5 (Size: 30 GB) (Disk ID: 24C301D5)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)
 
 
LastRegBack: 2013-04-26 03:14
 
==================== End Of Log ============================

Edited by Dilf000, 22 January 2014 - 01:54 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 22 January 2014 - 10:04 AM

Greetings Dillon.

Thanks for the updated log. Please consider and do this for me.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM\...\Winlogon: [Shell]  [0 2013-12-21] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 Dilf000

Dilf000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 22 January 2014 - 10:28 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
Ran by SYSTEM at 2014-01-22 07:26:09 Run:1
Running from E:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM\...\Winlogon: [Shell]  [0 2013-12-21] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
*****************
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\.exe\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\DefaultIcon\\Default => Value was restored successfully.
HKLM\Software\Classes\exefile\shell\open\command\\Default => Value was restored successfully.
 
==== End of Fixlog ====
 
Still goes to the automatic repair blue screen...


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 22 January 2014 - 10:32 AM

Thanks please run this.

===================================================

ListParts in Recovery Environment

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Please download ListParts64.exe (for 64 bit systems) or ListParts.exe (for 32 bit systems) and save it to your desktop
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then run ListParts
----------

Entering into the System Recovery Options

Option #1
To enter System Recovery Options in Windows 8:--
Option #2
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
--
Option #3
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running ListParts in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts64 (for x32 bit version type e:\Listparts) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens place a checkmark in List BCD then press Scan button.
  • Click OK on the Scan completed screen
  • A Result.txt document will be created on the USB device
  • Please copy and paste the contents of Result.txt in your reply.
  • ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
    • ListParts log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 Dilf000

Dilf000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 22 January 2014 - 07:18 PM

Here's that log, sorry for the delay I had work. Thanks for doing this by the way!

 

ListParts by Farbar Version: 20-10-2013
Ran by SYSTEM (administrator) on 22-01-2014 at 16:11:25
Windows 8 (X64)
Running From: E:\
Language: 0409
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 6%
Total physical RAM: 16034.26 MB
Available physical RAM: 14961.9 MB
Total Pagefile: 16034.26 MB
Available Pagefile: 14962.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
======================= Partitions =========================
 
1 Drive c: (Windows) (Fixed) (Total:150 GB) (Free:57.69 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:2624.07 GB) (Free:2623.81 GB) NTFS
3 Drive e: () (Fixed) (Total:29.8 GB) (Free:27.1 GB) FAT32
8 Drive j: (NBX0NNW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online         2794 GB      0 B        *
  Disk 1    No Media           0 B      0 B         
  Disk 2    No Media           0 B      0 B         
  Disk 3    No Media           0 B      0 B         
  Disk 4    No Media           0 B      0 B         
  Disk 5    Online           29 GB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: {378E980C-0BBB-4FCC-98A4-2902AE2517FC}
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery           800 MB  1024 KB
  Partition 2    System (partition with boot components)             260 MB   801 MB
  Partition 3    Reserved           128 MB  1061 MB
  Partition 4    Primary            150 GB  1189 MB
  Partition 5    Primary           2624 GB   151 GB
  Partition 6    Recovery            19 GB  2775 GB
 
======================================================================================================
 
Disk: 0
Partition 1
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         Windows RE   NTFS   Partition    800 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 2
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         SYSTEM       FAT32  Partition    260 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 3
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 0
Partition 4
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   Windows      NTFS   Partition    150 GB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 5
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   Data         NTFS   Partition   2624 GB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 6
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5         Recovery im  NTFS   Partition     19 GB  Healthy    Hidden  
 
======================================================================================================
 
Partitions of Disk 5:
===============
 
Disk ID: 24C301D5
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             29 GB    16 KB
 
======================================================================================================
 
Disk: 5
Partition 1
Type  : 0C
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 10    E                FAT32  Partition     29 GB  Healthy            
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: DA942E9B
 
Partition : GPT Partition Type
==============================
Partitions of Disk 5:
===============
Disk ID: 24C301D5
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)
 
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {a3201c61-83c2-11e3-a392-806e6f6e6963}
                        {19107b81-c9de-11e2-ab2e-806e6f6e6963}
                        {19107b80-c9de-11e2-ab2e-806e6f6e6963}
timeout                 1
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {de4b5e99-c9e8-11e2-be72-60a44ce9cfa8}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {19107b80-c9de-11e2-ab2e-806e6f6e6963}
description             CD/DVD Drive 
 
Firmware Application (101fffff)
-------------------------------
identifier              {19107b81-c9de-11e2-ab2e-806e6f6e6963}
description             Hard Drive 
 
Firmware Application (101fffff)
-------------------------------
identifier              {a3201c61-83c2-11e3-a392-806e6f6e6963}
device                  partition=E:
description             UEFI: SanDisk Cruzer
 
Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{de4b5e98-c9e8-11e2-be72-60a44ce9cfa8}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{de4b5e98-c9e8-11e2-be72-60a44ce9cfa8}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 8
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {de4b5e99-c9e8-11e2-be72-60a44ce9cfa8}
nx                      OptIn
bootmenupolicy          Standard
detecthal               Yes
 
Resume from Hibernate
---------------------
identifier              {d75abe8a-c9d8-11e2-8ba8-bc524d6ede6b}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {de4b5e99-c9e8-11e2-be72-60a44ce9cfa8}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {de4b5e98-c9e8-11e2-be72-60a44ce9cfa8}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
****** End Of Log ****** 


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 22 January 2014 - 09:43 PM

No problem Dillon. I will need some time to sort through this since Windows 8 is different than the rest of the operating systems.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 Dilf000

Dilf000
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 22 January 2014 - 10:08 PM

No problem I just glad this is actually getting solved!



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 22 January 2014 - 10:12 PM

I am narrowing it down but want to test some things on my Windows 8 test computer. There are some new options in Windows 8 and hopefully they will help us out. It isn't solved yet but I am hopeful we can work through it.

I probably won't be posting until tomorrow since I will need time to test. Thanks for your patience and understanding, I appreciate it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 22 January 2014 - 10:34 PM

When you get the blue screen do you have Advanced Options?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users